Edit tour

Linux Analysis Report
gnjqwpc.elf

Overview

General Information

Sample name:	gnjqwpc.elf
Analysis ID:	1580750
MD5:	ebe5b676448650e0e05830d00aad8a5e
SHA1:	0db7aa000940e460ae1a9dabafa530465366f545
SHA256:	eed983483365e0c7a256d132d4753dd4db86a8a7324884481423f8a1d8d4dab2
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Sample deletes itself

Detected TCP or UDP traffic on non-standard ports

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580750
Start date and time:	2024-12-26 02:32:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	gnjqwpc.elf
Detection:	MAL
Classification:	mal76.troj.evad.linELF@0/1@88/0

Runtime Messages

Command:	/tmp/gnjqwpc.elf
PID:	6237
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	about to cum inside a femboy btw
Standard Error:

Process Tree

system is lnxubuntu20

gnjqwpc.elf (PID: 6237, Parent: 6157, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/gnjqwpc.elf

gnjqwpc.elf New Fork (PID: 6239, Parent: 6237)

gnjqwpc.elf New Fork (PID: 6241, Parent: 6239)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
gnjqwpc.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
gnjqwpc.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1c248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c388:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c39c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c3b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c3c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c3d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
6237.1.00007fed3c001000.00007fed3c021000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6237.1.00007fed3c001000.00007fed3c021000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1c248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c388:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c39c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c3b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c3c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c3d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: gnjqwpc.elf PID: 6237	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: gnjqwpc.elf PID: 6237	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x8e8f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ea3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8eb7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ecb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8edf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ef3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f07:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f1b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f2f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f43:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f57:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f6b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f7f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f93:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8fa7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8fbb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8fcf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8fe3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ff7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x900b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x901f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: gnjqwpc.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: gnjqwpc.elf	Virustotal: Detection: 36%			Perma Link
Source: gnjqwpc.elf	ReversingLabs: Detection: 34%

Source: global traffic

TCP traffic: 192.168.2.23:38188 -> 178.215.238.25:33966

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Source: global traffic

DNS traffic detected: DNS query: raw.cardiacpure.ru

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: gnjqwpc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6237.1.00007fed3c001000.00007fed3c021000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: gnjqwpc.elf PID: 6237, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: /bin/busybox/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-serverusr/shellmnt/sys/bin/boot/media/srv/var/run/sbin/lib/etc/dev/telnetsshwatchdogsshd/usr/compress/bin//compress/bin/compress/usr/bashmain_x86main_x86_64main_mipsmain_mipselmain_armmain_arm5main_arm6main_arm7main_ppcmain_m68kmain_sh4main_spchttpdtelnetddropbearropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt//tmp/var/mnt/boot/home/dev/..//root(deleted)raw.cardiacpure.ruabcdefghijklmnopqrstuvwxyz/proc/%d/cmdline/proc/%d/proc/self/proc/self/exe

Source: ELF static info symbol of initial sample

.symtab present: no

Source: gnjqwpc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6237.1.00007fed3c001000.00007fed3c021000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: gnjqwpc.elf PID: 6237, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal76.troj.evad.linELF@0/1@88/0

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/gnjqwpc.elf (PID: 6239)

File: /tmp/gnjqwpc.elf

Jump to behavior

Source: /tmp/gnjqwpc.elf (PID: 6237)

Queries kernel information via 'uname':

Jump to behavior

Source: gnjqwpc.elf, 6237.1.000055cebfc92000.000055cebfd42000.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: gnjqwpc.elf, 6237.1.000055cebfc92000.000055cebfd42000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: gnjqwpc.elf, 6237.1.00007ffc5803e000.00007ffc5805f000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc
Source: gnjqwpc.elf, 6237.1.00007ffc5803e000.00007ffc5805f000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.FXxhtM
Source: gnjqwpc.elf, 6237.1.00007ffc5803e000.00007ffc5805f000.rw-.sdmp	Binary or memory string: %s/qemu-op
Source: gnjqwpc.elf, 6237.1.00007ffc5803e000.00007ffc5805f000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/gnjqwpc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/gnjqwpc.elf
Source: gnjqwpc.elf, 6237.1.00007ffc5803e000.00007ffc5805f000.rw-.sdmp	Binary or memory string: U/tmp/qemu-open.FXxhtM\
Source: gnjqwpc.elf, 6237.1.00007ffc5803e000.00007ffc5805f000.rw-.sdmp	Binary or memory string: MPDIR%s/qemu-op

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: gnjqwpc.elf, type: SAMPLE
Source: Yara match	File source: 6237.1.00007fed3c001000.00007fed3c021000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: gnjqwpc.elf PID: 6237, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: gnjqwpc.elf, type: SAMPLE
Source: Yara match	File source: 6237.1.00007fed3c001000.00007fed3c021000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: gnjqwpc.elf PID: 6237, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
gnjqwpc.elf	37%	Virustotal		Browse
gnjqwpc.elf	34%	ReversingLabs	Linux.Backdoor.Mirai
gnjqwpc.elf	100%	Avira	EXP/ELF.Mirai.Z.A

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
raw.cardiacpure.ru	178.215.238.25	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
178.215.238.25	raw.cardiacpure.ru	Germany	10753	LVLT-10753US	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
178.215.238.25	ngwa5.elf	Get hash	malicious	Mirai	Browse
	kqibeps.elf	Get hash	malicious	Mirai	Browse
	fnkea7.elf	Get hash	malicious	Mirai	Browse
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse
	wiewa64.elf	Get hash	malicious	Mirai	Browse
	wkb86.elf	Get hash	malicious	Mirai	Browse
	njvwa4.elf	Get hash	malicious	Mirai	Browse
	wlw68k.elf	Get hash	malicious	Mirai	Browse
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse
	Aqua.i686.elf	Get hash	malicious	Mirai	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	bin.sh.elf	Get hash	malicious	Unknown	Browse
	main_x86_64.elf	Get hash	malicious	Mirai	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse
	Aqua.i686.elf	Get hash	malicious	Unknown	Browse
91.189.91.42	bin.sh.elf	Get hash	malicious	Unknown	Browse
	main_arm7.elf	Get hash	malicious	Mirai	Browse
	main_x86_64.elf	Get hash	malicious	Mirai	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
raw.cardiacpure.ru	kqibeps.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse	178.215.238.25
	wiewa64.elf	Get hash	malicious	Mirai	Browse	178.215.238.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	bin.sh.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	main_arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_mips.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	main_x86.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
CANONICAL-ASGB	bin.sh.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	main_arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_mips.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	main_x86.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
LVLT-10753US	armv6l.elf	Get hash	malicious	Mirai	Browse	217.22.7.57
	m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	94.154.174.150
	nshmpsl.elf	Get hash	malicious	Mirai	Browse	45.129.149.6
	sh4.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	147.207.230.32
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	178.215.238.74
	boatnet.i686.elf	Get hash	malicious	Mirai	Browse	178.215.238.74
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	178.215.238.74
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	178.215.238.74
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	178.215.238.74
	boatnet.x86_64.elf	Get hash	malicious	Mirai	Browse	178.215.238.74
INIT7CH	bin.sh.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	main_arm7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/tmp/qemu-open.FXxhtM (deleted)

