Edit tour

Linux Analysis Report
65kw6IfQdO.elf

Overview

General Information

Sample name:	65kw6IfQdO.elf renamed because original name is a hash value
Original sample name:	eec45382ecf8d7788756e561626e7803.elf
Analysis ID:	1430993
MD5:	eec45382ecf8d7788756e561626e7803
SHA1:	145fd848e20b364f10fab3167cb0edc11b32c1f4
SHA256:	40c92002d0e54b11a3826db7e2fe0be6d86b3cfa20e5eb2b1140f2d653fa0276
Tags:	32elfmotorola
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Queries the IP of a very long domain name

Sample deletes itself

Sample tries to kill multiple processes (SIGKILL)

Detected TCP or UDP traffic on non-standard ports

Executes the "kill" or "pkill" command typically used to terminate processes

Found strings indicative of a multi-platform dropper

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430993
Start date and time:	2024-04-24 13:03:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	65kw6IfQdO.elf renamed because original name is a hash value
Original Sample Name:	eec45382ecf8d7788756e561626e7803.elf
Detection:	MAL
Classification:	mal60.spre.troj.evad.linELF@0/0@51/0

Warnings

Connection to analysis system has been lost, crash info: Unknown

Runtime Messages

Command:	/tmp/65kw6IfQdO.elf
PID:	6242
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	black botnet voodoo
Standard Error:

Process Tree

system is lnxubuntu20

65kw6IfQdO.elf (PID: 6242, Parent: 6166, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/65kw6IfQdO.elf

65kw6IfQdO.elf New Fork (PID: 6244, Parent: 6242)

65kw6IfQdO.elf New Fork (PID: 6246, Parent: 6244)

65kw6IfQdO.elf New Fork (PID: 6247, Parent: 6244)

65kw6IfQdO.elf New Fork (PID: 6249, Parent: 6244)

65kw6IfQdO.elf New Fork (PID: 6251, Parent: 6244)

65kw6IfQdO.elf New Fork (PID: 6336, Parent: 6244)

65kw6IfQdO.elf New Fork (PID: 6338, Parent: 6336)

65kw6IfQdO.elf New Fork (PID: 6340, Parent: 6244)

65kw6IfQdO.elf New Fork (PID: 6342, Parent: 6340)

systemd New Fork (PID: 6254, Parent: 1)

journalctl (PID: 6254, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var

systemd New Fork (PID: 6276, Parent: 1)

dbus-daemon (PID: 6276, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6289, Parent: 1)

rsyslogd (PID: 6289, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6290, Parent: 1860)

pulseaudio (PID: 6290, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

gvfsd-fuse New Fork (PID: 6291, Parent: 2038)

fusermount (PID: 6291, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

systemd New Fork (PID: 6294, Parent: 1)

systemd-journald (PID: 6294, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6296, Parent: 1)

dbus-daemon (PID: 6296, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6297, Parent: 1)

systemd-journald (PID: 6297, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6298, Parent: 1)

rsyslogd (PID: 6298, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6300, Parent: 1)

dbus-daemon (PID: 6300, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6301, Parent: 1)

systemd-journald (PID: 6301, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6302, Parent: 1)

dbus-daemon (PID: 6302, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6303, Parent: 1)

rsyslogd (PID: 6303, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6305, Parent: 1)

systemd-journald (PID: 6305, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6306, Parent: 1)

dbus-daemon (PID: 6306, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6309, Parent: 1)

rsyslogd (PID: 6309, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6311, Parent: 1)

systemd-journald (PID: 6311, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

gdm3 New Fork (PID: 6312, Parent: 1320)

Default (PID: 6312, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6313, Parent: 1320)

Default (PID: 6313, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6314, Parent: 1)

rsyslogd (PID: 6314, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

gdm3 New Fork (PID: 6316, Parent: 1320)

Default (PID: 6316, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6317, Parent: 1)

gpu-manager (PID: 6317, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 6318, Parent: 1)

generate-config (PID: 6318, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6319, Parent: 6318)

pkill (PID: 6319, Parent: 6318, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6320, Parent: 1)

gpu-manager (PID: 6320, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 6321, Parent: 1)

generate-config (PID: 6321, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6322, Parent: 6321)

pkill (PID: 6322, Parent: 6321, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6323, Parent: 1)

gpu-manager (PID: 6323, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 6324, Parent: 1)

generate-config (PID: 6324, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6325, Parent: 6324)

pkill (PID: 6325, Parent: 6324, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6328, Parent: 1)

gpu-manager (PID: 6328, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 6329, Parent: 1)

generate-config (PID: 6329, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6330, Parent: 6329)

pkill (PID: 6330, Parent: 6329, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6331, Parent: 1)

gpu-manager (PID: 6331, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 6332, Parent: 1)

generate-config (PID: 6332, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6333, Parent: 6332)

pkill (PID: 6333, Parent: 6332, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6334, Parent: 1)

plymouth (PID: 6334, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit

systemd New Fork (PID: 6335, Parent: 1860)

dbus-daemon (PID: 6335, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

cleanup

String: yxpts/ttysocket:[/proc/net/tcp/proc/%d/exepkillkillallechoclearwgetcurlping/pswiresharktcpdumppythonpython3busyboxiptablesrebootinit 6nanonvimmvcdlscatstringshtopgrepbashgdb/mapsmkdirHTTPapt./runshutdown&reboot -fshutdown -rrmftpgettftpncfor

Networking

Queries the IP of a very long domain name

Source: unknown	DNS traffic detected: query: siegheil.hiter.su.L(f{66PV,PV!EH(U25d/L(f?}NNPV!PV,E@:.@@
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.L(f66PV,PV!EH(U0256m"/L(fNNPV!PV,E@:.@@5,&/siegheilhitersunM(f_a66PV.PV!EH(U425>/
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.M(f_a66PV,PV!EH(U425>/M(f,cNNPV!PV,E@:.@@b5,/siegheilhitersunM(fU66PV,PV!EH(U;2
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.M(fU66PV,PV!EH(U;25b/M(fbNNPV!PV,E@:.@@5,w/siegheilhitersunM(f666PV,PV!EH(UZ2
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.M(f666PV,PV!EH(UZ25/M(fJJPV!PV,E<
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.P(f66PV,PV!EH(p54P(fSNNPV!PV,E@.@@.8.,.4siegheilhitersunP(fNz66
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.P(fNz66PV,PV!EH(q-58W4P(f}\|NNPV!PV,E@.@@5,<4siegheilhiter.unP(fN66PV,PV!EH(Q%q)5Ie4P(fMNNPV!PV,E@5@.5,4siegheilhitersunP(f6
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.P(fN66PV,PV!EH(Q%q)5*Ie4P(fMNNPV!PV,E@.@@5,4siegheilhitersun
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.P(f66PV,PV!EH(t_5#4P(fNNPV!PV,E@.@@5,4siegheilhitersunQ(f*66PV,PV
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.Q(f*66PV,PV!EH(q[54Q(fmJJPV!PV,E<-.@@F
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.S(fZNNPV,PV!EH@/$W5,dsiegheilhitersunS(fN
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.S(fTNNPV,PV!EH@/$W5,mdsiegheilhitersunS(fxWN
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.T(fNNPV,PV!EH@/p$W5,dsiegheilhitersunT(fUN
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.T(flNNPV,PV!EH@/N$W5P,f5dsiegheilhitersunT(foN
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.T(fNNPV,PV!EH@/'$W5,edsiegheilhitersunT(fJ
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.\(fwNNPV!PV,E@N@@X!^rM5,(6kzadolfhitlersun`(fB
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.`(fBBPV!PV,E4\@@[[*gBfP_tSfQa(fNNPV!.V,E@Q@@U^r5,nW6kzadolfhitlersunf(fN
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.f(fNNPV!PV,E@S@@SH^r5,t6kzadolfhitlersunk(fsN
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.k(fsNNPV!PV,E@Tn@@Rq^r5,Y6kzadolfhitlersunp(f{J
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.p(f{JJPV!PV,E<.@@)yFNI`H#p(fm66
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.r(fwVVPV,PV!E(H/\|3l54vsexsecure-cyber-securitysr(fy.VPV!PV,EH)@@R3l54fzvsexsecure-cyber-securit.ss(fVVPV,PV!E(H/\|3l54xvsexsecure-cyber-securityss(f-VV
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.s(fVVPV,PV!E(H/\|3l54xvsexsecure-cyber-securityss(f-.VPV!PV,EHf@@3l}54Mvsexsecure-cyber-securit.ss(fVVPV,PV!E(H/\|3l5}4vsexsecure-cyber-securityss(fVV
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.s(fVVPV,PV!E(H/\|3l5}4vsexsecure-cyber-securityss(f.VPV!PV,EH@@3l54oevsexsecure-cyber-securit.ss(f0VVPV,PV!E(H/\|w3l54cvsexsecure-cyber-securityss(fVV
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.s(f0VVPV,PV!E(H/\|w3l54cvsexsecure-cyber-securityss(f.VPV!PV,EH@@3l4549,vsexsecure-cyber-securit.ss(fVVPV,PV!E(H%/\|/3l544*vsexsecure-cyber-securityss(fJJ
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.s(fVVPV,PV!E(H%/\|/3l544*vsexsecure-cyber-securityss(f.JPV!PV,E<@@MFo[TQ#

Source: global traffic	TCP traffic: 192.168.2.23:55768 -> 212.70.149.14:35342
Source: global traffic	TCP traffic: 192.168.2.23:41846 -> 212.70.149.10:35342

Source: /tmp/65kw6IfQdO.elf (PID: 6242)

