Analysis Overview
SHA256
668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155
Threat Level: Known bad
The file 639af202eb3c903183b8ae3d8ba4951e.elf was found to be: Known bad.
Malicious Activity Summary
Kaiji family
Kaiji
Modifies Watchdog functionality
Executes dropped EXE
Creates/modifies Cron job
Creates/modifies environment variables
Enumerates running processes
Modifies init.d
Write file to user bin folder
Modifies Bash startup script
Command and Scripting Interpreter: Unix Shell
Reads runtime system information
Enumerates kernel/hardware configuration
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-02 02:52
Signatures
Kaiji
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiji family
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-02 02:52
Reported
2024-11-02 02:54
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Kaiji
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiji family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /etc/32676 | /etc/32676 | N/A |
| N/A | /etc/opt.services.cfg | /etc/opt.services.cfg | N/A |
| N/A | /etc/opt.services.cfg | /etc/opt.services.cfg | N/A |
| N/A | /etc/opt.services.cfg | /etc/opt.services.cfg | N/A |
| N/A | /etc/opt.services.cfg | /etc/opt.services.cfg | N/A |
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
Creates/modifies Cron job
| Description | Indicator | Process | Target |
| File opened for modification | /etc/crontab | /bin/sh | N/A |
Creates/modifies environment variables
| Description | Indicator | Process | Target |
| File opened for modification | /etc/profile.d/bash_cfg | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/profile.d/bash_cfg.sh | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/profile.d/gateway.sh | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
Enumerates running processes
Modifies init.d
| Description | Indicator | Process | Target |
| File opened for modification | /etc/init.d/ssh | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/sudo | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/udev | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/exim4 | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/keyboard-setup.sh | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/selinux-autorelabel | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/alsa-utils | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/console-setup.sh | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/networking | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/hwclock.sh | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/kmod | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/procps | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/rsyslog | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/x11-common | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/auditd | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/cron | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/init.d/dbus | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
Write file to user bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /usr/bin/include/find | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /usr/bin/find | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
Modifies Bash startup script
| Description | Indicator | Process | Target |
| File opened for modification | /etc/profile.d/bash_cfg | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/profile.d/bash_cfg.sh | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for modification | /etc/profile.d/gateway.sh | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
Command and Scripting Interpreter: Unix Shell
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/sh | N/A |
| N/A | N/A | /bin/sh | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /etc/opt.services.cfg | N/A |
| File opened for reading | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| File opened for reading | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| File opened for reading | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /etc/opt.services.cfg | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /etc/opt.services.cfg | N/A |
| File opened for reading | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /etc/opt.services.cfg | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| File opened for reading | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| File opened for reading | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cmdline | /bin/systemctl | N/A |
| File opened for reading | /proc/1/environ | /bin/systemctl | N/A |
| File opened for reading | /proc/29/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/665/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/670/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/1/environ | /bin/systemctl | N/A |
| File opened for reading | /proc/filesystems | /bin/systemctl | N/A |
| File opened for reading | /proc/cmdline | /bin/systemctl | N/A |
| File opened for reading | /proc/5/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/18/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/23/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/cmdline | /bin/systemctl | N/A |
| File opened for reading | /proc/1/environ | /bin/systemctl | N/A |
| File opened for reading | /proc/1/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/106/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/149/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/287/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/27/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/systemctl | N/A |
| File opened for reading | /proc/6/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/19/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/21/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/24/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/394/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/650/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/659/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/666/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/26/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/97/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/137/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/286/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/self/stat | /bin/systemctl | N/A |
| File opened for reading | /proc/cmdline | /bin/systemctl | N/A |
