Edit tour

Linux Analysis Report
Aqua.sh4.elf

Overview

General Information

Sample name:	Aqua.sh4.elf
Analysis ID:	1581819
MD5:	4c49fc3418e5f5fa874b7292388d0f02
SHA1:	264c68f7abe33c4676b1bba03d4d3094cfd13271
SHA256:	189db67bc8a22a4ce59338b1be63d65f2062b6a96ba6f9a105af08b7115ffd6f
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample deletes itself

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581819
Start date and time:	2024-12-29 02:32:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Aqua.sh4.elf
Detection:	MAL
Classification:	mal64.troj.evad.linELF@0/1@81/0

Runtime Messages

Command:	/tmp/Aqua.sh4.elf
PID:	5440
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	about to cum inside a femboy btw
Standard Error:

Process Tree

system is lnxubuntu20

Aqua.sh4.elf (PID: 5440, Parent: 5361, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/Aqua.sh4.elf

Aqua.sh4.elf New Fork (PID: 5442, Parent: 5440)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Aqua.sh4.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Aqua.sh4.elf	ReversingLabs: Detection: 26%
Source: Aqua.sh4.elf	Virustotal: Detection: 30%			Perma Link

Networking

Sends malformed DNS queries

Source: global traffic

DNS traffic detected: malformed DNS query: raw.intenseapi.com. [malformed]

Source: global traffic

TCP traffic: 192.168.2.13:52980 -> 193.200.78.37:33966

Source: global traffic	DNS traffic detected: DNS query: raw.intenseapi.com
Source: global traffic	DNS traffic detected: DNS query: raw.intenseapi.com. [malformed]

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.evad.linELF@0/1@81/0

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/Aqua.sh4.elf (PID: 5442)

File: /tmp/Aqua.sh4.elf

Jump to behavior

Source: /tmp/Aqua.sh4.elf (PID: 5440)

Queries kernel information via 'uname':

Jump to behavior

Source: Aqua.sh4.elf, 5440.1.00007fff97eba000.00007fff97edb000.rw-.sdmp	Binary or memory string: /qemu-open.XXXXX
Source: Aqua.sh4.elf, 5440.1.00007fff97eba000.00007fff97edb000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: Aqua.sh4.elf, 5440.1.00007fff97eba000.00007fff97edb000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.OQ46ky
Source: Aqua.sh4.elf, 5440.1.0000555927102000.0000555927165000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: Aqua.sh4.elf, 5440.1.00007fff97eba000.00007fff97edb000.rw-.sdmp	Binary or memory string: 3x86_64/usr/bin/qemu-sh4/tmp/Aqua.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Aqua.sh4.elf
Source: Aqua.sh4.elf, 5440.1.00007fff97eba000.00007fff97edb000.rw-.sdmp	Binary or memory string: #YU/tmp/qemu-open.OQ46ky\
Source: Aqua.sh4.elf, 5440.1.0000555927102000.0000555927165000.rw-.sdmp	Binary or memory string: 'YU5!/etc/qemu-binfmt/sh4

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Aqua.sh4.elf	26%	ReversingLabs	Linux.Exploit.Mirai
Aqua.sh4.elf	30%	Virustotal		Browse
Aqua.sh4.elf	100%	Avira	EXP/ELF.Mirai.W

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
raw.intenseapi.com	193.200.78.37	true	false		high
raw.intenseapi.com. [malformed]	unknown	unknown	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
193.200.78.37	raw.intenseapi.com	Switzerland		29496	LINK-SERVICE-ASUA	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
193.200.78.37	Aqua.ppc.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse
	Aqua.x86_64.elf	Get hash	malicious	Unknown	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse
	Aqua.mpsl.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
raw.intenseapi.com	Aqua.ppc.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.x86_64.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.mpsl.elf	Get hash	malicious	Unknown	Browse	193.200.78.37

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LINK-SERVICE-ASUA	Aqua.ppc.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.x86_64.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.mpsl.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse	193.200.78.37

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/tmp/qemu-open.OQ46ky (deleted)

Download File

Process:	/tmp/Aqua.sh4.elf
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	4.208966082694623
Encrypted:	false
SSDEEP:	3:TguCoHJN:TguCaJN
MD5:	42D321A35BE5917F2DF61619D3598268
SHA1:	E7D3569F27F9DEA393CC2834EA2677CACAE3ABCA
SHA-256:	229307582B2BBD3F1202F35ED8E017BD54255073431C21EF9DB0E1390EB294D9
SHA-512:	79B0C9EB62D34D8CE99B7A696E46FFD9FA9871329B68D5225963B485C8071479946A26408AE848B84B07F85911F8F4E1DE9796FC2FBC241B4344716438A4DF7D
Malicious:	false
Reputation:	low
Preview:	/tmp/Aqua.sh4.elf.nwlrbbmqbh