Socket: 127.0.0.1::8345

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42

Source: unknown

DNS traffic detected: queries for: siegheil.hiter.su

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55506
Source: unknown	Network traffic detected: HTTP traffic on port 55470 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55508
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55502
Source: unknown	Network traffic detected: HTTP traffic on port 55432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55466
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55500
Source: unknown	Network traffic detected: HTTP traffic on port 55506 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55468
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55472
Source: unknown	Network traffic detected: HTTP traffic on port 55484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55474
Source: unknown	Network traffic detected: HTTP traffic on port 55458 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55470
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55450 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55518
Source: unknown	Network traffic detected: HTTP traffic on port 55446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55516
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55510
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55478
Source: unknown	Network traffic detected: HTTP traffic on port 55524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55512
Source: unknown	Network traffic detected: HTTP traffic on port 55518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55484
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55486
Source: unknown	Network traffic detected: HTTP traffic on port 55464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55480
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55482
Source: unknown	Network traffic detected: HTTP traffic on port 55478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55528
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55524
Source: unknown	Network traffic detected: HTTP traffic on port 33606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55526
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55488
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55522
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55494
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55496
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55530
Source: unknown	Network traffic detected: HTTP traffic on port 55440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55490
Source: unknown	Network traffic detected: HTTP traffic on port 55456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55492
Source: unknown	Network traffic detected: HTTP traffic on port 55536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55532
Source: unknown	Network traffic detected: HTTP traffic on port 55522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55534
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55420
Source: unknown	Network traffic detected: HTTP traffic on port 55434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55516 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55426
Source: unknown	Network traffic detected: HTTP traffic on port 55502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55428
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55430
Source: unknown	Network traffic detected: HTTP traffic on port 55480 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55436
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55438
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55432
Source: unknown	Network traffic detected: HTTP traffic on port 55528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55434
Source: unknown	Network traffic detected: HTTP traffic on port 55436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55440
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55442
Source: unknown	Network traffic detected: HTTP traffic on port 55514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55448
Source: unknown	Network traffic detected: HTTP traffic on port 55430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55444
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55450
Source: unknown	Network traffic detected: HTTP traffic on port 55520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55452
Source: unknown	Network traffic detected: HTTP traffic on port 55492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33606
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55458
Source: unknown	Network traffic detected: HTTP traffic on port 55526 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55456
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55462
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55464
Source: unknown	Network traffic detected: HTTP traffic on port 55438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55460
Source: unknown	Network traffic detected: HTTP traffic on port 55512 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1389, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1476, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1809, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 2038, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 4334, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 4529, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6079, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6228, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6229, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6247, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6249, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6251, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6254, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6276, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6288, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6289, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6290, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6291, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6294, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6296, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6297, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6298, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6299, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6300, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6301, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6302, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6303, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6304, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6305, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6306, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6309, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6310, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6311, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6313, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6314, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6315, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6317, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6318, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6319, result: no such process	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6320, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6321, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6323, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6324, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6325, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6328, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6329, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6330, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6331, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6332, result: successful	Jump to behavior

Source: Initial sample	String containing 'busybox' found: busybox
Source: Initial sample	String containing 'busybox' found: yxpts/ttysocket:[/proc/net/tcp/proc/%d/exepkillkillallechoclearwgetcurlping/pswiresharktcpdumppythonpython3busyboxiptablesrebootinit 6nanonvimmvcdlscatstringshtopgrepbashgdb/mapsmkdirHTTPapt./runshutdown&reboot -fshutdown -rrmftpgettftpncfor

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1389, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1476, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1809, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 2038, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 4334, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 4529, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6079, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6228, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6229, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6247, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6249, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6251, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6254, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6276, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6288, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6289, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6290, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6291, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6294, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6296, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6297, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6298, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6299, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6300, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6301, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6302, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6303, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6304, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6305, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6306, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6309, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6310, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6311, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6313, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6314, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6315, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6317, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6318, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6319, result: no such process	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6320, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6321, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6323, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6324, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6325, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6328, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6329, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6330, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6331, result: successful	Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6332, result: successful	Jump to behavior

Source: classification engine

Classification label: mal60.spre.troj.evad.linELF@0/0@51/0

Source: /usr/share/gdm/generate-config (PID: 6319)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6322)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6325)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6330)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6333)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior

Source: /tmp/65kw6IfQdO.elf (PID: 6244)

Reads from proc file: /proc/stat

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/65kw6IfQdO.elf (PID: 6242)

File: /tmp/65kw6IfQdO.elf

Jump to behavior

Source: /usr/bin/pkill (PID: 6322)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6325)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6330)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6333)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior

Source: /tmp/65kw6IfQdO.elf (PID: 6242)

Queries kernel information via 'uname':

Jump to behavior

Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: /m68k/tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: $0vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: ;\|U/m68k/tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: /tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6242.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6247.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6249.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6251.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6336.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6338.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6340.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6342.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: 65kw6IfQdO.elf, 6242.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6247.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6249.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6336.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6338.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6340.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6342.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: ;\|U!/etc/qemu-binfmt/m68k
Source: 65kw6IfQdO.elf, 6251.1.00007fb2e8041000.00007fb2e8045000.rw-.sdmp	Binary or memory string: Q/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9fY/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj)/tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6251.1.00007fb2e8033000.00007fb2e8041000.rw-.sdmp	Binary or memory string: vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6242.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6247.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6249.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6336.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6338.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6340.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6342.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: ;\|U1/tmp/vmware-root_721-42905598891p
Source: 65kw6IfQdO.elf, 6251.1.00007fb2e8041000.00007fb2e8045000.rw-.sdmp	Binary or memory string: )/tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6242.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6247.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6249.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6251.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6336.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6338.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6340.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6342.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/65kw6IfQdO.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/65kw6IfQdO.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Disable or Modify Tools	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
65kw6IfQdO.elf	32%	ReversingLabs	Linux.Trojan.Mirai
65kw6IfQdO.elf	13%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
security.rebirth-network.su	212.70.149.10	true	false	unknown
kz.adolfhitler.su.`(fBBPV!PV,E4\@@[[*gBfP_tSfQa(fNNPV!.V,E@Q@@U^r5,nW6kzadolfhitlersunf(fN	unknown	unknown	true	unknown
siegheil.hiter.su.P(fN66PV,PV!EH(Q%q)5*Ie4P(fMNNPV!PV,E@.@@5,4siegheilhitersun	unknown	unknown	true	unknown
siegheil.hiter.su.P(f66PV,PV!EH(p54P(fSNNPV!PV,E@.@@.8.,.4siegheilhitersunP(fNz66	unknown	unknown	true	unknown
siegheil.hiter.su.M(f666PV,PV!EH(UZ25/M(fJJPV!PV,E<	unknown	unknown	true	low
siegheil.hiter.su.S(fZNNPV,PV!EH@/$W5,dsiegheilhitersunS(fN	unknown	unknown	true	low
kz.adolfhitler.su.\(fwNNPV!PV,E@N@@X!^rM5,(6kzadolfhitlersun`(fB	unknown	unknown	true	unknown
sex.secure-cyber-security.s(fVVPV,PV!E(H%/\|/3l544*vsexsecure-cyber-securityss(f.JPV!PV,E<@@MFo[TQ#	unknown	unknown	true	low
siegheil.hiter.su.T(fNNPV,PV!EH@/'$W5,edsiegheilhitersunT(fJ	unknown	unknown	true	low
siegheil.hiter.su	unknown	unknown	true	unknown
siegheil.hiter.su.P(fNz66PV,PV!EH(q-58W4P(f}\|NNPV!PV,E@.@@5,<4siegheilhiter.unP(fN66PV,PV!EH(Q%q)5Ie4P(fMNNPV!PV,E@5@.5,4siegheilhitersunP(f6	unknown	unknown	true	unknown
kz.adolfhitler.su.k(fsNNPV!PV,E@Tn@@Rq^r5,Y6kzadolfhitlersunp(f{J	unknown	unknown	true	unknown
sex.secure-cyber-security.s(fVVPV,PV!E(H/\|3l5}4vsexsecure-cyber-securityss(f.VPV!PV,EH@@3l54oevsexsecure-cyber-securit.ss(f0VVPV,PV!E(H/\|w3l54cvsexsecure-cyber-securityss(fVV	unknown	unknown	true	low
sex.secure-cyber-security.s(f0VVPV,PV!E(H/\|w3l54cvsexsecure-cyber-securityss(f.VPV!PV,EH@@3l4549,vsexsecure-cyber-securit.ss(fVVPV,PV!E(H%/\|/3l544*vsexsecure-cyber-securityss(fJJ	unknown	unknown	true	low
siegheil.hiter.su.S(fTNNPV,PV!EH@/$W5,mdsiegheilhitersunS(fxWN	unknown	unknown	true	low
kz.adolfhitler.su.p(f{JJPV!PV,E<.@@)yFNI`H#p(fm66	unknown	unknown	true	unknown
siegheil.hiter.su.P(f66PV,PV!EH(t_5#4P(fNNPV!PV,E@.@@5,4siegheilhitersunQ(f*66PV,PV	unknown	unknown	true	unknown
siegheil.hiter.su.T(flNNPV,PV!EH@/N$W5P,f5dsiegheilhitersunT(foN	unknown	unknown	true	low
security.rebirth-network.su.	unknown	unknown	true	unknown
siegheil.hiter.su.M(fU66PV,PV!EH(U;25b/M(fbNNPV!PV,E@:.@@5,w/siegheilhitersunM(f666PV,PV!EH(UZ2	unknown	unknown	true	low
sex.secure-cyber-security.s(fVVPV,PV!E(H/\|3l54xvsexsecure-cyber-securityss(f-.VPV!PV,EHf@@3l}54Mvsexsecure-cyber-securit.ss(fVVPV,PV!E(H/\|3l5}4vsexsecure-cyber-securityss(fVV	unknown	unknown	true	low
siegheil.hiter.su.M(f_a66PV,PV!EH(U425>/M(f,cNNPV!PV,E@:.@@b5,/siegheilhitersunM(fU66PV,PV!EH(U;2	unknown	unknown	true	low
sex.secure-cyber-security	unknown	unknown	true	unknown
siegheil.hiter.su.Q(f*66PV,PV!EH(q[54Q(fmJJPV!PV,E<-.@@F	unknown	unknown	true	unknown
sex.secure-cyber-security.r(fwVVPV,PV!E(H/\|3l54vsexsecure-cyber-securitysr(fy.VPV!PV,EH)@@R3l54fzvsexsecure-cyber-securit.ss(fVVPV,PV!E(H/\|3l54xvsexsecure-cyber-securityss(f-VV	unknown	unknown	true	low
siegheil.hiter.su.L(f66PV,PV!EH(U0256m"/L(fNNPV!PV,E@:.@@5,&/siegheilhitersunM(f_a66PV.PV!EH(U425>/	unknown	unknown	true	low
siegheil.hiter.su.T(fNNPV,PV!EH@/p$W5,dsiegheilhitersunT(fUN	unknown	unknown	true	low
siegheil.hiter.su.L(f{66PV,PV!EH(U25d/L(f?}NNPV!PV,E@:.@@	unknown	unknown	true	low
kz.adolfhitler.su.f(fNNPV!PV,E@S@@SH^r5,t6kzadolfhitlersunk(fsN	unknown	unknown	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
212.70.149.14	unknown	Bulgaria	208410	INTERNET-HOSTINGBG	false
212.70.149.10	security.rebirth-network.su	Bulgaria	208410	INTERNET-HOSTINGBG	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
54.171.230.55	unknown	United States	16509	AMAZON-02US	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.176.203.42	unknown	Belgium	5432	PROXIMUS-ISP-ASBE	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
212.70.149.14	UOt98MEVJw.elf	Get hash	malicious	Unknown	Browse	/arm6
	XtpqFYYOsk.elf	Get hash	malicious	Unknown	Browse	/arm7
	M5JK7Pf4NO.elf	Get hash	malicious	Unknown	Browse	/mips
	aIIxWKK5Cm.elf	Get hash	malicious	Unknown	Browse	/mpsl
	Y8ahzapm43.elf	Get hash	malicious	Unknown	Browse	/arm5
54.171.230.55	7Ud8fq8tJs.elf	Get hash	malicious	Gafgyt	Browse
	jb6F3H6QH4.elf	Get hash	malicious	Mirai, Gafgyt	Browse
	JCC3MNVgRd.elf	Get hash	malicious	Gafgyt	Browse
	520VcHQQj7.elf	Get hash	malicious	Unknown	Browse
	eI5fTcq2no.elf	Get hash	malicious	Unknown	Browse
	1HoxbBh9mb.elf	Get hash	malicious	Mirai, Okiru	Browse
	V06ANR64H4.elf	Get hash	malicious	Mirai, Okiru	Browse
	az9a0rNKvy.elf	Get hash	malicious	Mirai, Okiru	Browse
	gwX4DFn6ue.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.DownLoader.532.20148.6112.elf	Get hash	malicious	Unknown	Browse
212.70.149.10	H6aUw28kMN.elf	Get hash	malicious	Unknown	Browse
	AZtIZd4072.elf	Get hash	malicious	Unknown	Browse
	399jauZIBD.elf	Get hash	malicious	Unknown	Browse
	kaq4CUrP8v.elf	Get hash	malicious	Unknown	Browse
	gk5sduiOpM.elf	Get hash	malicious	Unknown	Browse
	3AHgsMIs1Y.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.7232.1376.786.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	rINwxS54oX.elf	Get hash	malicious	Mirai	Browse
	BbxtCVS8z8.elf	Get hash	malicious	Mirai, Okiru	Browse
	g0dk59Cg0v.elf	Get hash	malicious	Mirai	Browse
	AZtIZd4072.elf	Get hash	malicious	Unknown	Browse
	i6MGE0UeYG.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	YTcowzAsKa.elf	Get hash	malicious	Mirai, Okiru	Browse
	Ptge3TuHFs.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	ZFxJqgzVsv.elf	Get hash	malicious	Mirai	Browse
	KAIKC433T0.elf	Get hash	malicious	Gafgyt	Browse
	mfMK5ad02Y.elf	Get hash	malicious	Gafgyt	Browse
91.189.91.43	rINwxS54oX.elf	Get hash	malicious	Mirai	Browse
	BbxtCVS8z8.elf	Get hash	malicious	Mirai, Okiru	Browse
	g0dk59Cg0v.elf	Get hash	malicious	Mirai	Browse
	AZtIZd4072.elf	Get hash	malicious	Unknown	Browse
	Ptge3TuHFs.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	ZFxJqgzVsv.elf	Get hash	malicious	Mirai	Browse
	KAIKC433T0.elf	Get hash	malicious	Gafgyt	Browse
	mfMK5ad02Y.elf	Get hash	malicious	Gafgyt	Browse
	JCC3MNVgRd.elf	Get hash	malicious	Gafgyt	Browse
	520VcHQQj7.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
security.rebirth-network.su	399jauZIBD.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	gk5sduiOpM.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf	Get hash	malicious	Unknown	Browse	212.70.149.10