| File opened for reading | /proc/3/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/1/environ | /bin/systemctl | N/A |
| File opened for reading | /proc/1/environ | /bin/systemctl | N/A |
| File opened for reading | /proc/651/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/filesystems | /bin/systemctl | N/A |
| File opened for reading | /proc/cmdline | /bin/systemctl | N/A |
| File opened for reading | /proc/filesystems | /bin/systemctl | N/A |
| File opened for reading | /proc/41/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/42/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/138/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/155/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/398/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/filesystems | /bin/systemctl | N/A |
| File opened for reading | /proc/12/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/17/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/20/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/43/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/284/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/cmdline | /bin/systemctl | N/A |
| File opened for reading | /proc/4/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/7/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/76/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/108/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/658/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/1/environ | /bin/systemctl | N/A |
| File opened for reading | /proc/8/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/13/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/274/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
| File opened for reading | /proc/306/stat | /tmp/639af202eb3c903183b8ae3d8ba4951e.elf | N/A |
Processes
/tmp/639af202eb3c903183b8ae3d8ba4951e.elf
[/tmp/639af202eb3c903183b8ae3d8ba4951e.elf]
/tmp/639af202eb3c903183b8ae3d8ba4951e.elf
[/tmp/639af202eb3c903183b8ae3d8ba4951e.elf ]
/bin/sh
[/bin/sh -c /etc/32676&]
/etc/32676
[/etc/32676]
/usr/sbin/service
[service crond start]
/bin/sleep
[sleep 60]
/usr/bin/basename
[basename /usr/sbin/service]
/usr/bin/basename
[basename /usr/sbin/service]
/bin/systemctl
[systemctl --quiet is-active multi-user.target]
/bin/sed
[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]
/bin/systemctl
[systemctl list-unit-files --full --type=socket]
/usr/local/sbin/systemctl
[systemctl --job-mode=ignore-dependencies start crond.service]
/usr/local/bin/systemctl
[systemctl --job-mode=ignore-dependencies start crond.service]
/usr/sbin/systemctl
[systemctl --job-mode=ignore-dependencies start crond.service]
/usr/bin/systemctl
[systemctl --job-mode=ignore-dependencies start crond.service]
/sbin/systemctl
[systemctl --job-mode=ignore-dependencies start crond.service]
/bin/systemctl
[systemctl --job-mode=ignore-dependencies start crond.service]
/bin/sh
[/bin/sh -c echo "*/1 * * * * root /.mod " >> /etc/crontab]
/usr/bin/renice
[renice -20 666]
/bin/mount
[mount -o bind /tmp/ /proc/666]
/usr/sbin/service
[service cron start]
/usr/bin/basename
[basename /usr/sbin/service]
/usr/bin/basename
[basename /usr/sbin/service]
/bin/systemctl
[systemctl --quiet is-active multi-user.target]
/bin/systemctl
[systemctl list-unit-files --full --type=socket]
/bin/sed
[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]
/usr/local/sbin/systemctl
[systemctl --job-mode=ignore-dependencies start cron.service]
/usr/local/bin/systemctl
[systemctl --job-mode=ignore-dependencies start cron.service]
/usr/sbin/systemctl
[systemctl --job-mode=ignore-dependencies start cron.service]
/usr/bin/systemctl
[systemctl --job-mode=ignore-dependencies start cron.service]
/sbin/systemctl
[systemctl --job-mode=ignore-dependencies start cron.service]
/bin/systemctl
[systemctl --job-mode=ignore-dependencies start cron.service]
/bin/systemctl
[systemctl start crond.service]
/etc/opt.services.cfg
[/etc/opt.services.cfg]
/etc/opt.services.cfg
[/etc/opt.services.cfg ]
/bin/sleep
[sleep 60]
/etc/opt.services.cfg
[/etc/opt.services.cfg]
/etc/opt.services.cfg
[/etc/opt.services.cfg ]
/bin/sleep
[sleep 60]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
| US | 1.1.1.1:53 | ss.us-tv.top | udp |
Files
/etc/.walk
| MD5 | bd5200042c2d93c06332794e70842aa3 |
| SHA1 | c1ed0f33ebe8c81f83893d3a7c11307807243114 |
| SHA256 | 36365132b46f5a24a78d726ea48c64fb4ee15712e90a3d9ead78fd4ec9da34db |
| SHA512 | 6f85dc569cc94562bb693754467ecf50959720ad5210ce436b08c8169105a983adc23ef5daf851acb3618e078ab014c89c373cf88779621df86c3d6c8a56185b |
/etc/.walk
| MD5 | 165cd16149a4db6c9bac369094f58268 |
| SHA1 | ba97b130648042a2f0d1337474e9e7c94f512033 |
| SHA256 | ef735507a28452384d2dfcbb26e9e735ea1f2fa7898273e529714c1877bcdcc5 |
| SHA512 | 618624ca3e53fa500ad0e93a23d3299c43731b3f0a5ec983182f5797ab64b5302104284f2c033af98a9573cc971c147e5072c58aca16beb3fdd85d5bafeb1560 |
/etc/opt.services.cfg
| MD5 | 639af202eb3c903183b8ae3d8ba4951e |
| SHA1 | 78ad606c247165cb75c4e349d9be702517203224 |
| SHA256 | 668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155 |
| SHA512 | 1eb84b880900795da9bb834e88422c8a81bd83f7fb0dcdf090f8b178b21e486e0010126bd249c84cf2b2f6dcad3fc0597acad073b299512fba8f9f02ef0c4767 |
/etc/32676
| MD5 | 47684525bfdf26f49fd1cf742b17c015 |
| SHA1 | c4ab14ba22420ff9acadfc698a38d0cd99e9fbfa |
| SHA256 | b7ce294613dd2c237a4a50548bfcd5c14d166107f2d2e965499bc78695300d5b |
| SHA512 | 948f9c519ae9afe1c821c5d58da2e584e50356dabef597ccd408853a9038560b9fb1c5894900e2725b48977ffd49d18a439436bb4946e2164ac9fcf2a8637621 |
/.mod
| MD5 | f5a3713282e43c200f30342f5ff5e2ea |
| SHA1 | 2b2ce1a207e2b691a074c6f78f71c4785aae426a |
| SHA256 | 6ab64e727571458d4884fb2fe82c27c467db0699cb8f648b3f0217c35d2b7511 |
| SHA512 | 5bcb8cd360409147a486755f90e0cdd97183af02ce8de5135b7c6a8a010deb9ef12dcd5ee9a2a8fd2e159347f68e72d6b7fd75e943b4fcd928d7a74b97476013 |
/usr/bin/include/find
| MD5 | 138a27d6fe52fa1132760a4fa48922e0 |
| SHA1 | e0250e4d7bf33a5a1064344224148b889cb15138 |
| SHA256 | 81a10dad907b23521461bd3fc83c2cedb2218933a328d9a05e3c9f6a9a1d42aa |
| SHA512 | ee0078afad63fc2aaffdebb7127d1c7d4459287fee75358f57c82d397c39b7bf64338fb6996dfb1747cd9a896d714b3c76f0948727be91550f1affa1c0298a9e |
/etc/profile.d/gateway.sh
| MD5 | dc6a9b4472df32de481b4167da1e6b2a |
| SHA1 | d637ce0d6f1da12df1b1db75048483ad0880e2f6 |
| SHA256 | 6edd780fb06a8238388aa1f757772ffe629eaf377d7a611a8aed1f994bf8dcc2 |
| SHA512 | 46b3d2dc982bcadb78c811fa7dee33e17347319b512a2d7afa3463b122bef4fbde4754f406d369b536f06c5ee402e577ccdb2fe2af5ba128135bec136afd0760 |