Static File Info

General

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.809768644327942
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	Aqua.sh4.elf
File size:	46'532 bytes
MD5:	4c49fc3418e5f5fa874b7292388d0f02
SHA1:	264c68f7abe33c4676b1bba03d4d3094cfd13271
SHA256:	189db67bc8a22a4ce59338b1be63d65f2062b6a96ba6f9a105af08b7115ffd6f
SHA512:	5af4c19aa6086906efdcd83976e7679ce14863aa9f7fedccd66488e7037e95288656ccba382762dddefb457842127feb06c70dc3c1ea9a2b4b91f3fb7ac15c51
SSDEEP:	768:GaVwt93wz6QIeyE60U1BL1Wqo/VR6US9CI6hKxYYssaLoHswRE6C7+Qddfv1zhID:GaVwt9eIFM4Bpr0R6b2KxYYsvsHs/6C9
TLSH:	1C238D77C529AE88C14982B5B8354FB41B63E049D2A71FFF1A89C2698047DBCF6053F9
File Content Preview:	.ELF.....................@.4...4.......4. ...(...............@...@.D...D...............H...H.A.H.A.....t%..........Q.td............................././"O.n........#.@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	46132
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x30	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0x9e20	0x0	0x6	AX	32
.fini	PROGBITS	0x409f00	0x9f00	0x24	0x0	0x6	AX	4
.rodata	PROGBITS	0x409f24	0x9f24	0x1120	0x0	0x2	A	4
.ctors	PROGBITS	0x41b048	0xb048	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x41b050	0xb050	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x41b05c	0xb05c	0x398	0x0	0x3	WA	4
.bss	NOBITS	0x41b3f4	0xb3f4	0x21c8	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xb3f4	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xb044	0xb044	6.8710	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xb048	0x41b048	0x41b048	0x3ac	0x2574	3.2811	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2024 02:32:59.238821030 CET	52980	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:32:59.358359098 CET	33966	52980	193.200.78.37	192.168.2.13
Dec 29, 2024 02:32:59.358441114 CET	52980	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:32:59.359483957 CET	52980	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:32:59.478918076 CET	33966	52980	193.200.78.37	192.168.2.13
Dec 29, 2024 02:32:59.479034901 CET	52980	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:32:59.598517895 CET	33966	52980	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:00.641266108 CET	33966	52980	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:00.641350985 CET	52980	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:00.641511917 CET	52980	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:01.875535011 CET	52982	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:01.995011091 CET	33966	52982	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:01.995100021 CET	52982	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:01.995929956 CET	52982	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:02.118901968 CET	33966	52982	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:02.118973970 CET	52982	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:02.239126921 CET	33966	52982	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:03.240036011 CET	33966	52982	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:03.240418911 CET	52982	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:03.240418911 CET	52982	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:04.474217892 CET	52984	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:04.593888044 CET	33966	52984	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:04.594072104 CET	52984	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:04.594906092 CET	52984	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:04.714483976 CET	33966	52984	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:04.714641094 CET	52984	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:04.834156990 CET	33966	52984	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:05.884076118 CET	33966	52984	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:05.884313107 CET	52984	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:05.884344101 CET	52984	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:07.122581959 CET	52986	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:07.242048025 CET	33966	52986	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:07.242180109 CET	52986	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:07.242928982 CET	52986	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:07.362860918 CET	33966	52986	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:07.362946033 CET	52986	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:07.482475996 CET	33966	52986	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:08.532119036 CET	33966	52986	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:08.532217979 CET	52986	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:08.532443047 CET	52986	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:09.767364979 CET	52988	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:09.886928082 CET	33966	52988	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:09.887105942 CET	52988	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:09.887867928 CET	52988	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:10.007320881 CET	33966	52988	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:10.007391930 CET	52988	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:10.127075911 CET	33966	52988	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:11.223469019 CET	33966	52988	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:11.223685026 CET	52988	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:11.223711967 CET	52988	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:12.457427979 CET	52990	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:12.577105999 CET	33966	52990	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:12.577182055 CET	52990	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:12.577855110 CET	52990	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:12.697297096 CET	33966	52990	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:12.697357893 CET	52990	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:12.818037033 CET	33966	52990	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:13.819516897 CET	33966	52990	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:13.819633961 CET	52990	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:13.819669008 CET	52990	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:15.056730986 CET	52992	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:15.176368952 CET	33966	52992	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:15.176446915 CET	52992	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:15.177113056 CET	52992	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:15.296519041 CET	33966	52992	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:15.296590090 CET	52992	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:15.416192055 CET	33966	52992	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:16.466434956 CET	33966	52992	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:16.466590881 CET	52992	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:16.466614008 CET	52992	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:17.699050903 CET	52994	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:17.818597078 CET	33966	52994	