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	rINwxS54oX.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	BbxtCVS8z8.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	g0dk59Cg0v.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	gFHZn3Ck3v.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	AZtIZd4072.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	i6MGE0UeYG.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	YTcowzAsKa.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	Ptge3TuHFs.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	2V7qaSy0Jl.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	EfsIiZhHxS.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.125.190.26
CANONICAL-ASGB	rINwxS54oX.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	BbxtCVS8z8.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	g0dk59Cg0v.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	gFHZn3Ck3v.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	AZtIZd4072.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	i6MGE0UeYG.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	YTcowzAsKa.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	Ptge3TuHFs.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	2V7qaSy0Jl.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	EfsIiZhHxS.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.125.190.26
AMAZON-02US	http://clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	18.154.132.124
	i6MGE0UeYG.elf	Get hash	malicious	Gafgyt, Mirai	Browse	34.249.145.219
	http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34	Get hash	malicious	Unknown	Browse	108.139.9.151
	Ptge3TuHFs.elf	Get hash	malicious	Gafgyt, Mirai	Browse	34.249.145.219
	0JeZFMxByg.elf	Get hash	malicious	Mirai	Browse	54.217.10.153
	EfsIiZhHxS.elf	Get hash	malicious	Gafgyt, Mirai	Browse	34.243.160.129
	310kHPPXaM.elf	Get hash	malicious	Unknown	Browse	34.254.182.186
	http://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	108.139.10.63
	7Ud8fq8tJs.elf	Get hash	malicious	Gafgyt	Browse	54.247.62.1
	jb6F3H6QH4.elf	Get hash	malicious	Mirai, Gafgyt	Browse	34.254.182.186
INIT7CH	rINwxS54oX.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	BbxtCVS8z8.elf	Get hash	malicious	Mirai, Okiru	Browse	109.202.202.202
	g0dk59Cg0v.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	AZtIZd4072.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	i6MGE0UeYG.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	YTcowzAsKa.elf	Get hash	malicious	Mirai, Okiru	Browse	109.202.202.202
	Ptge3TuHFs.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	ZFxJqgzVsv.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	KAIKC433T0.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	mfMK5ad02Y.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
INTERNET-HOSTINGBG	H6aUw28kMN.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	gFHZn3Ck3v.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	AZtIZd4072.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	399jauZIBD.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	kaq4CUrP8v.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	2V7qaSy0Jl.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	gk5sduiOpM.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	3AHgsMIs1Y.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	XHYKEGTtfq.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	SecuriteInfo.com.Linux.Siggen.7232.1376.786.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
INTERNET-HOSTINGBG	H6aUw28kMN.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	gFHZn3Ck3v.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	AZtIZd4072.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	399jauZIBD.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	kaq4CUrP8v.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	2V7qaSy0Jl.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	gk5sduiOpM.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	3AHgsMIs1Y.elf	Get hash	malicious	Unknown	Browse	212.70.149.10
	XHYKEGTtfq.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	SecuriteInfo.com.Linux.Siggen.7232.1376.786.elf	Get hash	malicious	Unknown	Browse	212.70.149.10