Download File

Process:	/tmp/gnjqwpc.elf
File Type:	data
Category:	dropped
Size (bytes):	27
Entropy (8bit):	4.060262039120377
Encrypted:	false
SSDEEP:	3:TgIPhGxHJN:TgIaJN
MD5:	3CE6233A37CCF121B6A88BAD88E621BD
SHA1:	FE7EE8DFE57D8373882D61547998F23FCDCF0FFC
SHA-256:	E973BB6847117AA9ECB410974531A12FC2E2964299896EE25C25591A57204D2B
SHA-512:	5BB96EA9706354E8E1A8DA1E286C3B52BB1FF9A5DFA04CCD87CD6328804DDD853F84DC21C455739C3AE11F7A649635EC0D84AF0C6D938EE31C9FC0866BC42726
Malicious:	false
Reputation:	low
Preview:	/tmp/gnjqwpc.elf.nwlrbbmqbh

Static File Info

General

File type:	ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.6232134320552065
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	gnjqwpc.elf
File size:	150'480 bytes
MD5:	ebe5b676448650e0e05830d00aad8a5e
SHA1:	0db7aa000940e460ae1a9dabafa530465366f545
SHA256:	eed983483365e0c7a256d132d4753dd4db86a8a7324884481423f8a1d8d4dab2
SHA512:	d0115c09e7ee42b28b8433aa837efe19786ef29a697281725598a50976546d91a726a2cf01177eccb9673ebfecf7cd796a8dcd046c523fe91dc79826abf00c76
SSDEEP:	1536:+3LYSKyFkQGjIGNeoxYh+IDPeqkYYUmm35MxD//RvAl7sw0UTxSpBqdAjKj6zHTY:+Kydoxnmmq2mqxDuloySrTF2
TLSH:	B3E32A02731C0A47D1532EB43E3F67E093AFAAC125E4F644255FAB4A92B1E335586ECD
File Content Preview:	.ELF...........................4..I......4. ...(......................................................I....`........dt.Q.............................!..\|......$H...H..9...$8!. \|...N.. .!..\|.......?.........J...../...@..\?......$.+../...A..$8...}).....$N..

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	PowerPC
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x100001f0
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	150000
Section Header Size:	40
Number of Section Headers:	12
Header String Table Index:	11