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:17.818713903 CET	52994	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:17.819557905 CET	52994	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:17.939855099 CET	33966	52994	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:17.940025091 CET	52994	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:18.059568882 CET	33966	52994	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:19.147710085 CET	33966	52994	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:19.147975922 CET	52994	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:19.148098946 CET	52994	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:20.382023096 CET	52996	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:20.501621008 CET	33966	52996	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:20.501679897 CET	52996	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:20.502681971 CET	52996	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:20.622097969 CET	33966	52996	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:20.622241974 CET	52996	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:20.741801977 CET	33966	52996	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:21.837169886 CET	33966	52996	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:21.837407112 CET	52996	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:21.837454081 CET	52996	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:23.071286917 CET	52998	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:23.190988064 CET	33966	52998	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:23.191045046 CET	52998	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:23.192028999 CET	52998	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:23.311558962 CET	33966	52998	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:23.311656952 CET	52998	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:23.431250095 CET	33966	52998	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:24.429325104 CET	33966	52998	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:24.429524899 CET	52998	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:24.429558039 CET	52998	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:25.664376020 CET	53000	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:25.783931017 CET	33966	53000	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:25.784008026 CET	53000	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:25.784951925 CET	53000	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:25.904537916 CET	33966	53000	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:25.904608965 CET	53000	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:26.024297953 CET	33966	53000	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:27.026794910 CET	33966	53000	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:27.027081966 CET	53000	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:27.027201891 CET	53000	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:28.266015053 CET	53002	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:28.385581970 CET	33966	53002	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:28.385849953 CET	53002	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:28.387332916 CET	53002	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:28.506773949 CET	33966	53002	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:28.507097006 CET	53002	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:28.626616955 CET	33966	53002	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:29.675955057 CET	33966	53002	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:29.676392078 CET	53002	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:29.676507950 CET	53002	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:30.912903070 CET	53004	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:31.032629967 CET	33966	53004	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:31.032696962 CET	53004	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:31.033560991 CET	53004	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:31.152971983 CET	33966	53004	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:31.153040886 CET	53004	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:31.272521973 CET	33966	53004	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:32.322074890 CET	33966	53004	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:32.322390079 CET	53004	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:32.322390079 CET	53004	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:33.558649063 CET	53006	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:33.678231955 CET	33966	53006	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:33.678453922 CET	53006	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:33.679615974 CET	53006	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:33.799089909 CET	33966	53006	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:33.799515963 CET	53006	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:33.919250011 CET	33966	53006	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:34.915014982 CET	33966	53006	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:34.915327072 CET	53006	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:34.915441036 CET	53006	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:36.150907993 CET	53008	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:36.270534039 CET	33966	53008	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:36.270781040 CET	53008	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:36.272042036 CET	53008	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:36.391462088 CET	33966	53008	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:36.391742945 CET	53008	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:36.511250019 CET	33966	53008	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:37.514359951 CET	33966	53008	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:37.514729977 CET	53008	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:37.514730930 CET	53008	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:38.746205091 CET	53010	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:38.865798950 CET	33966	53010	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:38.865885973 CET	53010	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:38.866455078 CET	53010	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:38.986035109 CET	33966	53010	193.200.78.37	192.168.2.13
Dec 29, 2024 02:33:38.986114979 CET	53010	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:33:39.105870962 CET	33966	53010	193.200.78.37	192.168.2.13
Dec 29, 2024 02:34:48.937294960 CET	53010	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:34:49.060121059 CET	33966	53010	193.200.78.37	192.168.2.13
Dec 29, 2024 02:34:49.336086988 CET	33966	53010	193.200.78.37	192.168.2.13
Dec 29, 2024 02:34:49.336247921 CET	53010	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:34:59.343508005 CET	53010	33966	192.168.2.13	193.200.78.37
Dec 29, 2024 02:34:59.463268042 CET	33966	53010	193.200.78.37	192.168.2.13
Dec 29, 2024 02:34:59.743365049 CET	33966	53010	193.200.78.37	192.168.2.13
Dec 29, 2024 02:34:59.743459940 CET	53010	33966	192.168.2.13	193.200.78.37