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.774952696780487
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	65kw6IfQdO.elf
File size:	194'344 bytes
MD5:	eec45382ecf8d7788756e561626e7803
SHA1:	145fd848e20b364f10fab3167cb0edc11b32c1f4
SHA256:	40c92002d0e54b11a3826db7e2fe0be6d86b3cfa20e5eb2b1140f2d653fa0276
SHA512:	88f10121dedf42f6187d9f242b184e52ca3feac8f4d0c408c4156ec3639be6c6716ad366bc0438b08f32c8024f8f5c0f1507a600ab3559e40f86a6036d3ab7c8
SSDEEP:	3072:yfyIyAeoTP2bWbC70sbbMqPW8H/SgQeuacWjcW0JcWcBehddzF/W/SkqWRoVdU9w:yaIYu+b75/dW8HKgQeuacWjcW0JcWcBI
TLSH:	531439D7F905C9BAF80AFB37084309197170F3B249520B736327793EE93A199152BE86
File Content Preview:	.ELF.......................D...4.........4. ...(.................................. ...................F........... .dt.Q............................NV..a....da...u.N^NuNV..J9...Xf>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........XN^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	193944
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0x275ee	0x0	0x6	AX	4
.fini	PROGBITS	0x80027696	0x27696	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x800276a4	0x276a4	0x37ea	0x0	0x2	A	2
.ctors	PROGBITS	0x8002ce94	0x2ae94	0xc	0x0	0x3	WA	4
.dtors	PROGBITS	0x8002cea0	0x2aea0	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x8002cec0	0x2aec0	0x4698	0x0	0x3	WA	32
.bss	NOBITS	0x80031558	0x2f558	0xd854	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x2f558	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0x2ae8e	0x2ae8e	6.1020	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0x2ae94	0x8002ce94	0x8002ce94	0x46c4	0x11f18	0.3970	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 13:04:01.920629025 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 24, 2024 13:04:02.506901979 CEST	33606	443	192.168.2.23	54.171.230.55
Apr 24, 2024 13:04:02.688536882 CEST	33606	443	192.168.2.23	54.171.230.55
Apr 24, 2024 13:04:02.814264059 CEST	443	33606	54.171.230.55	192.168.2.23
Apr 24, 2024 13:04:02.999156952 CEST	55768	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:04:03.036990881 CEST	443	33606	54.171.230.55	192.168.2.23
Apr 24, 2024 13:04:03.039391041 CEST	33606	443	192.168.2.23	54.171.230.55
Apr 24, 2024 13:04:03.325129032 CEST	35342	55768	212.70.149.14	192.168.2.23
Apr 24, 2024 13:04:06.871670008 CEST	55770	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:04:07.198091030 CEST	35342	55770	212.70.149.14	192.168.2.23
Apr 24, 2024 13:04:07.295876026 CEST	42836	443	192.168.2.23	91.189.91.43
Apr 24, 2024 13:04:08.063770056 CEST	42516	80	192.168.2.23	109.202.202.202
Apr 24, 2024 13:04:23.165587902 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 24, 2024 13:04:33.404083967 CEST	42836	443	192.168.2.23	91.189.91.43
Apr 24, 2024 13:04:34.220309973 CEST	55772	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:04:34.546617985 CEST	35342	55772	212.70.149.14	192.168.2.23
Apr 24, 2024 13:04:37.499633074 CEST	42516	80	192.168.2.23	109.202.202.202
Apr 24, 2024 13:04:38.074829102 CEST	55774	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:04:38.401437044 CEST	35342	55774	212.70.149.14	192.168.2.23
Apr 24, 2024 13:04:41.996078968 CEST	55776	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:04:42.322357893 CEST	35342	55776	212.70.149.14	192.168.2.23
Apr 24, 2024 13:04:45.821011066 CEST	55778	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:04:46.148341894 CEST	35342	55778	212.70.149.14	192.168.2.23
Apr 24, 2024 13:04:49.001900911 CEST	55780	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:04:49.329066038 CEST	35342	55780	212.70.149.14	192.168.2.23
Apr 24, 2024 13:04:52.857533932 CEST	55782	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:04:53.183932066 CEST	35342	55782	212.70.149.14	192.168.2.23
Apr 24, 2024 13:05:04.119940042 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 24, 2024 13:05:20.200058937 CEST	55784	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:05:20.526189089 CEST	35342	55784	212.70.149.14	192.168.2.23
Apr 24, 2024 13:05:23.980750084 CEST	55786	35342	192.168.2.23	212.70.149.14
Apr 24, 2024 13:05:24.307156086 CEST	35342	55786	212.70.149.14	192.168.2.23
Apr 24, 2024 13:05:26.482666969 CEST	41846	35342	192.168.2.23	212.70.149.10
Apr 24, 2024 13:05:26.809792995 CEST	35342	41846	212.70.149.10	192.168.2.23
Apr 24, 2024 13:05:26.810154915 CEST	41846	35342	192.168.2.23	212.70.149.10
Apr 24, 2024 13:05:26.824480057 CEST	41846	35342	192.168.2.23	212.70.149.10
Apr 24, 2024 13:05:27.151236057 CEST	35342	41846	212.70.149.10	192.168.2.23
Apr 24, 2024 13:05:27.151508093 CEST	41846	35342	192.168.2.23	212.70.149.10
Apr 24, 2024 13:05:27.478473902 CEST	35342	41846	212.70.149.10	192.168.2.23
Apr 24, 2024 13:05:41.838145018 CEST	41846	35342	192.168.2.23	212.70.149.10
Apr 24, 2024 13:05:42.165178061 CEST	35342	41846	212.70.149.10	192.168.2.23
Apr 24, 2024 13:05:42.165249109 CEST	35342	41846	212.70.149.10	192.168.2.23
Apr 24, 2024 13:05:42.165544033 CEST	41846	35342	192.168.2.23	212.70.149.10
Apr 24, 2024 13:05:57.496128082 CEST	35342	41846	212.70.149.10	192.168.2.23
Apr 24, 2024 13:05:57.496474981 CEST	41846	35342	192.168.2.23	212.70.149.10
Apr 24, 2024 13:06:12.824157000 CEST	35342	41846	212.70.149.10	192.168.2.23
Apr 24, 2024 13:06:12.824414015 CEST	41846	35342	192.168.2.23	212.70.149.10
Apr 24, 2024 13:06:19.003170967 CEST	35342	41846	212.70.149.10	192.168.2.23
Apr 24, 2024 13:06:19.003478050 CEST	41846	35342	192.168.2.23	212.70.149.10
Apr 24, 2024 13:06:19.010406971 CEST	55416	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010420084 CEST	443	55416	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010478020 CEST	55416	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010535002 CEST	55418	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010548115 CEST	443	55418	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010560989 CEST	55420	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010576010 CEST	55422	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010590076 CEST	55418	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010592937 CEST	443	55420	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010603905 CEST	55424	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010610104 CEST	443	55424	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010621071 CEST	443	55422	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010624886 CEST	55426	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010631084 CEST	55420	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010632992 CEST	443	55426	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010644913 CEST	55424	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010665894 CEST	55422	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010667086 CEST	55426	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010698080 CEST	55428	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010699987 CEST	55430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010706902 CEST	443	55428	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010713100 CEST	55432	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010715961 CEST	443	55430	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010721922 CEST	443	55432	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010726929 CEST	55434	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010732889 CEST	443	55434	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010745049 CEST	55428	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010746956 CEST	55430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010759115 CEST	55432	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010761976 CEST	55434	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010782957 CEST	55436	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010792971 CEST	443	55436	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010883093 CEST	55440	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010890007 CEST	55438	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010889053 CEST	55456	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010889053 CEST	55446	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010898113 CEST	443	55438	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010905981 CEST	443	55456	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010916948 CEST	55444	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010917902 CEST	55454	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010905981 CEST	55436	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010925055 CEST	443	55446	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010926008 CEST	443	55444	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010935068 CEST	55450	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010935068 CEST	443	55440	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010936022 CEST	443	55454	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010935068 CEST	55460	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010930061 CEST	55442	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010931015 CEST	55448	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010947943 CEST	55452	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010947943 CEST	55458	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010950089 CEST	443	55450	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010961056 CEST	443	55452	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010967016 CEST	443	55460	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010972977 CEST	443	55458	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.010983944 CEST	55464	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010984898 CEST	55438	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010984898 CEST	55456	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010984898 CEST	55466	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.010993958 CEST	443	55464	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011002064 CEST	443	55466	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011006117 CEST	55458	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011008978 CEST	55460	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011029005 CEST	443	55442	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011071920 CEST	55446	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011071920 CEST	55464	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011074066 CEST	55466	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011082888 CEST	443	55448	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011089087 CEST	55444	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011125088 CEST	55462	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011152983 CEST	443	55462	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011337042 CEST	55478	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011337042 CEST	55484	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011337996 CEST	55498	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011342049 CEST	55476	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011342049 CEST	55486	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011342049 CEST	55490	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011342049 CEST	55440	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011342049 CEST	55496	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011343002 CEST	55450	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011343002 CEST	55506	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011343002 CEST	55512	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011347055 CEST	55452	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011347055 CEST	55518	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011347055 CEST	55520	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011348963 CEST	55474	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011348963 CEST	55454	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011353016 CEST	55472	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011353970 CEST	443	55478	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011358023 CEST	443	55476	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011360884 CEST	443	55472	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011362076 CEST	55468	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011363983 CEST	443	55474	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011364937 CEST	443	55518	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011362076 CEST	55442	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011373997 CEST	443	55506	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011368036 CEST	443	55484	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011374950 CEST	443	55486	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011362076 CEST	55448	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011373043 CEST	55482	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011374950 CEST	443	55512	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011362076 CEST	55462	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011373043 CEST	55494	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011374950 CEST	55500	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011384010 CEST	443	55520	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011384964 CEST	443	55490	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011388063 CEST	443	55498	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011389971 CEST	55510	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011389971 CEST	55516	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011389971 CEST	55522	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011389971 CEST	55528	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011392117 CEST	55470	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011392117 CEST	55526	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011392117 CEST	55532	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011393070 CEST	55480	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011394024 CEST	443	55496	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011393070 CEST	55492	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011394978 CEST	55508	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011393070 CEST	55502	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011394978 CEST	55530	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011394978 CEST	443	55482	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011399984 CEST	55488	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011401892 CEST	443	55510	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011404991 CEST	443	55470	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011405945 CEST	443	55516	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011408091 CEST	443	55488	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011408091 CEST	443	55494	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011409998 CEST	443	55508	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011410952 CEST	443	55480	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011409998 CEST	443	55526	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011415958 CEST	443	55522	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011418104 CEST	443	55532	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011418104 CEST	443	55468	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011420965 CEST	443	55528	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011423111 CEST	443	55530	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011424065 