Malware Analysis Report

2024-11-13 16:11

Sample ID 241103-der8fashke
Target 668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf
SHA256 668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155
Tags
kaiji defense_evasion discovery execution persistence privilege_escalatio privilege_escalation
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155

Threat Level: Known bad

The file 668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf was found to be: Known bad.

Malicious Activity Summary

kaiji defense_evasion discovery execution persistence privilege_escalatio privilege_escalation

Kaiji family

Kaiji

Modifies Watchdog functionality

Executes dropped EXE

Enumerates running processes

Creates/modifies Cron job

Creates/modifies environment variables

Modifies init.d

Write file to user bin folder

Modifies Bash startup script

Reads runtime system information

Enumerates kernel/hardware configuration

Command and Scripting Interpreter: Unix Shell

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 02:55

Signatures

Kaiji

Description Indicator Process Target
N/A N/A N/A N/A

Kaiji family

kaiji

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 02:55

Reported

2024-11-03 02:58

Platform

debian9-armhf-20240729-en

Max time kernel

149s

Max time network

151s

Command Line

[/tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf]

Signatures

Kaiji

Description Indicator Process Target
N/A N/A N/A N/A

Kaiji family

kaiji

Executes dropped EXE

Description Indicator Process Target
N/A /etc/32676 /etc/32676 N/A
N/A /etc/opt.services.cfg /etc/opt.services.cfg N/A
N/A /etc/opt.services.cfg /etc/opt.services.cfg N/A
N/A /etc/opt.services.cfg /etc/opt.services.cfg N/A
N/A /etc/opt.services.cfg /etc/opt.services.cfg N/A

Modifies Watchdog functionality

defense_evasion
Description Indicator Process Target
File opened for modification /dev/watchdog /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /dev/misc/watchdog /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A

Creates/modifies Cron job

execution persistence privilege_escalatio
Description Indicator Process Target
File opened for modification /etc/crontab /bin/sh N/A

Creates/modifies environment variables

persistence privilege_escalation defense_evasion
Description Indicator Process Target
File opened for modification /etc/profile.d/bash_cfg /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/profile.d/bash_cfg.sh /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/profile.d/gateway.sh /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A

Enumerates running processes

Modifies init.d

persistence
Description Indicator Process Target
File opened for modification /etc/init.d/dbus /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/hwclock.sh /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/kmod /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/rsyslog /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/alsa-utils /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/console-setup.sh /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/ssh /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/networking /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/selinux-autorelabel /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/keyboard-setup.sh /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/procps /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/auditd /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/cron /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/udev /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/x11-common /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/exim4 /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/init.d/sudo /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A

Write file to user bin folder

persistence
Description Indicator Process Target
File opened for modification /usr/bin/include/find /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /usr/bin/find /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A

Modifies Bash startup script

persistence
Description Indicator Process Target
File opened for modification /etc/profile.d/bash_cfg.sh /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/profile.d/gateway.sh /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for modification /etc/profile.d/bash_cfg /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A

Command and Scripting Interpreter: Unix Shell

execution
Description Indicator Process Target
N/A N/A /bin/sh N/A
N/A N/A /bin/sh N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /etc/opt.services.cfg N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /etc/opt.services.cfg N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /etc/opt.services.cfg N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /etc/opt.services.cfg N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/579/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/582/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/651/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/3/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/18/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/108/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/14/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/216/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/641/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/1/environ /bin/systemctl N/A
File opened for reading /proc/self/stat /bin/systemctl N/A
File opened for reading /proc/1/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/2/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/7/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/filesystems /bin/systemctl N/A
File opened for reading /proc/75/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/105/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/self/stat /bin/systemctl N/A
File opened for reading /proc/137/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/301/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/self/stat /bin/systemctl N/A
File opened for reading /proc/134/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/649/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/583/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/644/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/4/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/29/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/218/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/265/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/631/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/637/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/8/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/10/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/107/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/filesystems /bin/systemctl N/A
File opened for reading /proc/28/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/systemctl N/A
File opened for reading /proc/147/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/self/stat /bin/systemctl N/A
File opened for reading /proc/self/stat /bin/systemctl N/A
File opened for reading /proc/1/environ /bin/systemctl N/A
File opened for reading /proc/6/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/42/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/97/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/26/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/163/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/266/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/271/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/302/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/20/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/23/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/24/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/filesystems /bin/systemctl N/A
File opened for reading /proc/598/stat /tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf N/A
File opened for reading /proc/1/environ /bin/systemctl N/A
File opened for reading /proc/cmdline /bin/systemctl N/A
File opened for reading /proc/filesystems /bin/systemctl N/A
File opened for reading /proc/self/stat /bin/systemctl N/A