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2024 02:32:58.383335114 CET	49350	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:32:58.620392084 CET	53	49350	8.8.8.8	192.168.2.13
Dec 29, 2024 02:32:58.622092009 CET	56591	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:32:58.744275093 CET	53	56591	8.8.8.8	192.168.2.13
Dec 29, 2024 02:32:58.745435953 CET	35136	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:32:58.867580891 CET	53	35136	8.8.8.8	192.168.2.13
Dec 29, 2024 02:32:58.868871927 CET	57631	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:32:58.991091013 CET	53	57631	8.8.8.8	192.168.2.13
Dec 29, 2024 02:32:58.992260933 CET	48770	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:32:59.114572048 CET	53	48770	8.8.8.8	192.168.2.13
Dec 29, 2024 02:32:59.115801096 CET	57716	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:32:59.238001108 CET	53	57716	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:00.642405987 CET	35766	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:00.765657902 CET	53	35766	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:00.766747952 CET	32812	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:00.888937950 CET	53	32812	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:00.889769077 CET	50318	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:01.012080908 CET	53	50318	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:01.012943029 CET	38216	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:01.135389090 CET	53	38216	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:01.136275053 CET	38765	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:01.258671999 CET	53	38765	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:01.259836912 CET	44954	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:01.382086992 CET	53	44954	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:01.383049011 CET	37142	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:01.505321980 CET	53	37142	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:01.506247044 CET	33283	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:01.628511906 CET	53	33283	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:01.629573107 CET	51660	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:01.751749992 CET	53	51660	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:01.752926111 CET	36087	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:01.875094891 CET	53	36087	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:03.241297007 CET	35203	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:03.363521099 CET	53	35203	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:03.364633083 CET	49085	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:03.487409115 CET	53	49085	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:03.488425016 CET	38479	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:03.610677004 CET	53	38479	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:03.611816883 CET	43628	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:03.734018087 CET	53	43628	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:03.734905958 CET	35184	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:03.857161999 CET	53	35184	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:03.858074903 CET	35138	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:03.980254889 CET	53	35138	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:03.981342077 CET	52167	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:04.103569984 CET	53	52167	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:04.104554892 CET	54020	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:04.227264881 CET	53	54020	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:04.228210926 CET	51361	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:04.350461960 CET	53	51361	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:04.351366997 CET	38193	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:04.473572016 CET	53	38193	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:05.885375977 CET	41075	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:06.008377075 CET	53	41075	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:06.009599924 CET	47997	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:06.132694006 CET	53	47997	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:06.133879900 CET	34573	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:06.257040977 CET	53	34573	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:06.257940054 CET	52567	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:06.380171061 CET	53	52567	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:06.381211996 CET	58947	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:06.503405094 CET	53	58947	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:06.504612923 CET	60216	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:06.629085064 CET	53	60216	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:06.630007982 CET	39585	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:06.752258062 CET	53	39585	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:06.753319025 CET	38486	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:06.875638008 CET	53	38486	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:06.876562119 CET	59144	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:06.998781919 CET	53	59144	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:06.999718904 CET	52943	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:07.122054100 CET	53	52943	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:08.533576012 CET	51765	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:08.655716896 CET	53	51765	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:08.656964064 CET	39508	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:08.779170990 CET	53	39508	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:08.780838966 CET	45480	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:08.903103113 CET	53	45480	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:08.904397011 CET	49954	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:09.027750015 CET	53	49954	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:09.028805017 CET	47314	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:09.151127100 CET	53	47314	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:09.152364016 CET	45745	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:09.274589062 CET	53	45745	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:09.275604963 CET	53906	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:09.397882938 CET	53	53906	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:09.398818016 CET	59382	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:09.520953894 CET	53	59382	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:09.521790981 CET	53340	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:09.643933058 CET	53	53340	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:09.644732952 CET	39105	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:09.766930103 CET	53	39105	