CEST	443	55500	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011425972 CEST	55476	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011430025 CEST	443	55492	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011432886 CEST	55538	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011445045 CEST	443	55502	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011456013 CEST	55470	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011456966 CEST	55526	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011459112 CEST	55536	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011464119 CEST	55490	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011465073 CEST	55522	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011466026 CEST	443	55538	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011470079 CEST	443	55536	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011472940 CEST	55532	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011478901 CEST	55494	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011480093 CEST	55520	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011492968 CEST	55488	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011495113 CEST	55530	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011495113 CEST	55528	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011503935 CEST	55500	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011504889 CEST	55496	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011507034 CEST	55498	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011511087 CEST	55502	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011511087 CEST	55492	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011517048 CEST	55472	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011524916 CEST	55504	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011526108 CEST	55514	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011526108 CEST	55524	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011526108 CEST	55534	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011526108 CEST	55468	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011542082 CEST	55518	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011570930 CEST	55478	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011579037 CEST	55474	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011595011 CEST	55506	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011605978 CEST	443	55504	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011624098 CEST	55486	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011625051 CEST	55484	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011626959 CEST	443	55514	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011636972 CEST	55512	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011642933 CEST	443	55524	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011650085 CEST	55510	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011657953 CEST	443	55534	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.011667013 CEST	55508	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011671066 CEST	55482	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011738062 CEST	55538	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011739969 CEST	55534	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011763096 CEST	55480	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011763096 CEST	55536	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011764050 CEST	55524	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011764050 CEST	55504	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011764050 CEST	55514	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.011765957 CEST	55516	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363066912 CEST	55538	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363080978 CEST	55536	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363109112 CEST	55532	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363110065 CEST	55534	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363111019 CEST	55530	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363118887 CEST	55528	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363132954 CEST	55526	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363132954 CEST	55524	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363136053 CEST	55522	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363147020 CEST	55520	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363163948 CEST	443	55530	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363168001 CEST	55516	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363168955 CEST	55514	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363169909 CEST	55518	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363183975 CEST	55512	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363184929 CEST	443	55532	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363185883 CEST	443	55536	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363187075 CEST	443	55524	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363185883 CEST	443	55528	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363200903 CEST	443	55520	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363199949 CEST	443	55534	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363204002 CEST	443	55526	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363209009 CEST	55498	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363210917 CEST	55506	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363215923 CEST	443	55518	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363218069 CEST	55510	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363220930 CEST	443	55538	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363221884 CEST	55508	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363228083 CEST	55496	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363228083 CEST	443	55516	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363243103 CEST	55502	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363243103 CEST	55536	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363245964 CEST	55500	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363245964 CEST	55494	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363245964 CEST	55538	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363249063 CEST	55504	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363253117 CEST	443	55506	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363256931 CEST	443	55514	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363261938 CEST	55530	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363261938 CEST	55518	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363262892 CEST	443	55510	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363267899 CEST	443	55498	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363276958 CEST	55532	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363280058 CEST	55516	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363286972 CEST	443	55494	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363289118 CEST	443	55512	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363295078 CEST	55492	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363298893 CEST	55514	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363300085 CEST	55506	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363298893 CEST	443	55504	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363312006 CEST	443	55496	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363310099 CEST	443	55508	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363317966 CEST	55524	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363325119 CEST	443	55522	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363326073 CEST	55510	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363334894 CEST	55520	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363337040 CEST	55490	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363347054 CEST	55526	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363348961 CEST	55488	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363363028 CEST	55528	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363368034 CEST	55512	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363369942 CEST	55508	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363379002 CEST	443	55492	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363380909 CEST	443	55490	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363390923 CEST	55486	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363392115 CEST	55534	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363394022 CEST	443	55488	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363396883 CEST	55498	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363396883 CEST	55484	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363403082 CEST	443	55500	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363409042 CEST	55496	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363414049 CEST	55504	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363420963 CEST	55480	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363425970 CEST	55522	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363435984 CEST	55494	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363435030 CEST	443	55486	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363435984 CEST	55482	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363435984 CEST	55472	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363440037 CEST	55474	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363440990 CEST	55478	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363441944 CEST	55476	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363457918 CEST	55492	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363459110 CEST	55490	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363459110 CEST	55470	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363466024 CEST	55466	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363466978 CEST	55458	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363467932 CEST	55464	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363472939 CEST	443	55484	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363476992 CEST	55488	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363477945 CEST	55468	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363476992 CEST	443	55502	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363477945 CEST	55462	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363488913 CEST	55486	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363488913 CEST	55454	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363488913 CEST	55456	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363495111 CEST	55452	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363497972 CEST	443	55472	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363498926 CEST	443	55478	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363507986 CEST	55500	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363508940 CEST	55460	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363508940 CEST	55450	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363511086 CEST	443	55474	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363522053 CEST	55484	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363527060 CEST	443	55468	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363528013 CEST	443	55470	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363528967 CEST	55448	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363532066 CEST	443	55476	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363537073 CEST	55472	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363538027 CEST	443	55458	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363540888 CEST	55446	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363540888 CEST	443	55462	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363544941 CEST	55502	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363560915 CEST	55478	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363574028 CEST	443	55454	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363575935 CEST	443	55482	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363578081 CEST	443	55448	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363578081 CEST	55470	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363583088 CEST	443	55480	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363583088 CEST	55444	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363585949 CEST	55442	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363586903 CEST	55474	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363590002 CEST	443	55456	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363594055 CEST	55476	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363596916 CEST	55440	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363604069 CEST	55468	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363617897 CEST	55458	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363619089 CEST	443	55466	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363621950 CEST	55438	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363620996 CEST	55432	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363620043 CEST	443	55450	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363631010 CEST	443	55440	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363620996 CEST	443	55444	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363624096 CEST	55436	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363632917 CEST	55448	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363632917 CEST	55462	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363636017 CEST	55454	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363639116 CEST	443	55460	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363641977 CEST	55434	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363665104 CEST	55482	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363667965 CEST	443	55464	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363675117 CEST	55456	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363675117 CEST	55444	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363676071 CEST	443	55434	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363679886 CEST	55450	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363676071 CEST	55480	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363693953 CEST	443	55432	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363693953 CEST	443	55442	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363696098 CEST	443	55436	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363712072 CEST	55430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363722086 CEST	55424	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363734961 CEST	55466	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363744020 CEST	55418	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363751888 CEST	55416	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363754988 CEST	443	55430	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363770962 CEST	443	55438	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363774061 CEST	55422	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363775015 CEST	443	55424	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363775015 CEST	55428	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363775015 CEST	55420	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363778114 CEST	55440	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363776922 CEST	55426	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363778114 CEST	55460	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363776922 CEST	55432	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363784075 CEST	55464	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363786936 CEST	443	55452	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363790989 CEST	55442	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363801003 CEST	55436	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363817930 CEST	443	55420	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363842964 CEST	55434	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363842964 CEST	443	55416	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363853931 CEST	55452	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363853931 CEST	443	55428	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363869905 CEST	443	55446	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363877058 CEST	55438	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363886118 CEST	55430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363914013 CEST	443	55422	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363924026 CEST	55424	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363922119 CEST	55446	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363926888 CEST	55420	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363930941 CEST	443	55418	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363940954 CEST	55428	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363960028 CEST	443	55426	91.176.203.42	192.168.2.23