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10000094	0x94	0x24	0x0	0x6	AX	4
.text	PROGBITS	0x100000b8	0xb8	0x1c090	0x0	0x6	AX	4
.fini	PROGBITS	0x1001c148	0x1c148	0x20	0x0	0x6	AX	4
.rodata	PROGBITS	0x1001c168	0x1c168	0x3024	0x0	0x2	A	8
.ctors	PROGBITS	0x10020000	0x20000	0xc	0x0	0x3	WA	4
.dtors	PROGBITS	0x1002000c	0x2000c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x10020020	0x20020	0x4900	0x0	0x3	WA	32
.sdata	PROGBITS	0x10024920	0x24920	0x84	0x0	0x3	WA	4
.sbss	NOBITS	0x100249a4	0x249a4	0xf0	0x0	0x3	WA	4
.bss	NOBITS	0x10024a98	0x249a4	0x44c8	0x0	0x3	WA	8
.shstrtab	STRTAB	0x0	0x249a4	0x4b	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000000	0x10000000	0x1f18c	0x1f18c	6.2378	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x20000	0x10020000	0x10020000	0x49a4	0x8f60	0.5120	0x6	RW	0x10000	.ctors .dtors .data .sdata .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 02:32:54.160527945 CET	43928	443	192.168.2.23	91.189.91.42
Dec 26, 2024 02:32:55.454545975 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:55.574310064 CET	33966	38188	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:55.574459076 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:55.575751066 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:55.695390940 CET	33966	38188	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:55.695481062 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:55.815063000 CET	33966	38188	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:56.839513063 CET	33966	38188	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:56.839778900 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:56.840022087 CET	38188	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:57.111718893 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:57.231297970 CET	33966	38190	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:57.231389046 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:57.232331991 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:57.351814032 CET	33966	38190	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:57.351998091 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:57.471545935 CET	33966	38190	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:58.497705936 CET	33966	38190	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:58.497930050 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:58.497930050 CET	38190	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:58.877341032 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:58.997971058 CET	33966	38192	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:58.998151064 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:58.999151945 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:59.118711948 CET	33966	38192	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:59.118765116 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:32:59.238322973 CET	33966	38192	178.215.238.25	192.168.2.23
Dec 26, 2024 02:32:59.791476011 CET	42836	443	192.168.2.23	91.189.91.43
Dec 26, 2024 02:33:00.268018961 CET	33966	38192	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:00.268110037 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:00.268194914 CET	38192	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:00.643862009 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:00.763533115 CET	33966	38194	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:00.763747931 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:00.764925957 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:00.884458065 CET	33966	38194	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:00.884582043 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:01.004240990 CET	33966	38194	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:01.071338892 CET	42516	80	192.168.2.23	109.202.202.202
Dec 26, 2024 02:33:02.030061007 CET	33966	38194	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:02.030148983 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:02.030261993 CET	38194	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:02.406224966 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:02.525851011 CET	33966	38196	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:02.525939941 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:02.526828051 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:02.646352053 CET	33966	38196	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:02.646521091 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:02.766063929 CET	33966	38196	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:03.791251898 CET	33966	38196	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:03.791440010 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:03.791440010 CET	38196	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:04.166294098 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:04.285841942 CET	33966	38198	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:04.286025047 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:04.286680937 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:04.406164885 CET	33966	38198	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:04.406337976 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:04.525906086 CET	33966	38198	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:05.551350117 CET	33966	38198	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:05.551485062 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:05.551517963 CET	38198	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:05.822591066 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:05.942173958 CET	33966	38200	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:05.942245007 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:05.943021059 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:06.062661886 CET	33966	38200	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:06.062712908 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:06.182406902 CET	33966	38200	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:07.208117008 CET	33966	38200	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:07.208282948 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:07.208282948 CET	38200	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:07.582638025 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:07.702143908 CET	33966	38202	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:07.702241898 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:07.703003883 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:07.822510958 CET	33966	38202	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:07.822614908 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:07.942250967 CET	33966	38202	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:08.968241930 CET	33966	38202	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:08.968364954 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:08.968492985 CET	38202	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:09.720227957 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:09.839838028 CET	33966	38204	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:09.839920044 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:09.840655088 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:09.960081100 CET	33966	38204	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:09.960201025 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:10.079725981 CET	33966	38204	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:11.106828928 CET	33966	38204	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:11.106933117 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:11.107048035 CET	38204	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:11.377269030 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:11.496747971 CET	33966	38206	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:11.496844053 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:11.497575045 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:11.617129087 CET	33966	38206	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:11.617351055 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:11.736913919 CET	33966	38206	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:12.762589931 CET	33966	38206	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:12.762849092 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:12.762867928 CET	38206	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:13.022066116 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:13.141793966 CET	33966	38208	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:13.141940117 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:13.143059015 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:13.262665987 CET	33966	38208	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:13.262952089 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:13.382597923 CET	33966	38208	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:14.407710075 CET	33966	38208	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:14.407932997 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:14.408052921 CET	38208	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:14.666750908 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:14.786397934 CET	33966	38210	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:14.786513090 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:14.787424088 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:14.893414974 CET	43928	443	192.168.2.23	91.189.91.42
Dec 26, 2024 02:33:14.906881094 CET	33966	38210	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:14.906991959 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:15.026515007 CET	33966	38210	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:16.052645922 CET	33966	38210	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:16.052829027 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:16.052901983 CET	38210	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:16.323348045 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:16.442976952 CET	33966	38212	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:16.443064928 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:16.444019079 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:16.563626051 CET	33966	38212	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:16.563800097 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:16.683377028 CET	33966	38212	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:17.708142042 CET	33966	38212	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:17.708363056 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:17.708409071 CET	38212	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:17.978375912 CET	38214	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:18.098248005 CET	33966	38214	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:18.098337889 CET	38214	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:18.099162102 CET	38214	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:18.218672037 CET	33966	38214	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:18.218866110 CET	38214	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:33:18.338480949 CET	33966	38214	178.215.238.25	192.168.2.23