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:11.224936962 CET	33585	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:11.347173929 CET	53	33585	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:11.348233938 CET	33897	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:11.470474005 CET	53	33897	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:11.471487999 CET	53026	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:11.593807936 CET	53	53026	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:11.594780922 CET	60624	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:11.717112064 CET	53	60624	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:11.717933893 CET	36520	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:11.840610981 CET	53	36520	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:11.841698885 CET	48724	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:11.964142084 CET	53	48724	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:11.965400934 CET	38900	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:12.087567091 CET	53	38900	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:12.088651896 CET	38117	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:12.210911989 CET	53	38117	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:12.211853027 CET	48770	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:12.334033012 CET	53	48770	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:12.334805012 CET	34966	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:12.456965923 CET	53	34966	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:13.820646048 CET	45930	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:13.942811012 CET	53	45930	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:13.943531036 CET	59145	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:14.067248106 CET	53	59145	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:14.068280935 CET	59620	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:14.190702915 CET	53	59620	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:14.191557884 CET	60190	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:14.317604065 CET	53	60190	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:14.318442106 CET	33201	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:14.440745115 CET	53	33201	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:14.441623926 CET	41117	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:14.563868046 CET	53	41117	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:14.564719915 CET	56804	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:14.686944008 CET	53	56804	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:14.687747002 CET	47504	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:14.809936047 CET	53	47504	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:14.810770035 CET	51948	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:14.933026075 CET	53	51948	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:14.933959007 CET	59825	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:15.056160927 CET	53	59825	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:16.467412949 CET	34841	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:16.589628935 CET	53	34841	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:16.590574980 CET	60599	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:16.712869883 CET	53	60599	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:16.713685989 CET	44654	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:16.835876942 CET	53	44654	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:16.836781979 CET	39755	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:16.959026098 CET	53	39755	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:16.960011005 CET	39396	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:17.082483053 CET	53	39396	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:17.083317995 CET	35649	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:17.205887079 CET	53	35649	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:17.206744909 CET	60975	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:17.329006910 CET	53	60975	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:17.329931021 CET	57493	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:17.452148914 CET	53	57493	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:17.453021049 CET	48229	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:17.575203896 CET	53	48229	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:17.576308966 CET	50508	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:17.698591948 CET	53	50508	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:19.149271011 CET	35786	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:19.271502972 CET	53	35786	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:19.272392035 CET	60353	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:19.394577980 CET	53	60353	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:19.395752907 CET	41229	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:19.518078089 CET	53	41229	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:19.518944979 CET	42392	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:19.641218901 CET	53	42392	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:19.642363071 CET	41495	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:19.764688015 CET	53	41495	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:19.765804052 CET	48365	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:19.888096094 CET	53	48365	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:19.889193058 CET	36870	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:20.011449099 CET	53	36870	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:20.012748003 CET	33897	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:20.134906054 CET	53	33897	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:20.135900974 CET	44839	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:20.258085966 CET	53	44839	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:20.259160995 CET	48170	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:20.381385088 CET	53	48170	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:21.838624954 CET	58135	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:21.960879087 CET	53	58135	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:21.961934090 CET	52140	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:22.084290981 CET	53	52140	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:22.085501909 CET	37315	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:22.207840919 CET	53	37315	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:22.208894014 CET	48005	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:22.331083059 CET	53	48005	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:22.332056999 CET	54937	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:22.454263926 CET	53	54937	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:22.455355883 CET	38411	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:22.577497005 