Apr 24, 2024 13:06:19.363961935 CEST	55422	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363980055 CEST	55418	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.363984108 CEST	55416	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:19.364021063 CEST	55426	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.226423979 CEST	35342	41846	212.70.149.10	192.168.2.23
Apr 24, 2024 13:06:20.226728916 CEST	41846	35342	192.168.2.23	212.70.149.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 13:04:01.925985098 CEST	42119	53	192.168.2.23	1.0.0.1
Apr 24, 2024 13:04:02.376801014 CEST	53	42119	1.0.0.1	192.168.2.23
Apr 24, 2024 13:04:02.379800081 CEST	56747	53	192.168.2.23	1.0.0.1
Apr 24, 2024 13:04:02.535801888 CEST	53	56747	1.0.0.1	192.168.2.23
Apr 24, 2024 13:04:02.535937071 CEST	49744	53	192.168.2.23	1.0.0.1
Apr 24, 2024 13:04:02.689920902 CEST	53	49744	1.0.0.1	192.168.2.23
Apr 24, 2024 13:04:02.690068007 CEST	60109	53	192.168.2.23	1.0.0.1
Apr 24, 2024 13:04:02.844348907 CEST	53	60109	1.0.0.1	192.168.2.23
Apr 24, 2024 13:04:02.844506025 CEST	47113	53	192.168.2.23	1.0.0.1
Apr 24, 2024 13:04:02.998588085 CEST	53	47113	1.0.0.1	192.168.2.23
Apr 24, 2024 13:04:05.325754881 CEST	44852	53	192.168.2.23	51.77.149.139
Apr 24, 2024 13:04:05.632936954 CEST	53	44852	51.77.149.139	192.168.2.23
Apr 24, 2024 13:04:05.633094072 CEST	50081	53	192.168.2.23	51.77.149.139
Apr 24, 2024 13:04:05.940053940 CEST	53	50081	51.77.149.139	192.168.2.23
Apr 24, 2024 13:04:05.940208912 CEST	42952	53	192.168.2.23	51.77.149.139
Apr 24, 2024 13:04:06.256848097 CEST	53	42952	51.77.149.139	192.168.2.23
Apr 24, 2024 13:04:06.257019043 CEST	44021	53	192.168.2.23	51.77.149.139
Apr 24, 2024 13:04:06.564244986 CEST	53	44021	51.77.149.139	192.168.2.23
Apr 24, 2024 13:04:06.564448118 CEST	33778	53	192.168.2.23	51.77.149.139
Apr 24, 2024 13:04:06.871504068 CEST	53	33778	51.77.149.139	192.168.2.23
Apr 24, 2024 13:04:09.198232889 CEST	44298	53	192.168.2.23	91.217.137.37
Apr 24, 2024 13:04:14.202605009 CEST	60860	53	192.168.2.23	91.217.137.37
Apr 24, 2024 13:04:19.207019091 CEST	45949	53	192.168.2.23	91.217.137.37
Apr 24, 2024 13:04:24.211463928 CEST	51172	53	192.168.2.23	91.217.137.37
Apr 24, 2024 13:04:29.215786934 CEST	36015	53	192.168.2.23	91.217.137.37
Apr 24, 2024 13:04:36.547053099 CEST	46416	53	192.168.2.23	51.254.162.59
Apr 24, 2024 13:04:36.855102062 CEST	53	46416	51.254.162.59	192.168.2.23
Apr 24, 2024 13:04:36.855518103 CEST	47139	53	192.168.2.23	51.254.162.59
Apr 24, 2024 13:04:37.158087015 CEST	53	47139	51.254.162.59	192.168.2.23
Apr 24, 2024 13:04:37.158309937 CEST	42606	53	192.168.2.23	51.254.162.59
Apr 24, 2024 13:04:37.462721109 CEST	53	42606	51.254.162.59	192.168.2.23
Apr 24, 2024 13:04:37.463074923 CEST	38324	53	192.168.2.23	51.254.162.59
Apr 24, 2024 13:04:37.770032883 CEST	53	38324	51.254.162.59	192.168.2.23
Apr 24, 2024 13:04:37.770298004 CEST	38792	53	192.168.2.23	51.254.162.59
Apr 24, 2024 13:04:38.074696064 CEST	53	38792	51.254.162.59	192.168.2.23
Apr 24, 2024 13:04:40.401684046 CEST	58743	53	192.168.2.23	81.169.136.222
Apr 24, 2024 13:04:40.716847897 CEST	53	58743	81.169.136.222	192.168.2.23
Apr 24, 2024 13:04:40.717420101 CEST	47679	53	192.168.2.23	81.169.136.222
Apr 24, 2024 13:04:41.036679029 CEST	53	47679	81.169.136.222	192.168.2.23
Apr 24, 2024 13:04:41.037101984 CEST	59932	53	192.168.2.23	81.169.136.222
Apr 24, 2024 13:04:41.355756044 CEST	53	59932	81.169.136.222	192.168.2.23
Apr 24, 2024 13:04:41.355973959 CEST	53754	53	192.168.2.23	81.169.136.222
Apr 24, 2024 13:04:41.680260897 CEST	53	53754	81.169.136.222	192.168.2.23
Apr 24, 2024 13:04:41.680396080 CEST	48187	53	192.168.2.23	81.169.136.222
Apr 24, 2024 13:04:41.995917082 CEST	53	48187	81.169.136.222	192.168.2.23
Apr 24, 2024 13:04:44.322554111 CEST	41171	53	192.168.2.23	195.10.195.195
Apr 24, 2024 13:04:44.621556044 CEST	53	41171	195.10.195.195	192.168.2.23
Apr 24, 2024 13:04:44.621886969 CEST	38966	53	192.168.2.23	195.10.195.195
Apr 24, 2024 13:04:44.921220064 CEST	53	38966	195.10.195.195	192.168.2.23
Apr 24, 2024 13:04:44.921829939 CEST	33818	53	192.168.2.23	195.10.195.195
Apr 24, 2024 13:04:45.221534967 CEST	53	33818	195.10.195.195	192.168.2.23
Apr 24, 2024 13:04:45.221996069 CEST	58978	53	192.168.2.23	195.10.195.195
Apr 24, 2024 13:04:45.521301031 CEST	53	58978	195.10.195.195	192.168.2.23
Apr 24, 2024 13:04:45.521826029 CEST	60088	53	192.168.2.23	195.10.195.195
Apr 24, 2024 13:04:45.820790052 CEST	53	60088	195.10.195.195	192.168.2.23
Apr 24, 2024 13:04:48.148988008 CEST	58753	53	192.168.2.23	8.8.4.4
Apr 24, 2024 13:04:48.318878889 CEST	53	58753	8.8.4.4	192.168.2.23
Apr 24, 2024 13:04:48.319571018 CEST	49720	53	192.168.2.23	8.8.4.4
Apr 24, 2024 13:04:48.490061998 CEST	53	49720	8.8.4.4	192.168.2.23
Apr 24, 2024 13:04:48.490621090 CEST	33322	53	192.168.2.23	8.8.4.4
Apr 24, 2024 13:04:48.660301924 CEST	53	33322	8.8.4.4	192.168.2.23
Apr 24, 2024 13:04:48.660813093 CEST	42943	53	192.168.2.23	8.8.4.4
Apr 24, 2024 13:04:48.831420898 CEST	53	42943	8.8.4.4	192.168.2.23
Apr 24, 2024 13:04:48.831876993 CEST	55188	53	192.168.2.23	8.8.4.4
Apr 24, 2024 13:04:49.001322031 CEST	53	55188	8.8.4.4	192.168.2.23
Apr 24, 2024 13:04:51.329833031 CEST	42155	53	192.168.2.23	194.36.144.87
Apr 24, 2024 13:04:51.634458065 CEST	53	42155	194.36.144.87	192.168.2.23
Apr 24, 2024 13:04:51.634766102 CEST	48036	53	192.168.2.23	194.36.144.87
Apr 24, 2024 13:04:51.939162970 CEST	53	48036	194.36.144.87	192.168.2.23
Apr 24, 2024 13:04:51.939896107 CEST	35226	53	192.168.2.23	194.36.144.87
Apr 24, 2024 13:04:52.244389057 CEST	53	35226	194.36.144.87	192.168.2.23
Apr 24, 2024 13:04:52.245076895 CEST	50000	53	192.168.2.23	194.36.144.87
Apr 24, 2024 13:04:52.552136898 CEST	53	50000	194.36.144.87	192.168.2.23
Apr 24, 2024 13:04:52.552830935 CEST	50160	53	192.168.2.23	194.36.144.87
Apr 24, 2024 13:04:52.857281923 CEST	53	50160	194.36.144.87	192.168.2.23
Apr 24, 2024 13:04:55.184479952 CEST	39555	53	192.168.2.23	94.16.114.254
Apr 24, 2024 13:05:00.188278913 CEST	52557	53	192.168.2.23	94.16.114.254
Apr 24, 2024 13:05:05.193053007 CEST	59678	53	192.168.2.23	94.16.114.254
Apr 24, 2024 13:05:10.195008039 CEST	37377	53	192.168.2.23	94.16.114.254
Apr 24, 2024 13:05:15.195698977 CEST	35100	53	192.168.2.23	94.16.114.254
Apr 24, 2024 13:05:22.526535988 CEST	34970	53	192.168.2.23	51.158.108.203
Apr 24, 2024 13:05:22.817034960 CEST	53	34970	51.158.108.203	192.168.2.23
Apr 24, 2024 13:05:22.817594051 CEST	38630	53	192.168.2.23	51.158.108.203
Apr 24, 2024 13:05:23.107692957 CEST	53	38630	51.158.108.203	192.168.2.23
Apr 24, 2024 13:05:23.107820988 CEST	44925	53	192.168.2.23	51.158.108.203
Apr 24, 2024 13:05:23.398520947 CEST	53	44925	51.158.108.203	192.168.2.23
Apr 24, 2024 13:05:23.398869991 CEST	36347	53	192.168.2.23	51.158.108.203
Apr 24, 2024 13:05:23.689455986 CEST	53	36347	51.158.108.203	192.168.2.23
Apr 24, 2024 13:05:23.689923048 CEST	50228	53	192.168.2.23	51.158.108.203
Apr 24, 2024 13:05:23.980145931 CEST	53	50228	51.158.108.203	192.168.2.23
Apr 24, 2024 13:05:26.307521105 CEST	35070	53	192.168.2.23	8.8.4.4
Apr 24, 2024 13:05:26.481796026 CEST	53	35070	8.8.4.4	192.168.2.23
Apr 24, 2024 13:06:20.234215021 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234261990 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234319925 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234359026 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234381914 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234445095 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234474897 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234498978 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234541893 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234572887 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234597921 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234636068 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234698057 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234698057 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234869003 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234869003 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234869003 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234869003 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234869003 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234894037 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234914064 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234955072 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.234985113 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235038042 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235059977 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235094070 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235133886 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235188961 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235205889 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235239983 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235284090 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235316992 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235352039 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235387087 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235409021 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235457897 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235491037 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235532999 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235553980 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235588074 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235624075 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235660076 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235694885 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235745907 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235770941 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235797882 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235857964 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235877991 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235925913 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235937119 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.235972881 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236028910 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236058950 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236089945 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236119032 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236177921 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236188889 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236239910 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236260891 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236303091 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236320972 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236376047 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236406088 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236438036 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236499071 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236511946 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236540079 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236598015 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236620903 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236671925 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236712933 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236754894 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236783028 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236818075 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236845016 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236886024 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236932039 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.236955881 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237006903 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237045050 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237072945 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237145901 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237145901 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237206936 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237224102 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237266064 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237303019 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237345934 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237375021 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237410069 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237448931 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237487078 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237512112 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237561941 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237621069 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237662077 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237662077 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237723112 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237729073 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237782955 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237803936 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237834930 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237875938 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237919092 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.237955093 CEST	45430	443	192.168.2.23	91.176.203.42
Apr 24, 2024 13:06:20.238022089 CEST	45430	443	192.168.2.23	91.176.203.42

