Edit tour

Linux Analysis Report
wlw68k.elf

Overview

General Information

Sample name:	wlw68k.elf
Analysis ID:	1583112
MD5:	0070505c307c8ff5414249c828f80764
SHA1:	d54ef027c64c66d542677430f7c197a1eabc51e2
SHA256:	f60a2537328834ad641c31d4b5c7eb4616477df2ca5bfc0ef2131a12e1d7c348
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	80
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Sample deletes itself

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583112
Start date and time:	2025-01-01 22:55:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	wlw68k.elf
Detection:	MAL
Classification:	mal80.troj.evad.linELF@0/1@96/0

Warnings

VT rate limit hit for: fingwi.cardiacpure.ru. [malformed]

Runtime Messages

Command:	/tmp/wlw68k.elf
PID:	5470
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	about to cum inside a femboy btw
Standard Error:

Process Tree

system is lnxubuntu20

wlw68k.elf (PID: 5470, Parent: 5395, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/wlw68k.elf

wlw68k.elf New Fork (PID: 5472, Parent: 5470)

wlw68k.elf New Fork (PID: 5474, Parent: 5472)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
wlw68k.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
wlw68k.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x21552:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21566:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2157a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2158e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21606:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2161a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2162e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21642:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21656:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2166a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2167e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21692:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x216a6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x216ba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x216ce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x216e2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
5470.1.00007f8c94001000.00007f8c94025000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5470.1.00007f8c94001000.00007f8c94025000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x21552:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21566:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2157a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2158e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21606:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2161a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2162e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21642:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21656:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2166a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2167e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21692:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x216a6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x216ba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x216ce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x216e2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: wlw68k.elf PID: 5470	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: wlw68k.elf PID: 5470	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x16a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1706:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x171a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x172e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1742:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1756:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x176a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x177e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1792:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17a6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17ba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17ce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17e2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17f6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x180a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x181e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1832:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: wlw68k.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: wlw68k.elf	Virustotal: Detection: 40%			Perma Link
Source: wlw68k.elf	ReversingLabs: Detection: 50%

Networking

Sends malformed DNS queries

Source: global traffic

DNS traffic detected: malformed DNS query: fingwi.cardiacpure.ru. [malformed]

Source: global traffic

TCP traffic: 192.168.2.14:34676 -> 178.215.238.112:33966

Source: /tmp/wlw68k.elf (PID: 5474)

Socket: 0.0.0.0:0

Jump to behavior

Source: global traffic	DNS traffic detected: DNS query: fingwi.cardiacpure.ru
Source: global traffic	DNS traffic detected: DNS query: fingwi.cardiacpure.ru. [malformed]

System Summary

Malicious sample detected (through community Yara rule)

Source: wlw68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5470.1.00007f8c94001000.00007f8c94025000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: wlw68k.elf PID: 5470, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: wlw68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5470.1.00007f8c94001000.00007f8c94025000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: wlw68k.elf PID: 5470, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal80.troj.evad.linELF@0/1@96/0

Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/2672/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1583/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3120/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1577/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1610/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/512/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1299/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/514/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/519/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/2946/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/917/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3134/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1593/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3011/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3094/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/2955/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1589/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3129/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1588/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3125/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/767/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/888/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/801/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/769/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/803/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/806/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/807/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/928/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/2956/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/490/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3142/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1635/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1633/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1599/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3139/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1873/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1630/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/657/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/658/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/659/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/418/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/419/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1639/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1638/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1371/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/780/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/660/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/661/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/782/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1369/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/785/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1642/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/940/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/941/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1640/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3147/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1364/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/548/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1647/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/2991/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1383/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1382/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1381/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/791/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/671/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/794/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1655/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/795/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/674/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1653/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/797/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/2983/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3159/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/678/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1650/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3157/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/679/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1659/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3178/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1394/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3172/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3171/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/2999/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/683/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3207/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/684/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/2997/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1300/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1661/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/725/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/726/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1309/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/2517/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3189/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1560/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3188/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3187/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3184/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3183/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1712/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1557/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1314/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/3215/exe	Jump to behavior
Source: /tmp/wlw68k.elf (PID: 5474)	File opened: /proc/1399/exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/wlw68k.elf (PID: 5472)

File: /tmp/wlw68k.elf

Jump to behavior

Source: /tmp/wlw68k.elf (PID: 5470)

Queries kernel information via 'uname':