CET	53	38411	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:22.578538895 CET	47302	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:22.700726986 CET	53	47302	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:22.701641083 CET	38874	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:22.823837996 CET	53	38874	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:22.825218916 CET	47538	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:22.947484016 CET	53	47538	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:22.948364019 CET	37649	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:23.070615053 CET	53	37649	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:24.430604935 CET	35998	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:24.552752018 CET	53	35998	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:24.553698063 CET	60961	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:24.675936937 CET	53	60961	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:24.677107096 CET	50055	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:24.799360037 CET	53	50055	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:24.800507069 CET	56849	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:24.922806978 CET	53	56849	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:24.923901081 CET	41669	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:25.046471119 CET	53	41669	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:25.047537088 CET	54638	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:25.169970989 CET	53	54638	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:25.171122074 CET	58792	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:25.293493986 CET	53	58792	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:25.294584990 CET	33232	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:25.416802883 CET	53	33232	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:25.417953014 CET	53701	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:25.540123940 CET	53	53701	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:25.541263103 CET	48090	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:25.663666010 CET	53	48090	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:27.028502941 CET	57957	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:27.150643110 CET	53	57957	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:27.152254105 CET	42407	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:27.274692059 CET	53	42407	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:27.276421070 CET	44179	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:27.398678064 CET	53	44179	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:27.400232077 CET	56365	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:27.522732973 CET	53	56365	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:27.524218082 CET	58255	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:27.646400928 CET	53	58255	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:27.647798061 CET	35641	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:27.769994020 CET	53	35641	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:27.771349907 CET	45137	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:27.893496037 CET	53	45137	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:27.895039082 CET	38380	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:28.017251968 CET	53	38380	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:28.018821955 CET	34202	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:28.141159058 CET	53	34202	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:28.142635107 CET	51660	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:28.264916897 CET	53	51660	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:29.677896023 CET	39293	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:29.800050974 CET	53	39293	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:29.801601887 CET	48462	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:29.923873901 CET	53	48462	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:29.925446033 CET	47789	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:30.047755957 CET	53	47789	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:30.049190998 CET	56795	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:30.171663046 CET	53	56795	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:30.173469067 CET	51643	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:30.295816898 CET	53	51643	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:30.296598911 CET	39619	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:30.419001102 CET	53	39619	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:30.420304060 CET	47042	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:30.542743921 CET	53	47042	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:30.543781042 CET	45118	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:30.666004896 CET	53	45118	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:30.666986942 CET	46134	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:30.789144039 CET	53	46134	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:30.790225983 CET	48069	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:30.912488937 CET	53	48069	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:32.323602915 CET	54720	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:32.445832014 CET	53	54720	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:32.446966887 CET	44953	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:32.570327044 CET	53	44953	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:32.571445942 CET	57277	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:32.693713903 CET	53	57277	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:32.694951057 CET	46072	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:32.817224026 CET	53	46072	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:32.818382025 CET	32992	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:32.940642118 CET	53	32992	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:32.942039013 CET	33290	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:33.064393997 CET	53	33290	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:33.065496922 CET	39581	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:33.187783003 CET	53	39581	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:33.188949108 CET	43324	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:33.311157942 CET	53	43324	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:33.312283039 CET	43378	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:33.434640884 CET	53	43378	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:33.435777903 CET	46809	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:33.557982922 CET	53	46809	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:34.916877985 CET	47124	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:35.039067030 CET	53	47124	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:35.040502071 