Processes

/tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf

[/tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf]

/tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf

[/tmp/668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155.elf ]

/bin/sh

[/bin/sh -c /etc/32676&]

/etc/32676

[/etc/32676]

/usr/sbin/service

[service crond start]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/sleep

[sleep 60]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies start crond.service]

/bin/sh

[/bin/sh -c echo "*/1 * * * * root /.mod " >> /etc/crontab]

/usr/bin/renice

[renice -20 649]

/bin/mount

[mount -o bind /tmp/ /proc/649]

/usr/sbin/service

[service cron start]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies start cron.service]

/bin/systemctl

[systemctl start crond.service]

/etc/opt.services.cfg

[/etc/opt.services.cfg]

/etc/opt.services.cfg

[/etc/opt.services.cfg ]

/bin/sleep

[sleep 60]

/etc/opt.services.cfg

[/etc/opt.services.cfg]

/etc/opt.services.cfg

[/etc/opt.services.cfg ]

/bin/sleep

[sleep 60]

Network

Country Destination Domain Proto
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp
US 1.1.1.1:53 ss.us-tv.top udp

Files

/etc/.walk

MD5 e53a145554ba759de7a70cae1eff17a4
SHA1 19cfb111943c612e0368f16e77e40767d2fc4e23
SHA256 6eacc74d627f755c441d78c516405f124e8c025e9e145ba5c00df3249153805b
SHA512 5d64da46fd8c6364164906840334dec95f867bafe54373bb29f821fdf7979510522d75a6086871206c2ae5afc380ccff7068fe2185ce1f32254ea2984e6daec5

/etc/.walk

MD5 8eb99ad87bc72d7f86d7cc31369e06ac
SHA1 7a02c8fa1a938fa47fc4abb20c5bad7db8eb3d11
SHA256 162d763122b4e5140cb3a1d1e79cfd6a20c15a7f0f01507804850fc15b8673de
SHA512 825cb841fc495f20db960f0e5f50b2a5e19c6f89dfa6b1aca4a892dd691848b4c41888937be73660b77a03a72043330d6ee145f5800cd23dac89415e4725f3ad

/etc/opt.services.cfg

MD5 639af202eb3c903183b8ae3d8ba4951e
SHA1 78ad606c247165cb75c4e349d9be702517203224
SHA256 668e2cdc076b620be68a4d5aa2ed14d2fa9b48b556f0e8f69548d8a972436155
SHA512 1eb84b880900795da9bb834e88422c8a81bd83f7fb0dcdf090f8b178b21e486e0010126bd249c84cf2b2f6dcad3fc0597acad073b299512fba8f9f02ef0c4767

/etc/32676

MD5 47684525bfdf26f49fd1cf742b17c015
SHA1 c4ab14ba22420ff9acadfc698a38d0cd99e9fbfa
SHA256 b7ce294613dd2c237a4a50548bfcd5c14d166107f2d2e965499bc78695300d5b
SHA512 948f9c519ae9afe1c821c5d58da2e584e50356dabef597ccd408853a9038560b9fb1c5894900e2725b48977ffd49d18a439436bb4946e2164ac9fcf2a8637621

/.mod

MD5 f5a3713282e43c200f30342f5ff5e2ea
SHA1 2b2ce1a207e2b691a074c6f78f71c4785aae426a
SHA256 6ab64e727571458d4884fb2fe82c27c467db0699cb8f648b3f0217c35d2b7511
SHA512 5bcb8cd360409147a486755f90e0cdd97183af02ce8de5135b7c6a8a010deb9ef12dcd5ee9a2a8fd2e159347f68e72d6b7fd75e943b4fcd928d7a74b97476013

/usr/bin/include/find

MD5 138a27d6fe52fa1132760a4fa48922e0
SHA1 e0250e4d7bf33a5a1064344224148b889cb15138
SHA256 81a10dad907b23521461bd3fc83c2cedb2218933a328d9a05e3c9f6a9a1d42aa
SHA512 ee0078afad63fc2aaffdebb7127d1c7d4459287fee75358f57c82d397c39b7bf64338fb6996dfb1747cd9a896d714b3c76f0948727be91550f1affa1c0298a9e

/etc/profile.d/gateway.sh

MD5 148912f86cf0801839ce4fb80a7da3cb
SHA1 aa495d59ccc2ad297316a35f917156cb79d48c65
SHA256 4b9112e2c69d9b1ab31aae2255a42cefd38a500ca42b3627ae2a9ffa733e0276
SHA512 44e101ef4163a3e973f8c0bbcf4bb8744a64b791d6e4b71d208ab3294be4510dc8905692fbb460296d363bcc5786ccf390c859f8ab3e5b29d227fc41a42d4c45