Dec 26, 2024 02:33:27.179785013 CET	42836	443	192.168.2.23	91.189.91.43
Dec 26, 2024 02:33:31.275211096 CET	42516	80	192.168.2.23	109.202.202.202
Dec 26, 2024 02:33:55.847836971 CET	43928	443	192.168.2.23	91.189.91.42
Dec 26, 2024 02:34:10.881551981 CET	33966	38214	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:10.881772995 CET	38214	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:10.881867886 CET	38214	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:11.001370907 CET	33966	38214	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:12.154630899 CET	38216	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:12.279553890 CET	33966	38216	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:12.279700041 CET	38216	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:12.281055927 CET	38216	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:12.400593042 CET	33966	38216	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:12.400746107 CET	38216	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:12.520350933 CET	33966	38216	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:13.545260906 CET	33966	38216	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:13.545459986 CET	38216	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:13.545559883 CET	38216	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:13.817079067 CET	38218	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:13.936779022 CET	33966	38218	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:13.936974049 CET	38218	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:13.938196898 CET	38218	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:14.057697058 CET	33966	38218	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:14.057800055 CET	38218	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:14.177522898 CET	33966	38218	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:15.201788902 CET	33966	38218	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:15.201901913 CET	38218	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:15.202001095 CET	38218	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:15.473504066 CET	38220	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:15.593029022 CET	33966	38220	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:15.593182087 CET	38220	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:15.594573021 CET	38220	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:15.715471983 CET	33966	38220	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:15.715717077 CET	38220	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:15.835300922 CET	33966	38220	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:16.860145092 CET	33966	38220	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:16.860404015 CET	38220	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:16.860486984 CET	38220	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:17.133999109 CET	38222	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:17.253521919 CET	33966	38222	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:17.253812075 CET	38222	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:17.255079985 CET	38222	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:17.374531031 CET	33966	38222	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:17.374619961 CET	38222	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:17.494182110 CET	33966	38222	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:18.522465944 CET	33966	38222	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:18.522763014 CET	38222	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:18.522763014 CET	38222	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:18.793869019 CET	38224	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:18.913417101 CET	33966	38224	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:18.913489103 CET	38224	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:18.914598942 CET	38224	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:19.034110069 CET	33966	38224	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:19.034353971 CET	38224	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:19.153883934 CET	33966	38224	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:20.178056955 CET	33966	38224	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:20.178303957 CET	38224	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:20.178391933 CET	38224	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:20.439604998 CET	38226	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:20.559370995 CET	33966	38226	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:20.559539080 CET	38226	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:20.560702085 CET	38226	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:20.680376053 CET	33966	38226	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:20.680598974 CET	38226	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:20.800431967 CET	33966	38226	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:21.825351000 CET	33966	38226	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:21.825634003 CET	38226	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:21.825712919 CET	38226	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:22.098139048 CET	38228	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:22.217780113 CET	33966	38228	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:22.217961073 CET	38228	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:22.219347954 CET	38228	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:22.338922977 CET	33966	38228	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:22.339133024 CET	38228	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:22.458731890 CET	33966	38228	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:23.482505083 CET	33966	38228	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:23.482850075 CET	38228	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:23.482948065 CET	38228	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:23.742423058 CET	38230	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:23.862111092 CET	33966	38230	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:23.862185001 CET	38230	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:23.862729073 CET	38230	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:23.982218981 CET	33966	38230	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:23.982285023 CET	38230	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:24.101982117 CET	33966	38230	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:25.127542019 CET	33966	38230	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:25.127674103 CET	38230	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:25.127756119 CET	38230	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:25.398469925 CET	38232	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:25.518026114 CET	33966	38232	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:25.518249035 CET	38232	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:25.519294977 CET	38232	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:25.639959097 CET	33966	38232	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:25.640064001 CET	38232	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:25.759571075 CET	33966	38232	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:26.797791958 CET	33966	38232	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:26.797902107 CET	38232	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:26.798001051 CET	38232	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:27.068243980 CET	38234	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:27.188148022 CET	33966	38234	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:27.188383102 CET	38234	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:27.189368010 CET	38234	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:27.308892012 CET	33966	38234	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:27.309096098 CET	38234	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:27.428769112 CET	33966	38234	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:28.454565048 CET	33966	38234	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:28.454799891 CET	38234	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:28.454933882 CET	38234	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:28.725357056 CET	38236	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:28.844938040 CET	33966	38236	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:28.845105886 CET	38236	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:28.846151114 CET	38236	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:28.965707064 CET	33966	38236	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:28.965950012 CET	38236	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:29.085515022 CET	33966	38236	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:30.115447998 CET	33966	38236	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:30.115551949 CET	38236	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:30.115601063 CET	38236	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:30.374068022 CET	38238	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:30.494858027 CET	33966	38238	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:30.495078087 CET	38238	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:30.495898962 CET	38238	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:30.615453005 CET	33966	38238	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:30.615581989 CET	38238	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:30.735181093 CET	33966	38238	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:31.760565042 CET	33966	38238	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:31.760834932 CET	38238	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:31.760834932 CET	38238	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:32.020884991 CET	38240	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:32.140681982 CET	33966	38240	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:32.140933990 CET	38240	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:32.142118931 CET	38240	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:32.261629105 CET	33966	38240	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:32.261806011 CET	38240	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:32.381407976 CET	33966	38240	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:33.406805038 CET	33966	38240	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:33.407083035 CET	38240	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:33.407114983 CET	38240	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:33.678024054 CET	38242	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:33.797647953 CET	33966	38242	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:33.797890902 CET	38242	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:33.799088001 CET	38242	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:33.918576956 CET	