CET	53985	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:35.163012028 CET	53	53985	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:35.164180994 CET	36773	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:35.286407948 CET	53	36773	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:35.287597895 CET	34494	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:35.409817934 CET	53	34494	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:35.411078930 CET	46852	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:35.533328056 CET	53	46852	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:35.534533024 CET	55393	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:35.656704903 CET	53	55393	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:35.657879114 CET	52272	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:35.779989958 CET	53	52272	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:35.781194925 CET	55571	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:35.903410912 CET	53	55571	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:35.904592037 CET	46650	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:36.026781082 CET	53	46650	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:36.027816057 CET	59789	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:36.150202036 CET	53	59789	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:37.515866041 CET	60827	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:37.638055086 CET	53	60827	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:37.638982058 CET	60141	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:37.761293888 CET	53	60141	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:37.762242079 CET	51898	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:37.884630919 CET	53	51898	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:37.885621071 CET	34493	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:38.007854939 CET	53	34493	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:38.008626938 CET	38122	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:38.131030083 CET	53	38122	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:38.131757021 CET	53631	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:38.254019022 CET	53	53631	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:38.254865885 CET	48256	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:38.377063990 CET	53	48256	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:38.377693892 CET	40790	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:38.499989033 CET	53	40790	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:38.500643969 CET	36955	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:38.622874975 CET	53	36955	8.8.8.8	192.168.2.13
Dec 29, 2024 02:33:38.623550892 CET	45554	53	192.168.2.13	8.8.8.8
Dec 29, 2024 02:33:38.745805979 CET	53	45554	8.8.8.8	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 29, 2024 02:32:58.383335114 CET	192.168.2.13	8.8.8.8	0x5bca	Standard query (0)	raw.intenseapi.com	A (IP address)	IN (0x0001)	false
Dec 29, 2024 02:32:58.622092009 CET	192.168.2.13	8.8.8.8	0xbc3d	Standard query (0)	raw.intenseapi.com. [malformed]	256	458	false
Dec 29, 2024 02:32:58.745435953 CET	192.168.2.13	8.8.8.8	0xbc3d	Standard query (0)	raw.intenseapi.com. [malformed]	256	458	false
Dec 29, 2024 02:32:58.868871927 CET	192.168.2.13	8.8.8.8	0xbc3d	Standard query (0)	raw.intenseapi.com. [malformed]	256	458	false
Dec 29, 2024 02:32:58.992260933 CET	192.168.2.13	8.8.8.8	0xbc3d	Standard query (0)	raw.intenseapi.com. [malformed]	256	459	false
Dec 29, 2024 02:32:59.115801096 CET	192.168.2.13	8.8.8.8	0xbc3d	Standard query (0)	raw.intenseapi.com. [malformed]	256	459	false
Dec 29, 2024 02:33:01.259836912 CET	192.168.2.13	8.8.8.8	0x1151	Standard query (0)	raw.intenseapi.com. [malformed]	256	461	false
Dec 29, 2024 02:33:01.383049011 CET	192.168.2.13	8.8.8.8	0x1151	Standard query (0)	raw.intenseapi.com. [malformed]	256	461	false
Dec 29, 2024 02:33:01.506247044 CET	192.168.2.13	8.8.8.8	0x1151	Standard query (0)	raw.intenseapi.com. [malformed]	256	461	false
Dec 29, 2024 02:33:01.629573107 CET	192.168.2.13	8.8.8.8	0x1151	Standard query (0)	raw.intenseapi.com. [malformed]	256	461	false
Dec 29, 2024 02:33:01.752926111 CET	192.168.2.13	8.8.8.8	0x1151	Standard query (0)	raw.intenseapi.com. [malformed]	256	461	false
Dec 29, 2024 02:33:03.858074903 CET	192.168.2.13	8.8.8.8	0xf069	Standard query (0)	raw.intenseapi.com. [malformed]	256	463	false
Dec 29, 2024 02:33:03.981342077 CET	192.168.2.13	8.8.8.8	0xf069	Standard query (0)	raw.intenseapi.com. [malformed]	256	464	false
Dec 29, 2024 02:33:04.104554892 CET	192.168.2.13	8.8.8.8	0xf069	Standard query (0)	raw.intenseapi.com. [malformed]	256	464	false
Dec 29, 2024 02:33:04.228210926 CET	192.168.2.13	8.8.8.8	0xf069	Standard query (0)	raw.intenseapi.com. [malformed]	256	464	false
Dec 29, 2024 02:33:04.351366997 CET	192.168.2.13	8.8.8.8	0xf069	Standard query (0)	raw.intenseapi.com. [malformed]	256	464	false
Dec 29, 2024 02:33:06.504612923 CET	192.168.2.13	8.8.8.8	0x81a6	Standard query (0)	raw.intenseapi.com. [malformed]	256	466	false
Dec 29, 2024 02:33:06.630007982 CET	192.168.2.13	8.8.8.8	0x81a6	Standard query (0)	raw.intenseapi.com. [malformed]	256	466	false
Dec 29, 2024 02:33:06.753319025 CET	192.168.2.13	8.8.8.8	0x81a6	Standard query (0)	raw.intenseapi.com. [malformed]	256	466	false
Dec 29, 2024 02:33:06.876562119 CET	192.168.2.13	8.8.8.8	0x81a6	Standard query (0)	raw.intenseapi.com. [malformed]	256	466	false
Dec 29, 2024 02:33:06.999718904 CET	192.168.2.13	8.8.8.8	0x81a6	Standard query (0)	raw.intenseapi.com. [malformed]	256	467	false
Dec 29, 2024 02:33:09.152364016 CET	192.168.2.13	8.8.8.8	0x9fe3	Standard query (0)	raw.intenseapi.com. [malformed]	256	469	false
Dec 29, 2024 02:33:09.275604963 CET	192.168.2.13	8.8.8.8	0x9fe3	Standard query (0)	raw.intenseapi.com. [malformed]	256	469	false
Dec 29, 2024 02:33:09.398818016 CET	192.168.2.13	8.8.8.8	0x9fe3	Standard query (0)	raw.intenseapi.com. [malformed]	256	469	false
Dec 29, 2024 02:33:09.521790981 CET	192.168.2.13	8.8.8.8	0x9fe3	Standard query (0)	raw.intenseapi.com. [malformed]	256	469	false
Dec 29, 2024 02:33:09.644732952 CET	192.168.2.13	8.8.8.8	0x9fe3	Standard query (0)	raw.intenseapi.com. [malformed]	256	469	false
Dec 29, 2024 02:33:11.841698885 CET	192.168.2.13	8.8.8.8	0x401c	Standard query (0)	raw.intenseapi.com. [malformed]	256	471	false
Dec 29, 2024 02:33:11.965400934 CET	192.168.2.13	8.8.8.8	0x401c	Standard query (0)	raw.intenseapi.com. [malformed]	256	472	false
Dec 29, 2024 02:33:12.088651896 CET	192.168.2.13	8.8.8.8	0x401c	Standard query (0)	raw.intenseapi.com. [malformed]	256	472	false
Dec 29, 2024 02:33:12.211853027 CET	192.168.2.13	8.8.8.8	0x401c	Standard query (0)	raw.intenseapi.com. [malformed]	256	472	false
Dec 29, 2024 02:33:12.334805012 CET	192.168.2.13	8.8.8.8	0x401c	Standard query (0)	raw.intenseapi.com. [malformed]	256	472	false
Dec 29, 2024 02:33:14.441623926 CET	192.168.2.13	8.8.8.8	0x9dfd	Standard query (0)	raw.intenseapi.com. [malformed]	256	474	false
Dec 29, 2024 02:33:14.564719915 CET	192.168.2.13	8.8.8.8	0x9dfd	Standard query (0)	raw.intenseapi.com. [malformed]	256	474	false