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 24, 2024 13:04:10.116883039 CEST	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable
Apr 24, 2024 13:05:30.138648987 CEST	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 13:04:01.925985098 CEST	192.168.2.23	1.0.0.1	0xf2f8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:02.379800081 CEST	192.168.2.23	1.0.0.1	0xf2f8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:02.535937071 CEST	192.168.2.23	1.0.0.1	0xf2f8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:02.690068007 CEST	192.168.2.23	1.0.0.1	0xf2f8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:02.844506025 CEST	192.168.2.23	1.0.0.1	0xf2f8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:05.325754881 CEST	192.168.2.23	51.77.149.139	0x5db8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:05.633094072 CEST	192.168.2.23	51.77.149.139	0x5db8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:05.940208912 CEST	192.168.2.23	51.77.149.139	0x5db8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:06.257019043 CEST	192.168.2.23	51.77.149.139	0x5db8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:06.564448118 CEST	192.168.2.23	51.77.149.139	0x5db8	Standard query (0)	siegheil.hiter.su	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:09.198232889 CEST	192.168.2.23	91.217.137.37	0xe3de	Standard query (0)	sex.secure-cyber-security	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:14.202605009 CEST	192.168.2.23	91.217.137.37	0xe3de	Standard query (0)	sex.secure-cyber-security	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:19.207019091 CEST	192.168.2.23	91.217.137.37	0xe3de	Standard query (0)	sex.secure-cyber-security	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:24.211463928 CEST	192.168.2.23	91.217.137.37	0xe3de	Standard query (0)	sex.secure-cyber-security	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:29.215786934 CEST	192.168.2.23	91.217.137.37	0xe3de	Standard query (0)	sex.secure-cyber-security	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:36.547053099 CEST	192.168.2.23	51.254.162.59	0xd2ac	Standard query (0)	security.rebirth-network.su.	256	324	false
Apr 24, 2024 13:04:36.855518103 CEST	192.168.2.23	51.254.162.59	0xd2ac	Standard query (0)	security.rebirth-network.su.	256	325	false
Apr 24, 2024 13:04:37.158309937 CEST	192.168.2.23	51.254.162.59	0xd2ac	Standard query (0)	security.rebirth-network.su.	256	325	false
Apr 24, 2024 13:04:37.463074923 CEST	192.168.2.23	51.254.162.59	0xd2ac	Standard query (0)	security.rebirth-network.su.	256	325	false
Apr 24, 2024 13:04:37.770298004 CEST	192.168.2.23	51.254.162.59	0xd2ac	Standard query (0)	security.rebirth-network.su.	256	326	false
Apr 24, 2024 13:04:40.401684046 CEST	192.168.2.23	81.169.136.222	0x1c0d	Standard query (0)	security.rebirth-network.su.	256	328	false
Apr 24, 2024 13:04:40.717420101 CEST	192.168.2.23	81.169.136.222	0x1c0d	Standard query (0)	security.rebirth-network.su.	256	329	false
Apr 24, 2024 13:04:41.037101984 CEST	192.168.2.23	81.169.136.222	0x1c0d	Standard query (0)	security.rebirth-network.su.	256	329	false
Apr 24, 2024 13:04:41.355973959 CEST	192.168.2.23	81.169.136.222	0x1c0d	Standard query (0)	security.rebirth-network.su.	256	329	false
Apr 24, 2024 13:04:41.680396080 CEST	192.168.2.23	81.169.136.222	0x1c0d	Standard query (0)	security.rebirth-network.su.	256	329	false
Apr 24, 2024 13:04:44.322554111 CEST	192.168.2.23	195.10.195.195	0x2fa9	Standard query (0)	siegheil.hiter.su.L(f{66PV,PV!EH(U25d/L(f?}NNPV!PV,E@:.@@	50072	13824	false
Apr 24, 2024 13:04:44.621886969 CEST	192.168.2.23	195.10.195.195	0x2fa9	Standard query (0)	siegheil.hiter.su.L(f66PV,PV!EH(U0256m"/L(fNNPV!PV,E@:.@@5,&/siegheilhitersunM(f_a66PV.PV!EH(U425>/	0	77	false
Apr 24, 2024 13:04:44.921829939 CEST	192.168.2.23	195.10.195.195	0x2fa9	Standard query (0)	siegheil.hiter.su.M(f_a66PV,PV!EH(U425>/M(f,cNNPV!PV,E@:.@@b5,/siegheilhitersunM(fU66PV,PV!EH(U;2	46275	2755	false
Apr 24, 2024 13:04:45.221996069 CEST	192.168.2.23	195.10.195.195	0x2fa9	Standard query (0)	siegheil.hiter.su.M(fU66PV,PV!EH(U;25b/M(fbNNPV!PV,E@:.@@5,w/siegheilhitersunM(f666PV,PV!EH(UZ2	13802	47104	false
Apr 24, 2024 13:04:45.521826029 CEST	192.168.2.23	195.10.195.195	0x2fa9	Standard query (0)	siegheil.hiter.su.M(f666PV,PV!EH(UZ25/M(fJJPV!PV,E<	16384	16390	false
Apr 24, 2024 13:04:48.148988008 CEST	192.168.2.23	8.8.4.4	0xe434	Standard query (0)	siegheil.hiter.su.P(f66PV,PV!EH(p54P(fSNNPV!PV,E@.@@.8.,.4siegheilhitersunP(fNz66	0	80	false
Apr 24, 2024 13:04:48.319571018 CEST	192.168.2.23	8.8.4.4	0xe434	Standard query (0)	siegheil.hiter.su.P(fNz66PV,PV!EH(q-58W4P(f}\|NNPV!PV,E@.@@5,<4siegheilhiter.unP(fN66PV,PV!EH(Q%q)5Ie4P(fMNNPV!PV,E@5@.5,4siegheilhitersunP(f6	0	13824	false
Apr 24, 2024 13:04:48.490621090 CEST	192.168.2.23	8.8.4.4	0xe434	Standard query (0)	siegheil.hiter.su.P(fN66PV,PV!EH(Q%q)5*Ie4P(fMNNPV!PV,E@.@@5,4siegheilhitersun	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:48.660813093 CEST	192.168.2.23	8.8.4.4	0xe434	Standard query (0)	siegheil.hiter.su.P(f66PV,PV!EH(t_5#4P(fNNPV!PV,E@.@@5,4siegheilhitersunQ(f*66PV,PV	8469	2048	false
Apr 24, 2024 13:04:48.831876993 CEST	192.168.2.23	8.8.4.4	0xe434	Standard query (0)	siegheil.hiter.su.Q(f*66PV,PV!EH(q[54Q(fmJJPV!PV,E<-.@@F	35342	45685	false
Apr 24, 2024 13:04:51.329833031 CEST	192.168.2.23	194.36.144.87	0x64a4	Standard query (0)	siegheil.hiter.su.S(fZNNPV,PV!EH@/$W5,dsiegheilhitersunS(fN	19968	0	false
Apr 24, 2024 13:04:51.634766102 CEST	192.168.2.23	194.36.144.87	0x64a4	Standard query (0)	siegheil.hiter.su.S(fTNNPV,PV!EH@/$W5,mdsiegheilhitersunS(fxWN	19968	0	false
Apr 24, 2024 13:04:51.939896107 CEST	192.168.2.23	194.36.144.87	0x64a4	Standard query (0)	siegheil.hiter.su.T(fNNPV,PV!EH@/p$W5,dsiegheilhitersunT(fUN	19968	0	false
Apr 24, 2024 13:04:52.245076895 CEST	192.168.2.23	194.36.144.87	0x64a4	Standard query (0)	siegheil.hiter.su.T(flNNPV,PV!EH@/N$W5P,f5dsiegheilhitersunT(foN	19968	0	false
Apr 24, 2024 13:04:52.552830935 CEST	192.168.2.23	194.36.144.87	0x64a4	Standard query (0)	siegheil.hiter.su.T(fNNPV,PV!EH@/'$W5,edsiegheilhitersunT(fJ	18944	0	false
Apr 24, 2024 13:04:55.184479952 CEST	192.168.2.23	94.16.114.254	0x3618	Standard query (0)	kz.adolfhitler.su.\(fwNNPV!PV,E@N@@X!^rM5,(6kzadolfhitlersun`(fB	16896	0	false
Apr 24, 2024 13:05:00.188278913 CEST	192.168.2.23	94.16.114.254	0x3618	Standard query (0)	kz.adolfhitler.su.`(fBBPV!PV,E4\@@[[*gBfP_tSfQa(fNNPV!.V,E@Q@@U^r5,nW6kzadolfhitlersunf(fN	78	0	false
Apr 24, 2024 13:05:05.193053007 CEST	192.168.2.23	94.16.114.254	0x3618	Standard query (0)	kz.adolfhitler.su.f(fNNPV!PV,E@S@@SH^r5,t6kzadolfhitlersunk(fsN	19968	0	false
Apr 24, 2024 13:05:10.195008039 CEST	192.168.2.23	94.16.114.254	0x3618	Standard query (0)	kz.adolfhitler.su.k(fsNNPV!PV,E@Tn@@Rq^r5,Y6kzadolfhitlersunp(f{J	18944	0	false
Apr 24, 2024 13:05:15.195698977 CEST	192.168.2.23	94.16.114.254	0x3618	Standard query (0)	kz.adolfhitler.su.p(f{JJPV!PV,E<.@@)yFNI`H#p(fm66	80	22168	false
Apr 24, 2024 13:05:22.526535988 CEST	192.168.2.23	51.158.108.203	0x7698	Standard query (0)	sex.secure-cyber-security.r(fwVVPV,PV!E(H/\|3l54vsexsecure-cyber-securitysr(fy.VPV!PV,EH)@@R3l54fzvsexsecure-cyber-securit.ss(fVVPV,PV!E(H/\|3l54xvsexsecure-cyber-securityss(f-VV	0	80	false
Apr 24, 2024 13:05:22.817594051 CEST	192.168.2.23	51.158.108.203	0x7698	Standard query (0)	sex.secure-cyber-security.s(fVVPV,PV!E(H/\|3l54xvsexsecure-cyber-securityss(f-.VPV!PV,EHf@@3l}54Mvsexsecure-cyber-securit.ss(fVVPV,PV!E(H/\|3l5}4vsexsecure-cyber-securityss(fVV	0	80	false
Apr 24, 2024 13:05:23.107820988 CEST	192.168.2.23	51.158.108.203	0x7698	Standard query (0)	sex.secure-cyber-security.s(fVVPV,PV!E(H/\|3l5}4vsexsecure-cyber-securityss(f.VPV!PV,EH@@3l54oevsexsecure-cyber-securit.ss(f0VVPV,PV!E(H/\|w3l54cvsexsecure-cyber-securityss(fVV	0	80	false
Apr 24, 2024 13:05:23.398869991 CEST	192.168.2.23	51.158.108.203	0x7698	Standard query (0)	sex.secure-cyber-security.s(f0VVPV,PV!E(H/\|w3l54cvsexsecure-cyber-securityss(f.VPV!PV,EH@@3l4549,vsexsecure-cyber-securit.ss(fVVPV,PV!E(H%/\|/3l544*vsexsecure-cyber-securityss(fJJ	0	80	false
Apr 24, 2024 13:05:23.689923048 CEST	192.168.2.23	51.158.108.203	0x7698	Standard query (0)	sex.secure-cyber-security.s(fVVPV,PV!E(H%/\|/3l544*vsexsecure-cyber-securityss(f.JPV!PV,E<@@MFo[TQ#	0	259	false
Apr 24, 2024 13:05:26.307521105 CEST	192.168.2.23	8.8.4.4	0x311	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 13:04:02.376801014 CEST	1.0.0.1	192.168.2.23	0xf2f8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:02.535801888 CEST	1.0.0.1	192.168.2.23	0xf2f8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:02.689920902 CEST	1.0.0.1	192.168.2.23	0xf2f8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:02.844348907 CEST	1.0.0.1	192.168.2.23	0xf2f8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:02.998588085 CEST	1.0.0.1	192.168.2.23	0xf2f8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:05.632936954 CEST	51.77.149.139	192.168.2.23	0x5db8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:05.940053940 CEST	51.77.149.139	192.168.2.23	0x5db8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:06.256848097 CEST	51.77.149.139	192.168.2.23	0x5db8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:06.564244986 CEST	51.77.149.139	192.168.2.23	0x5db8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:06.871504068 CEST	51.77.149.139	192.168.2.23	0x5db8	Name error (3)	siegheil.hiter.su	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 13:04:51.634458065 CEST	194.36.144.87	192.168.2.23	0x64a4	Format error (1)	siegheil.hiter.su.S(fNNPV!PV,E@1@@$W5,dsiegheilhitersunS(fTN	none	none	19968	0	false
Apr 24, 2024 13:04:51.939162970 CEST	194.36.144.87	192.168.2.23	0x64a4	Format error (1)	siegheil.hiter.su.S(fxWNNPV!PV,E@1@@$W5,dsiegheilhitersunT(fN	none	none	19968	0	false
Apr 24, 2024 13:04:52.244389057 CEST	194.36.144.87	192.168.2.23	0x64a4	Format error (1)	siegheil.hiter.su.T(fUNNPV!PV,E@1@@$WP5,6dsiegheilhitersunT(flN	none	none	19968	0	false
Apr 24, 2024 13:04:52.552136898 CEST	194.36.144.87	192.168.2.23	0x64a4	Format error (1)	siegheil.hiter.su.T(foNNPV!PV,E@1@@$W5,dsiegheilhitersunT(fN	none	none	19968	0	false
Apr 24, 2024 13:04:52.857281923 CEST	194.36.144.87	192.168.2.23	0x64a4	Format error (1)	siegheil.hiter.su.T(fJJPV!PV,E<S!@@FvL`#U(f\|66	none	none	80	22168	false
Apr 24, 2024 13:05:22.817034960 CEST	51.158.108.203	192.168.2.23	0x7698	Format error (1)	sex.secure-cyber-security.r(fyVVPV!PV,EH)@@R3l54fzvsexsecure-cyber-securityss(f.VPV,PV!E(H/\|3l54xvsexsecure-cyber-securit.ss(f-VVPV!PV,EHf@@3l}54Mvsexsecure-cyber-securityss(fVV	none	none	0	80	false
Apr 24, 2024 13:05:23.107692957 CEST	51.158.108.203	192.168.2.23	0x7698	Format error (1)	sex.secure-cyber-security.s(f-VVPV!PV,EHf@@3l}54Mvsexsecure-cyber-securityss(f.VPV,PV!E(H/\|3l5}4vsexsecure-cyber-securit.ss(fVVPV!PV,EH@@3l54oevsexsecure-cyber-securityss(f0VV	none	none	0	80	false
Apr 24, 2024 13:05:23.398520947 CEST	51.158.108.203	192.168.2.23	0x7698	Format error (1)	sex.secure-cyber-security.s(fVVPV!PV,EH@@3l54oevsexsecure-cyber-securityss(f0.VPV,PV!E(H/\|w3l54cvsexsecure-cyber-securit.ss(fVVPV!PV,EH@@3l4549,vsexsecure-cyber-securityss(fVV	none	none	0	80	false
Apr 24, 2024 13:05:23.689455986 CEST	51.158.108.203	192.168.2.23	0x7698	Format error (1)	sex.secure-cyber-security.s(fVVPV!PV,EH@@3l4549,vsexsecure-cyber-securityss(f.VPV,PV!E(H%/\|/3l544*vsexsecure-cyber-securit.ss(fJJPV!PV,E<@@MFo[TQ#t(f66PV,PV	none	none	8469	2048	false
Apr 24, 2024 13:05:23.980145931 CEST	51.158.108.203	192.168.2.23	0x7698	Format error (1)	sex.secure-cyber-security.s(fJJPV!PV,E<@@MFo[TQ#t(f66PV	none	none	11264	20566	false
Apr 24, 2024 13:05:26.481796026 CEST	8.8.4.4	192.168.2.23	0x311	No error (0)	security.rebirth-network.su		212.70.149.10	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: 65kw6IfQdO.elf PID: 6242, Parent PID: 6166