33966	38242	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:33.918792009 CET	38242	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:34.038358927 CET	33966	38242	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:35.062416077 CET	33966	38242	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:35.062499046 CET	38242	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:35.062556982 CET	38242	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:35.333630085 CET	38244	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:35.453253984 CET	33966	38244	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:35.453458071 CET	38244	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:35.454586029 CET	38244	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:35.575012922 CET	33966	38244	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:35.575289965 CET	38244	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:35.695719957 CET	33966	38244	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:36.719279051 CET	33966	38244	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:36.719563007 CET	38244	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:36.719664097 CET	38244	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:36.991334915 CET	38246	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:37.111145973 CET	33966	38246	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:37.111275911 CET	38246	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:37.112365961 CET	38246	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:37.231878996 CET	33966	38246	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:37.232115984 CET	38246	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:37.351736069 CET	33966	38246	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:38.387624979 CET	33966	38246	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:38.387744904 CET	38246	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:38.387795925 CET	38246	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:38.658838034 CET	38248	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:38.778466940 CET	33966	38248	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:38.778922081 CET	38248	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:38.780062914 CET	38248	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:38.899554014 CET	33966	38248	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:38.899764061 CET	38248	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:39.019418955 CET	33966	38248	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:40.046602964 CET	33966	38248	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:40.046947002 CET	38248	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:40.046947002 CET	38248	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:40.306915998 CET	38250	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:40.426573992 CET	33966	38250	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:40.426995039 CET	38250	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:40.427931070 CET	38250	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:40.547441959 CET	33966	38250	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:40.547527075 CET	38250	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:40.667100906 CET	33966	38250	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:41.692656040 CET	33966	38250	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:41.692895889 CET	38250	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:41.692895889 CET	38250	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:41.951499939 CET	38252	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:42.071074963 CET	33966	38252	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:42.071316004 CET	38252	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:42.072012901 CET	38252	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:42.191523075 CET	33966	38252	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:42.191831112 CET	38252	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:42.311381102 CET	33966	38252	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:43.337893963 CET	33966	38252	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:43.337986946 CET	38252	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:43.338027954 CET	38252	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:43.585633039 CET	38254	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:43.705173969 CET	33966	38254	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:43.705399990 CET	38254	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:43.708093882 CET	38254	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:43.827636003 CET	33966	38254	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:43.827893972 CET	38254	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:43.947560072 CET	33966	38254	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:44.970571995 CET	33966	38254	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:44.970798969 CET	38254	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:44.970897913 CET	38254	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:45.242070913 CET	38256	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:45.362191916 CET	33966	38256	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:45.362513065 CET	38256	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:45.363516092 CET	38256	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:45.483063936 CET	33966	38256	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:45.483153105 CET	38256	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:45.602767944 CET	33966	38256	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:46.627477884 CET	33966	38256	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:46.627713919 CET	38256	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:46.627713919 CET	38256	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:46.887202024 CET	38258	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:47.007790089 CET	33966	38258	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:47.007947922 CET	38258	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:47.008965015 CET	38258	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:47.128460884 CET	33966	38258	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:47.128671885 CET	38258	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:47.248275995 CET	33966	38258	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:48.272113085 CET	33966	38258	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:48.272182941 CET	38258	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:48.272224903 CET	38258	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:48.532701969 CET	38260	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:48.652249098 CET	33966	38260	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:48.652467966 CET	38260	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:48.653656006 CET	38260	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:48.773293018 CET	33966	38260	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:48.773432970 CET	38260	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:48.893059015 CET	33966	38260	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:49.921638012 CET	33966	38260	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:49.921822071 CET	38260	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:49.921915054 CET	38260	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:50.193372965 CET	38262	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:50.312973022 CET	33966	38262	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:50.313116074 CET	38262	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:50.314264059 CET	38262	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:50.433840990 CET	33966	38262	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:50.433897972 CET	38262	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:50.553472042 CET	33966	38262	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:51.577900887 CET	33966	38262	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:51.578201056 CET	38262	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:51.578201056 CET	38262	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:51.837740898 CET	38264	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:51.957417965 CET	33966	38264	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:51.957511902 CET	38264	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:51.958089113 CET	38264	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:52.077773094 CET	33966	38264	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:52.077892065 CET	38264	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:52.197736979 CET	33966	38264	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:53.223026991 CET	33966	38264	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:53.223114967 CET	38264	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:53.223180056 CET	38264	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:53.471823931 CET	38266	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:53.591555119 CET	33966	38266	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:53.591766119 CET	38266	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:53.592704058 CET	38266	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:53.712203979 CET	33966	38266	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:53.712313890 CET	38266	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:53.831944942 CET	33966	38266	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:54.856997967 CET	33966	38266	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:54.857110023 CET	38266	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:54.857362986 CET	38266	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:55.128448963 CET	38268	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:55.248040915 CET	33966	38268	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:55.248419046 CET	38268	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:55.249439001 CET	38268	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:55.369204998 CET	33966	38268	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:55.369261026 CET	38268	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:55.488809109 CET	33966	38268	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:56.519151926 CET	33966	38268	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:56.519366026 CET	38268	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:56.519366980 CET	38268	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:56.778647900 CET	38270	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:56.898215055 CET	33966	38270	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:56.898278952 CET	38270	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:56.899029970 CET	38270	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:57.018527985 CET	33966	38270	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:57.018682003 CET	38270	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:57.138549089 CET	33966	38270	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:58.163269043 CET	33966	38270	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:58.163440943 CET	38270	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:58.163482904 CET	38270	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:58.421577930 CET	38272	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:58.541244030 CET	33966	38272	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:58.541663885 CET	38272	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:58.542608976 CET	38272	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:58.662224054 CET	33966	38272	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:58.662657976 CET	38272	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:58.782326937 CET	33966	38272	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:59.807884932 CET	33966	38272	178.215.238.25	192.168.2.23