Dec 29, 2024 02:33:14.687747002 CET	192.168.2.13	8.8.8.8	0x9dfd	Standard query (0)	raw.intenseapi.com. [malformed]	256	474	false
Dec 29, 2024 02:33:14.810770035 CET	192.168.2.13	8.8.8.8	0x9dfd	Standard query (0)	raw.intenseapi.com. [malformed]	256	474	false
Dec 29, 2024 02:33:14.933959007 CET	192.168.2.13	8.8.8.8	0x9dfd	Standard query (0)	raw.intenseapi.com. [malformed]	256	475	false
Dec 29, 2024 02:33:17.083317995 CET	192.168.2.13	8.8.8.8	0x8598	Standard query (0)	raw.intenseapi.com. [malformed]	256	477	false
Dec 29, 2024 02:33:17.206744909 CET	192.168.2.13	8.8.8.8	0x8598	Standard query (0)	raw.intenseapi.com. [malformed]	256	477	false
Dec 29, 2024 02:33:17.329931021 CET	192.168.2.13	8.8.8.8	0x8598	Standard query (0)	raw.intenseapi.com. [malformed]	256	477	false
Dec 29, 2024 02:33:17.453021049 CET	192.168.2.13	8.8.8.8	0x8598	Standard query (0)	raw.intenseapi.com. [malformed]	256	477	false
Dec 29, 2024 02:33:17.576308966 CET	192.168.2.13	8.8.8.8	0x8598	Standard query (0)	raw.intenseapi.com. [malformed]	256	477	false
Dec 29, 2024 02:33:19.765804052 CET	192.168.2.13	8.8.8.8	0xcd98	Standard query (0)	raw.intenseapi.com. [malformed]	256	479	false
Dec 29, 2024 02:33:19.889193058 CET	192.168.2.13	8.8.8.8	0xcd98	Standard query (0)	raw.intenseapi.com. [malformed]	256	480	false
Dec 29, 2024 02:33:20.012748003 CET	192.168.2.13	8.8.8.8	0xcd98	Standard query (0)	raw.intenseapi.com. [malformed]	256	480	false
Dec 29, 2024 02:33:20.135900974 CET	192.168.2.13	8.8.8.8	0xcd98	Standard query (0)	raw.intenseapi.com. [malformed]	256	480	false
Dec 29, 2024 02:33:20.259160995 CET	192.168.2.13	8.8.8.8	0xcd98	Standard query (0)	raw.intenseapi.com. [malformed]	256	480	false
Dec 29, 2024 02:33:22.455355883 CET	192.168.2.13	8.8.8.8	0xa573	Standard query (0)	raw.intenseapi.com. [malformed]	256	482	false
Dec 29, 2024 02:33:22.578538895 CET	192.168.2.13	8.8.8.8	0xa573	Standard query (0)	raw.intenseapi.com. [malformed]	256	482	false
Dec 29, 2024 02:33:22.701641083 CET	192.168.2.13	8.8.8.8	0xa573	Standard query (0)	raw.intenseapi.com. [malformed]	256	482	false
Dec 29, 2024 02:33:22.825218916 CET	192.168.2.13	8.8.8.8	0xa573	Standard query (0)	raw.intenseapi.com. [malformed]	256	482	false
Dec 29, 2024 02:33:22.948364019 CET	192.168.2.13	8.8.8.8	0xa573	Standard query (0)	raw.intenseapi.com. [malformed]	256	483	false
Dec 29, 2024 02:33:25.047537088 CET	192.168.2.13	8.8.8.8	0x37cf	Standard query (0)	raw.intenseapi.com. [malformed]	256	485	false
Dec 29, 2024 02:33:25.171122074 CET	192.168.2.13	8.8.8.8	0x37cf	Standard query (0)	raw.intenseapi.com. [malformed]	256	485	false
Dec 29, 2024 02:33:25.294584990 CET	192.168.2.13	8.8.8.8	0x37cf	Standard query (0)	raw.intenseapi.com. [malformed]	256	485	false
Dec 29, 2024 02:33:25.417953014 CET	192.168.2.13	8.8.8.8	0x37cf	Standard query (0)	raw.intenseapi.com. [malformed]	256	485	false
Dec 29, 2024 02:33:25.541263103 CET	192.168.2.13	8.8.8.8	0x37cf	Standard query (0)	raw.intenseapi.com. [malformed]	256	485	false
Dec 29, 2024 02:33:27.647798061 CET	192.168.2.13	8.8.8.8	0xab30	Standard query (0)	raw.intenseapi.com. [malformed]	256	487	false
Dec 29, 2024 02:33:27.771349907 CET	192.168.2.13	8.8.8.8	0xab30	Standard query (0)	raw.intenseapi.com. [malformed]	256	487	false
Dec 29, 2024 02:33:27.895039082 CET	192.168.2.13	8.8.8.8	0xab30	Standard query (0)	raw.intenseapi.com. [malformed]	256	488	false
Dec 29, 2024 02:33:28.018821955 CET	192.168.2.13	8.8.8.8	0xab30	Standard query (0)	raw.intenseapi.com. [malformed]	256	488	false
Dec 29, 2024 02:33:28.142635107 CET	192.168.2.13	8.8.8.8	0xab30	Standard query (0)	raw.intenseapi.com. [malformed]	256	488	false
Dec 29, 2024 02:33:30.296598911 CET	192.168.2.13	8.8.8.8	0x2cbd	Standard query (0)	raw.intenseapi.com. [malformed]	256	490	false
Dec 29, 2024 02:33:30.420304060 CET	192.168.2.13	8.8.8.8	0x2cbd	Standard query (0)	raw.intenseapi.com. [malformed]	256	490	false
Dec 29, 2024 02:33:30.543781042 CET	192.168.2.13	8.8.8.8	0x2cbd	Standard query (0)	raw.intenseapi.com. [malformed]	256	490	false
Dec 29, 2024 02:33:30.666986942 CET	192.168.2.13	8.8.8.8	0x2cbd	Standard query (0)	raw.intenseapi.com. [malformed]	256	490	false
Dec 29, 2024 02:33:30.790225983 CET	192.168.2.13	8.8.8.8	0x2cbd	Standard query (0)	raw.intenseapi.com. [malformed]	256	490	false
Dec 29, 2024 02:33:32.942039013 CET	192.168.2.13	8.8.8.8	0x5d4d	Standard query (0)	raw.intenseapi.com. [malformed]	256	493	false
Dec 29, 2024 02:33:33.065496922 CET	192.168.2.13	8.8.8.8	0x5d4d	Standard query (0)	raw.intenseapi.com. [malformed]	256	493	false
Dec 29, 2024 02:33:33.188949108 CET	192.168.2.13	8.8.8.8	0x5d4d	Standard query (0)	raw.intenseapi.com. [malformed]	256	493	false
Dec 29, 2024 02:33:33.312283039 CET	192.168.2.13	8.8.8.8	0x5d4d	Standard query (0)	raw.intenseapi.com. [malformed]	256	493	false
Dec 29, 2024 02:33:33.435777903 CET	192.168.2.13	8.8.8.8	0x5d4d	Standard query (0)	raw.intenseapi.com. [malformed]	256	493	false
Dec 29, 2024 02:33:35.534533024 CET	192.168.2.13	8.8.8.8	0x71b1	Standard query (0)	raw.intenseapi.com. [malformed]	256	495	false
Dec 29, 2024 02:33:35.657879114 CET	192.168.2.13	8.8.8.8	0x71b1	Standard query (0)	raw.intenseapi.com. [malformed]	256	495	false
Dec 29, 2024 02:33:35.781194925 CET	192.168.2.13	8.8.8.8	0x71b1	Standard query (0)	raw.intenseapi.com. [malformed]	256	495	false
Dec 29, 2024 02:33:35.904592037 CET	192.168.2.13	8.8.8.8	0x71b1	Standard query (0)	raw.intenseapi.com. [malformed]	256	496	false
Dec 29, 2024 02:33:36.027816057 CET	192.168.2.13	8.8.8.8	0x71b1	Standard query (0)	raw.intenseapi.com. [malformed]	256	496	false
Dec 29, 2024 02:33:38.131757021 CET	192.168.2.13	8.8.8.8	0x1f1d	Standard query (0)	raw.intenseapi.com. [malformed]	256	498	false
Dec 29, 2024 02:33:38.254865885 CET	192.168.2.13	8.8.8.8	0x1f1d	Standard query (0)	raw.intenseapi.com. [malformed]	256	498	false
Dec 29, 2024 02:33:38.377693892 CET	192.168.2.13	8.8.8.8	0x1f1d	Standard query (0)	raw.intenseapi.com. [malformed]	256	498	false
Dec 29, 2024 02:33:38.500643969 CET	192.168.2.13	8.8.8.8	0x1f1d	Standard query (0)	raw.intenseapi.com. [malformed]	256	498	false
Dec 29, 2024 02:33:38.623550892 CET	192.168.2.13	8.8.8.8	0x1f1d	Standard query (0)	raw.intenseapi.com. [malformed]	256	498	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 29, 2024 02:32:58.620392084 CET	8.8.8.8	192.168.2.13	0x5bca	No error (0)	raw.intenseapi.com		193.200.78.37	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: Aqua.sh4.elf PID: 5440, Parent PID: 5361

General

Start time (UTC):	01:32:57
Start date (UTC):	29/12/2024
Path:	/tmp/Aqua.sh4.elf
Arguments:	/tmp/Aqua.sh4.elf
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: Aqua.sh4.elf PID: 5442, Parent PID: 5440

General

Start time (UTC):	01:32:57
Start date (UTC):	29/12/2024
Path:	/tmp/Aqua.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Aqua.sh4.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/qemu-open.OQ46ky (deleted)

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: Aqua.sh4.elf PID: 5440, Parent PID: 5361

General

Chronological Activities

Analysis Process: Aqua.sh4.elf PID: 5442, Parent PID: 5440

General

Chronological Activities

Linux Analysis Report
Aqua.sh4.elf