General

Start time (UTC):	11:04:00
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	/tmp/65kw6IfQdO.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6244, Parent PID: 6242

General

Start time (UTC):	11:04:00
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6246, Parent PID: 6244

General

Start time (UTC):	11:04:00
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6247, Parent PID: 6244

General

Start time (UTC):	11:04:00
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6249, Parent PID: 6244

General

Start time (UTC):	11:04:00
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6251, Parent PID: 6244

General

Start time (UTC):	11:04:00
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6336, Parent PID: 6244

General

Start time (UTC):	11:06:18
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6338, Parent PID: 6336

General

Start time (UTC):	11:06:18
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: 65kw6IfQdO.elf PID: 6340, Parent PID: 6244

General

Start time (UTC):	11:06:19
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6342, Parent PID: 6340

General

Start time (UTC):	11:06:19
Start date (UTC):	24/04/2024
Path:	/tmp/65kw6IfQdO.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: systemd PID: 6254, Parent PID: 1

General

Start time (UTC):	11:04:00
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: journalctl PID: 6254, Parent PID: 1

General

Start time (UTC):	11:04:00
Start date (UTC):	24/04/2024
Path:	/usr/bin/journalctl
Arguments:	/usr/bin/journalctl --smart-relinquish-var
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: systemd PID: 6276, Parent PID: 1

General

Start time (UTC):	11:04:01
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6276, Parent PID: 1

General

Start time (UTC):	11:04:01
Start date (UTC):	24/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6289, Parent PID: 1

General

Start time (UTC):	11:04:01
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6289, Parent PID: 1

General

Start time (UTC):	11:04:01
Start date (UTC):	24/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 6290, Parent PID: 1860

General

Start time (UTC):	11:04:01
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: pulseaudio PID: 6290, Parent PID: 1860

General

Start time (UTC):	11:04:01
Start date (UTC):	24/04/2024
Path:	/usr/bin/pulseaudio
Arguments:	/usr/bin/pulseaudio --daemonize=no --log-target=journal
File size:	100832 bytes
MD5 hash:	0c3b4c789d8ffb12b25507f27e14c186

Chronological Activities

Analysis Process: gvfsd-fuse PID: 6291, Parent PID: 2038

General

Start time (UTC):	11:04:01
Start date (UTC):	24/04/2024
Path:	/usr/libexec/gvfsd-fuse
Arguments:	-
File size:	47632 bytes
MD5 hash:	d18fbf1cbf8eb57b17fac48b7b4be933

Chronological Activities

Analysis Process: fusermount PID: 6291, Parent PID: 2038

General

Start time (UTC):	11:04:01
Start date (UTC):	24/04/2024
Path:	/bin/fusermount
Arguments:	fusermount -u -q -z -- /run/user/1000/gvfs
File size:	39144 bytes
MD5 hash:	576a1b135c82bdcbc97a91acea900566

Chronological Activities

Analysis Process: systemd PID: 6294, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6294, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: systemd PID: 6296, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6296, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6297, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6297, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: systemd PID: 6298, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6298, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 6300, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6300, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6301, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6301, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: systemd PID: 6302, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6302, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6303, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6303, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 6305, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6305, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: systemd PID: 6306, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6306, Parent PID: 1

General

Start time (UTC):	11:04:02
Start date (UTC):	24/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6309, Parent PID: 1

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6309, Parent PID: 1

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 6311, Parent PID: 1

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6311, Parent PID: 1

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: gdm3 PID: 6312, Parent PID: 1320

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 6312, Parent PID: 1320

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm3 PID: 6313, Parent PID: 1320

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 6313, Parent PID: 1320

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 6314, Parent PID: 1

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6314, Parent PID: 1

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: gdm3 PID: 6316, Parent PID: 1320

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 6316, Parent PID: 1320

General

Start time (UTC):	11:04:03
Start date (UTC):	24/04/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 6317, Parent PID: 1

General

Start time (UTC):	11:04:04
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gpu-manager PID: 6317, Parent PID: 1

General

Start time (UTC):	11:04:04
Start date (UTC):	24/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: systemd PID: 6318, Parent PID: 1

General

Start time (UTC):	11:04:04
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: generate-config PID: 6318, Parent PID: 1

General

Start time (UTC):	11:04:04
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: generate-config PID: 6319, Parent PID: 6318

General

Start time (UTC):	11:04:04
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 6319, Parent PID: 6318

General

Start time (UTC):	11:04:04
Start date (UTC):	24/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: systemd PID: 6320, Parent PID: 1

General

Start time (UTC):	11:04:05
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gpu-manager PID: 6320, Parent PID: 1

General

Start time (UTC):	11:04:05
Start date (UTC):	24/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: systemd PID: 6321, Parent PID: 1

General

Start time (UTC):	11:04:05
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: generate-config PID: 6321, Parent PID: 1

General

Start time (UTC):	11:04:05
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: generate-config PID: 6322, Parent PID: 6321

General

Start time (UTC):	11:04:05
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 6322, Parent PID: 6321

General

Start time (UTC):	11:04:05
Start date (UTC):	24/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: systemd PID: 6323, Parent PID: 1

General

Start time (UTC):	11:04:06
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gpu-manager PID: 6323, Parent PID: 1

General

Start time (UTC):	11:04:06
Start date (UTC):	24/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: systemd PID: 6324, Parent PID: 1

General

Start time (UTC):	11:04:06
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: generate-config PID: 6324, Parent PID: 1

General

Start time (UTC):	11:04:06
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: generate-config PID: 6325, Parent PID: 6324

General

Start time (UTC):	11:04:06
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 6325, Parent PID: 6324

General

Start time (UTC):	11:04:06
Start date (UTC):	24/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: systemd PID: 6328, Parent PID: 1

General

Start time (UTC):	11:04:08
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gpu-manager PID: 6328, Parent PID: 1

General

Start time (UTC):	11:04:08
Start date (UTC):	24/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: systemd PID: 6329, Parent PID: 1

General

Start time (UTC):	11:04:08
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: generate-config PID: 6329, Parent PID: 1

General

Start time (UTC):	11:04:08
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: generate-config PID: 6330, Parent PID: 6329

General

Start time (UTC):	11:04:08
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 6330, Parent PID: 6329

General

Start time (UTC):	11:04:08
Start date (UTC):	24/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: systemd PID: 6331, Parent PID: 1

General

Start time (UTC):	11:04:09
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gpu-manager PID: 6331, Parent PID: 1

General

Start time (UTC):	11:04:09
Start date (UTC):	24/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: systemd PID: 6332, Parent PID: 1

General

Start time (UTC):	11:04:09
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: generate-config PID: 6332, Parent PID: 1

General

Start time (UTC):	11:04:09
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: generate-config PID: 6333, Parent PID: 6332

General

Start time (UTC):	11:04:09
Start date (UTC):	24/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 6333, Parent PID: 6332

General

Start time (UTC):	11:04:09
Start date (UTC):	24/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: systemd PID: 6334, Parent PID: 1

General

Start time (UTC):	11:04:10
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: plymouth PID: 6334, Parent PID: 1

General

Start time (UTC):	11:04:10
Start date (UTC):	24/04/2024
Path:	/bin/plymouth
Arguments:	/bin/plymouth quit
File size:	51352 bytes
MD5 hash:	87003efd8dad470042f5e75360a8f49f

Chronological Activities

Analysis Process: systemd PID: 6335, Parent PID: 1860

General

Start time (UTC):	11:05:31
Start date (UTC):	24/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6335, Parent PID: 1860

General

Start time (UTC):	11:05:31
Start date (UTC):	24/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Source: 65kw6IfQdO.elf	ReversingLabs: Detection: 31%
Source: 65kw6IfQdO.elf	Virustotal: Detection: 12%			Perma Link

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report 65kw6IfQdO.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: 65kw6IfQdO.elf PID: 6242, Parent PID: 6166

General

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6244, Parent PID: 6242

General

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6246, Parent PID: 6244

General

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6247, Parent PID: 6244

General

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6249, Parent PID: 6244

General

Chronological Activities

Analysis Process: 65kw6IfQdO.elf PID: 6251, Parent PID: 6244

General

Chronological Activities

Linux Analysis Report
65kw6IfQdO.elf