Dec 26, 2024 02:34:59.808082104 CET	38272	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:34:59.808188915 CET	38272	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:35:00.079093933 CET	38274	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:35:00.198654890 CET	33966	38274	178.215.238.25	192.168.2.23
Dec 26, 2024 02:35:00.199079037 CET	38274	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:35:00.199984074 CET	38274	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:35:00.319520950 CET	33966	38274	178.215.238.25	192.168.2.23
Dec 26, 2024 02:35:00.319595098 CET	38274	33966	192.168.2.23	178.215.238.25
Dec 26, 2024 02:35:00.440181971 CET	33966	38274	178.215.238.25	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 02:32:55.078376055 CET	59613	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:32:55.317542076 CET	53	59613	8.8.8.8	192.168.2.23
Dec 26, 2024 02:32:55.319298029 CET	42653	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:32:55.453720093 CET	53	42653	8.8.8.8	192.168.2.23
Dec 26, 2024 02:32:56.840913057 CET	51509	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:32:56.975806952 CET	53	51509	8.8.8.8	192.168.2.23
Dec 26, 2024 02:32:56.977303982 CET	38377	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:32:57.111213923 CET	53	38377	8.8.8.8	192.168.2.23
Dec 26, 2024 02:32:58.499519110 CET	51396	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:32:58.740314960 CET	53	51396	8.8.8.8	192.168.2.23
Dec 26, 2024 02:32:58.742376089 CET	44728	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:32:58.876569033 CET	53	44728	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:00.268990993 CET	59369	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:00.507529020 CET	53	59369	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:00.508582115 CET	53870	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:00.642927885 CET	53	53870	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:02.031191111 CET	33685	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:02.270016909 CET	53	33685	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:02.270900965 CET	33774	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:02.405503988 CET	53	33774	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:03.792378902 CET	43607	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:03.926697969 CET	53	43607	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:03.927706003 CET	33732	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:04.165770054 CET	53	33732	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:05.552228928 CET	52572	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:05.686722040 CET	53	52572	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:05.687705040 CET	55595	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:05.822000027 CET	53	55595	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:07.208925009 CET	37888	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:07.342461109 CET	53	37888	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:07.343341112 CET	57151	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:07.582164049 CET	53	57151	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:08.969187975 CET	37019	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:09.328406096 CET	53	37019	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:09.329412937 CET	41482	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:09.719700098 CET	53	41482	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:11.107732058 CET	55625	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:11.241552114 CET	53	55625	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:11.242435932 CET	39076	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:11.376796007 CET	53	39076	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:12.763607025 CET	56709	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:12.897947073 CET	53	56709	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:12.898885965 CET	57243	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:13.021296978 CET	53	57243	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:14.409007072 CET	54767	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:14.542661905 CET	53	54767	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:14.543601990 CET	43561	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:14.665889025 CET	53	43561	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:16.053831100 CET	38938	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:16.187834024 CET	53	38938	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:16.188822031 CET	45955	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:16.322391033 CET	53	45955	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:17.709141970 CET	34742	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:17.842706919 CET	53	34742	8.8.8.8	192.168.2.23
Dec 26, 2024 02:33:17.843820095 CET	55311	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:33:17.977549076 CET	53	55311	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:11.884422064 CET	45274	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:12.018037081 CET	53	45274	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:12.019566059 CET	32809	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:12.153944016 CET	53	32809	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:13.547034025 CET	43914	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:13.680766106 CET	53	43914	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:13.682059050 CET	52405	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:13.816107988 CET	53	52405	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:15.203191996 CET	56091	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:15.337486029 CET	53	56091	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:15.338622093 CET	50311	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:15.472426891 CET	53	50311	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:16.861910105 CET	37704	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:16.996421099 CET	53	37704	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:16.998188972 CET	59786	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:17.132873058 CET	53	59786	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:18.523832083 CET	39741	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:18.657593012 CET	53	39741	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:18.659188986 CET	58480	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:18.792762041 CET	53	58480	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:20.179481983 CET	35601	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:20.313791037 CET	53	35601	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:20.315092087 CET	33092	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:20.437773943 CET	53	33092	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:21.826888084 CET	39508	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:21.961253881 CET	53	39508	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:21.963397026 CET	52963	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:22.097218990 CET	53	52963	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:23.484146118 CET	48587	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:23.606558084 CET	53	48587	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:23.607690096 CET	60451	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:23.741651058 CET	53	60451	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:25.128747940 CET	38091	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:25.262506008 CET	53	38091	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:25.263843060 CET	33074	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:25.398119926 CET	53	33074	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:26.799020052 CET	52686	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:26.932727098 CET	53	52686	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:26.933665037 CET	60691	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:27.067390919 CET	53	60691	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:28.455957890 CET	48642	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:28.589693069 CET	53	48642	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:28.590816021 CET	35052	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:28.724565029 CET	53	35052	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:30.116446018 CET	51999	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:30.238847017 CET	53	51999	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:30.239768982 CET	42241	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:30.373553038 CET	53	42241	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:31.762022972 CET	51244	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:31.884432077 CET	53	51244	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:31.885195971 CET	32925	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:32.020036936 CET	53	32925	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:33.408282995 CET	44492	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:33.542025089 CET	53	44492	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:33.543600082 CET	60808	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:33.677160025 CET	53	60808	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:35.063585997 CET	43113	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:35.197267056 CET	53	43113	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:35.198966026 CET	46116	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:35.332768917 CET	53	46116	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:36.720688105 CET	46212	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:36.854768038 CET	53	46212	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:36.855938911 CET	52092	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:36.990370035 CET	53	52092	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:38.388490915 CET	46019	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:38.522578955 CET	53	46019	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:38.524106979 CET	58518	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:38.657880068 CET	53	58518	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:40.047996998 CET	53031	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:40.170340061 CET	53	53031	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:40.171655893 CET	35489	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:40.306090117 CET	53	35489	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:41.693461895 CET	59628	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:41.827747107 CET	53	59628	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:41.828620911 CET	36406	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:41.950979948 CET	53	36406	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:43.338920116 CET	41027	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:43.461261988 CET	53	41027	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:43.462336063 CET	40203	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:43.584719896 CET	53	40203	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:44.971909046 CET	56006	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:45.105791092 CET	53	56006	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:45.106933117 CET	38968	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:45.241151094 CET	53	38968	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:46.628878117 CET	33338	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:46.762773037 CET	53	33338	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:46.763945103 CET	36341	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:46.886337042 CET	53	36341	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:48.273051977 CET	36094	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:48.406668901 CET	53	36094	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:48.407787085 CET	55900	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:48.531889915 CET	53	55900	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:49.922808886 CET	57302	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:50.057239056 CET	53	57302	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:50.058810949 CET	38385	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:50.192564964 CET	53	38385	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:51.579194069 CET	49767	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:51.712956905 CET	53	49767	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:51.714368105 CET	38116	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:51.836922884 CET	53	38116	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:53.224159002 CET	49772	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:53.347249985 CET	53	49772	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:53.348498106 CET	47554	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:53.470966101 CET	53	47554	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:54.858042002 CET	44034	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:54.992227077 CET	53	44034	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:54.993582964 CET	44093	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:55.127567053 CET	53	44093	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:56.520375013 CET	49431	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:56.654067039 CET	53	49431	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:56.655428886 CET	53862	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:56.777729034 CET	53	53862	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:58.164128065 CET	39690	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:58.286451101 CET	53	39690	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:58.287609100 CET	39073	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:58.421040058 CET	53	39073	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:59.808934927 CET	57435	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:34:59.942631006 CET	53	57435	8.8.8.8	192.168.2.23
Dec 26, 2024 02:34:59.943911076 CET	58197	53	192.168.2.23	8.8.8.8
Dec 26, 2024 02:35:00.078171015 CET	53	58197	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 02:32:55.078376055 CET	192.168.2.23	8.8.8.8	0x35b0	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:55.319298029 CET	192.168.2.23	8.8.8.8	0x8f97	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:56.840913057 CET	192.168.2.23	8.8.8.8	0xab53	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:56.977303982 CET	192.168.2.23	8.8.8.8	0x6513	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:58.499519110 CET	192.168.2.23	8.8.8.8	0x6313	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:58.742376089 CET	192.168.2.23	8.8.8.8	0x95e1	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:00.268990993 CET	192.168.2.23	8.8.8.8	0x5184	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:00.508582115 CET	192.168.2.23	8.8.8.8	0x59a9	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:02.031191111 CET	192.168.2.23	8.8.8.8	0xc324	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:02.270900965 CET	192.168.2.23	8.8.8.8	0x45af	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:03.792378902 CET	192.168.2.23	8.8.8.8	0xe43	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:03.927706003 CET	192.168.2.23	8.8.8.8	0x9971	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:05.552228928 CET	192.168.2.23	8.8.8.8	0x819c	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:05.687705040 CET	192.168.2.23	8.8.8.8	0xc006	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:07.208925009 CET	192.168.2.23	8.8.8.8	0xcf52	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:07.343341112 CET	192.168.2.23	8.8.8.8	0x14e	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:08.969187975 CET	192.168.2.23	8.8.8.8	0x6e25	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:09.329412937 CET	192.168.2.23	8.8.8.8	0xe546	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:11.107732058 CET	192.168.2.23	8.8.8.8	0xec45	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:11.242435932 CET	192.168.2.23	8.8.8.8	0xf3c	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:12.763607025 CET	192.168.2.23	8.8.8.8	0x91d7	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:12.898885965 CET	192.168.2.23	8.8.8.8	0xca6b	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:14.409007072 CET	192.168.2.23	8.8.8.8	0x7dd2	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:14.543601990 CET	192.168.2.23	8.8.8.8	0xf030	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:16.053831100 CET	192.168.2.23	8.8.8.8	0x7e96	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:16.188822031 CET	192.168.2.23	8.8.8.8	0xf7f2	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:17.709141970 CET	192.168.2.23	8.8.8.8	0x4b1f	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:17.843820095 CET	192.168.2.23	8.8.8.8	0x86fb	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:11.884422064 CET	192.168.2.23	8.8.8.8	0x2cfe	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:12.019566059 CET	192.168.2.23	8.8.8.8	0x546f	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:13.547034025 CET	192.168.2.23	8.8.8.8	0x5c7b	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:13.682059050 CET	192.168.2.23	8.8.8.8	0xaec5	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:15.203191996 CET	192.168.2.23	8.8.8.8	0x9b3f	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:15.338622093 CET	192.168.2.23	8.8.8.8	0x2b3c	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:16.861910105 CET	192.168.2.23	8.8.8.8	0x93c5	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:16.998188972 CET	192.168.2.23	8.8.8.8	0xeb6b	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:18.523832083 CET	192.168.2.23	8.8.8.8	0x5c77	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:18.659188986 CET	192.168.2.23	8.8.8.8	0xbc4e	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:20.179481983 CET	192.168.2.23	8.8.8.8	0x8acd	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:20.315092087 CET	192.168.2.23	8.8.8.8	0x8ab1	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:21.826888084 CET	192.168.2.23	8.8.8.8	0x31c9	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:21.963397026 CET	192.168.2.23	8.8.8.8	0x39e6	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:23.484146118 CET	192.168.2.23	8.8.8.8	0x2d87	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:23.607690096 CET	192.168.2.23	8.8.8.8	0x8919	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:25.128747940 CET	192.168.2.23	8.8.8.8	0xe5a8	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:25.263843060 CET	192.168.2.23	8.8.8.8	0x8b75	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:26.799020052 CET	192.168.2.23	8.8.8.8	0x1b8a	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:26.933665037 CET	192.168.2.23	8.8.8.8	0x1c5	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:28.455957890 CET	192.168.2.23	8.8.8.8	0x2ed2	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:28.590816021 CET	192.168.2.23	8.8.8.8	0x20bf	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:30.116446018 CET	192.168.2.23	8.8.8.8	0x744e	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:30.239768982 CET	192.168.2.23	8.8.8.8	0xeb4e	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:31.762022972 CET	192.168.2.23	8.8.8.8	0xe10c	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:31.885195971 CET	192.168.2.23	8.8.8.8	0xcb2e	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:33.408282995 CET	192.168.2.23	8.8.8.8	0x9eb6	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:33.543600082 CET	192.168.2.23	8.8.8.8	0x9367	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:35.063585997 CET	192.168.2.23	8.8.8.8	0xc2db	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:35.198966026 CET	192.168.2.23	8.8.8.8	0xbd93	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:36.720688105 CET	192.168.2.23	8.8.8.8	0xee69	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:36.855938911 CET	192.168.2.23	8.8.8.8	0xb0df	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:38.388490915 CET	192.168.2.23	8.8.8.8	0x8139	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:38.524106979 CET	192.168.2.23	8.8.8.8	0xa2e	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:40.047996998 CET	192.168.2.23	8.8.8.8	0xe27b	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:40.171655893 CET	192.168.2.23	8.8.8.8	0x3f89	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:41.693461895 CET	192.168.2.23	8.8.8.8	0xf5fb	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:41.828620911 CET	192.168.2.23	8.8.8.8	0x77ff	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:43.338920116 CET	192.168.2.23	8.8.8.8	0x3b3	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:43.462336063 CET	192.168.2.23	8.8.8.8	0x7551	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:44.971909046 CET	192.168.2.23	8.8.8.8	0x8b13	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:45.106933117 CET	192.168.2.23	8.8.8.8	0xf031	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:46.628878117 CET	192.168.2.23	8.8.8.8	0xf491	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:46.763945103 CET	192.168.2.23	8.8.8.8	0xe035	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:48.273051977 CET	192.168.2.23	8.8.8.8	0x6e24	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:48.407787085 CET	192.168.2.23	8.8.8.8	0x70f4	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:49.922808886 CET	192.168.2.23	8.8.8.8	0x2330	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:50.058810949 CET	192.168.2.23	8.8.8.8	0xa511	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:51.579194069 CET	192.168.2.23	8.8.8.8	0x2a8d	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:51.714368105 CET	192.168.2.23	8.8.8.8	0xc0d1	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:53.224159002 CET	192.168.2.23	8.8.8.8	0x7281	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:53.348498106 CET	192.168.2.23	8.8.8.8	0xccce	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:54.858042002 CET	192.168.2.23	8.8.8.8	0x128f	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:54.993582964 CET	192.168.2.23	8.8.8.8	0x97a3	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:56.520375013 CET	192.168.2.23	8.8.8.8	0x1f6d	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:56.655428886 CET	192.168.2.23	8.8.8.8	0x4b00	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:58.164128065 CET	192.168.2.23	8.8.8.8	0x5de0	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:58.287609100 CET	192.168.2.23	8.8.8.8	0xc3f9	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:59.808934927 CET	192.168.2.23	8.8.8.8	0x1243	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:59.943911076 CET	192.168.2.23	8.8.8.8	0xf1ed	Standard query (0)	raw.cardiacpure.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 02:32:55.317542076 CET	8.8.8.8	192.168.2.23	0x35b0	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:55.453720093 CET	8.8.8.8	192.168.2.23	0x8f97	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:56.975806952 CET	8.8.8.8	192.168.2.23	0xab53	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:57.111213923 CET	8.8.8.8	192.168.2.23	0x6513	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:58.740314960 CET	8.8.8.8	192.168.2.23	0x6313	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:32:58.876569033 CET	8.8.8.8	192.168.2.23	0x95e1	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:00.507529020 CET	8.8.8.8	192.168.2.23	0x5184	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:00.642927885 CET	8.8.8.8	192.168.2.23	0x59a9	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:02.270016909 CET	8.8.8.8	192.168.2.23	0xc324	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:02.405503988 CET	8.8.8.8	192.168.2.23	0x45af	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:03.926697969 CET	8.8.8.8	192.168.2.23	0xe43	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:04.165770054 CET	8.8.8.8	192.168.2.23	0x9971	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:05.686722040 CET	8.8.8.8	192.168.2.23	0x819c	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:05.822000027 CET	8.8.8.8	192.168.2.23	0xc006	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:07.342461109 CET	8.8.8.8	192.168.2.23	0xcf52	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:07.582164049 CET	8.8.8.8	192.168.2.23	0x14e	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:09.328406096 CET	8.8.8.8	192.168.2.23	0x6e25	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:09.719700098 CET	8.8.8.8	192.168.2.23	0xe546	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:11.241552114 CET	8.8.8.8	192.168.2.23	0xec45	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:11.376796007 CET	8.8.8.8	192.168.2.23	0xf3c	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:12.897947073 CET	8.8.8.8	192.168.2.23	0x91d7	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:13.021296978 CET	8.8.8.8	192.168.2.23	0xca6b	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:14.542661905 CET	8.8.8.8	192.168.2.23	0x7dd2	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:14.665889025 CET	8.8.8.8	192.168.2.23	0xf030	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:16.187834024 CET	8.8.8.8	192.168.2.23	0x7e96	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:16.322391033 CET	8.8.8.8	192.168.2.23	0xf7f2	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:17.842706919 CET	8.8.8.8	192.168.2.23	0x4b1f	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:33:17.977549076 CET	8.8.8.8	192.168.2.23	0x86fb	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:12.018037081 CET	8.8.8.8	192.168.2.23	0x2cfe	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:12.153944016 CET	8.8.8.8	192.168.2.23	0x546f	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:13.680766106 CET	8.8.8.8	192.168.2.23	0x5c7b	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:13.816107988 CET	8.8.8.8	192.168.2.23	0xaec5	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:15.337486029 CET	8.8.8.8	192.168.2.23	0x9b3f	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:15.472426891 CET	8.8.8.8	192.168.2.23	0x2b3c	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:16.996421099 CET	8.8.8.8	192.168.2.23	0x93c5	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:17.132873058 CET	8.8.8.8	192.168.2.23	0xeb6b	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:18.657593012 CET	8.8.8.8	192.168.2.23	0x5c77	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:18.792762041 CET	8.8.8.8	192.168.2.23	0xbc4e	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:20.313791037 CET	8.8.8.8	192.168.2.23	0x8acd	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:20.437773943 CET	8.8.8.8	192.168.2.23	0x8ab1	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:21.961253881 CET	8.8.8.8	192.168.2.23	0x31c9	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:22.097218990 CET	8.8.8.8	192.168.2.23	0x39e6	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:23.606558084 CET	8.8.8.8	192.168.2.23	0x2d87	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:23.741651058 CET	8.8.8.8	192.168.2.23	0x8919	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:25.262506008 CET	8.8.8.8	192.168.2.23	0xe5a8	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:25.398119926 CET	8.8.8.8	192.168.2.23	0x8b75	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:26.932727098 CET	8.8.8.8	192.168.2.23	0x1b8a	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:27.067390919 CET	8.8.8.8	192.168.2.23	0x1c5	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:28.589693069 CET	8.8.8.8	192.168.2.23	0x2ed2	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:28.724565029 CET	8.8.8.8	192.168.2.23	0x20bf	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:30.238847017 CET	8.8.8.8	192.168.2.23	0x744e	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:30.373553038 CET	8.8.8.8	192.168.2.23	0xeb4e	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:31.884432077 CET	8.8.8.8	192.168.2.23	0xe10c	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:32.020036936 CET	8.8.8.8	192.168.2.23	0xcb2e	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:33.542025089 CET	8.8.8.8	192.168.2.23	0x9eb6	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:33.677160025 CET	8.8.8.8	192.168.2.23	0x9367	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:35.197267056 CET	8.8.8.8	192.168.2.23	0xc2db	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:35.332768917 CET	8.8.8.8	192.168.2.23	0xbd93	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:36.854768038 CET	8.8.8.8	192.168.2.23	0xee69	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:36.990370035 CET	8.8.8.8	192.168.2.23	0xb0df	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:38.522578955 CET	8.8.8.8	192.168.2.23	0x8139	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:38.657880068 CET	8.8.8.8	192.168.2.23	0xa2e	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:40.170340061 CET	8.8.8.8	192.168.2.23	0xe27b	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:40.306090117 CET	8.8.8.8	192.168.2.23	0x3f89	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:41.827747107 CET	8.8.8.8	192.168.2.23	0xf5fb	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:41.950979948 CET	8.8.8.8	192.168.2.23	0x77ff	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:43.461261988 CET	8.8.8.8	192.168.2.23	0x3b3	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:43.584719896 CET	8.8.8.8	192.168.2.23	0x7551	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:45.105791092 CET	8.8.8.8	192.168.2.23	0x8b13	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:45.241151094 CET	8.8.8.8	192.168.2.23	0xf031	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:46.762773037 CET	8.8.8.8	192.168.2.23	0xf491	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:46.886337042 CET	8.8.8.8	192.168.2.23	0xe035	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:48.406668901 CET	8.8.8.8	192.168.2.23	0x6e24	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:48.531889915 CET	8.8.8.8	192.168.2.23	0x70f4	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:50.057239056 CET	8.8.8.8	192.168.2.23	0x2330	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:50.192564964 CET	8.8.8.8	192.168.2.23	0xa511	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:51.712956905 CET	8.8.8.8	192.168.2.23	0x2a8d	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:51.836922884 CET	8.8.8.8	192.168.2.23	0xc0d1	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:53.347249985 CET	8.8.8.8	192.168.2.23	0x7281	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:53.470966101 CET	8.8.8.8	192.168.2.23	0xccce	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:54.992227077 CET	8.8.8.8	192.168.2.23	0x128f	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:55.127567053 CET	8.8.8.8	192.168.2.23	0x97a3	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:56.654067039 CET	8.8.8.8	192.168.2.23	0x1f6d	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:56.777729034 CET	8.8.8.8	192.168.2.23	0x4b00	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:58.286451101 CET	8.8.8.8	192.168.2.23	0x5de0	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:58.421040058 CET	8.8.8.8	192.168.2.23	0xc3f9	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:34:59.942631006 CET	8.8.8.8	192.168.2.23	0x1243	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false
Dec 26, 2024 02:35:00.078171015 CET	8.8.8.8	192.168.2.23	0xf1ed	No error (0)	raw.cardiacpure.ru	178.215.238.25	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: gnjqwpc.elf PID: 6237, Parent PID: 6157

General

Start time (UTC):	01:32:54
Start date (UTC):	26/12/2024
Path:	/tmp/gnjqwpc.elf
Arguments:	/tmp/gnjqwpc.elf
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: gnjqwpc.elf PID: 6239, Parent PID: 6237

General

Start time (UTC):	01:32:54
Start date (UTC):	26/12/2024
Path:	/tmp/gnjqwpc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: gnjqwpc.elf PID: 6241, Parent PID: 6239

General

Start time (UTC):	01:32:54
Start date (UTC):	26/12/2024
Path:	/tmp/gnjqwpc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report gnjqwpc.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/qemu-open.FXxhtM (deleted)

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: gnjqwpc.elf PID: 6237, Parent PID: 6157

General

Chronological Activities

Analysis Process: gnjqwpc.elf PID: 6239, Parent PID: 6237

General

Chronological Activities

Analysis Process: gnjqwpc.elf PID: 6241, Parent PID: 6239

General

Chronological Activities

Linux Analysis Report
gnjqwpc.elf