Jump to behavior

Source: wlw68k.elf, 5470.1.00007ffdcea3b000.00007ffdcea5c000.rw-.sdmp	Binary or memory string: /qemu-open.XXXXX
Source: wlw68k.elf, 5470.1.000055b0fcf2a000.000055b0fcfaf000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: wlw68k.elf, 5470.1.00007ffdcea3b000.00007ffdcea5c000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: wlw68k.elf, 5470.1.00007ffdcea3b000.00007ffdcea5c000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.j8xmkN
Source: wlw68k.elf, 5470.1.00007ffdcea3b000.00007ffdcea5c000.rw-.sdmp	Binary or memory string: U/tmp/qemu-open.j8xmkN\d
Source: wlw68k.elf, 5470.1.000055b0fcf2a000.000055b0fcfaf000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: wlw68k.elf, 5470.1.00007ffdcea3b000.00007ffdcea5c000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/wlw68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/wlw68k.elf

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: wlw68k.elf, type: SAMPLE
Source: Yara match	File source: 5470.1.00007f8c94001000.00007f8c94025000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wlw68k.elf PID: 5470, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: wlw68k.elf, type: SAMPLE
Source: Yara match	File source: 5470.1.00007f8c94001000.00007f8c94025000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wlw68k.elf PID: 5470, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
wlw68k.elf	40%	Virustotal		Browse
wlw68k.elf	50%	ReversingLabs	Linux.Trojan.Mirai
wlw68k.elf	100%	Avira	EXP/ELF.Mirai.Z.A

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fingwi.cardiacpure.ru	178.215.238.112	true	false		high
fingwi.cardiacpure.ru. [malformed]	unknown	unknown	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
178.215.238.112	fingwi.cardiacpure.ru	Germany		10753	LVLT-10753US	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
178.215.238.112	ngwa5.elf	Get hash	malicious	Mirai	Browse
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse
	nvebfe64.elf	Get hash	malicious	Mirai	Browse
	rjnven64.elf	Get hash	malicious	Mirai	Browse
	fnkea7.elf	Get hash	malicious	Mirai	Browse
	wkb86.elf	Get hash	malicious	Mirai	Browse
	njvwa4.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LVLT-10753US	ngwa5.elf	Get hash	malicious	Mirai	Browse	178.215.238.112
	wrjkngh4.elf	Get hash	malicious	Mirai	Browse	178.215.238.112
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse	178.215.238.112
	nvebfe64.elf	Get hash	malicious	Mirai	Browse	178.215.238.112
	rjnven64.elf	Get hash	malicious	Mirai	Browse	178.215.238.112
	fnkea7.elf	Get hash	malicious	Mirai	Browse	178.215.238.112
	wkb86.elf	Get hash	malicious	Mirai	Browse	178.215.238.112
	njvwa4.elf	Get hash	malicious	Mirai	Browse	178.215.238.112
	kqibeps.elf	Get hash	malicious	Mirai	Browse	178.215.238.153
	ngwa5.elf	Get hash	malicious	Mirai	Browse	178.215.238.153

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/tmp/qemu-open.j8xmkN (deleted)

Download File

Process:	/tmp/wlw68k.elf
File Type:	data
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.9979526986606917
Encrypted:	false
SSDEEP:	3:Tg6STsHJN:Tg6SqJN
MD5:	BF3111512D872AB9E3B5A48F0AC80966
SHA1:	03B3640020F5687894E33E25C95FC7568D1C7CB1
SHA-256:	F4210DA08F35288FB3DEDBD7C658D9F05C3E77AB90788EA6EA4CCAC7E29BEE0B
SHA-512:	B96928302693ED844F0B671BB7198095ABEF666CE81EF389C904F1FDA80A4D70C1260E5266C13AA6391B274977140AF7CC0B725C67F36D5E6A565A3361888036
Malicious:	false
Reputation:	low
Preview:	/tmp/wlw68k.elf.nwlrbbmqbh

Static File Info

General

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.798069201562213
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	wlw68k.elf
File size:	166'240 bytes
MD5:	0070505c307c8ff5414249c828f80764
SHA1:	d54ef027c64c66d542677430f7c197a1eabc51e2
SHA256:	f60a2537328834ad641c31d4b5c7eb4616477df2ca5bfc0ef2131a12e1d7c348
SHA512:	fb316ac2ca1ad9e57acb3c64b2280aef25a1dcf2b100eb72f16a494d289547ab203d4c07d24ee7d32a678c484559ae14bf5c7f9b1e37fb020b1b69ed393f48a5
SSDEEP:	3072:sywO98LvXPjC5oCQpQ/Qnc5tV1jbiaLtatdkyUNUGh:/GC5oC6Qgc5fL1yUGGh
TLSH:	BEF329CBFC00CEBDF80AE3364853091AB530B7E251825B3722577D7BAD3A1954967E86
File Content Preview:	.ELF.......................D...4.........4. ...(......................>...>....... .......>...^...^...H....L...... .dt.Q............................NV..a....da.....N^NuNV..J9....f>"y.._. QJ.g.X.#..._.N."y.._. QJ.f.A.....J.g.Hy..>.N.X.........N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	165840
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0x213ca	0x0	0x6	AX	4
.fini	PROGBITS	0x80021472	0x21472	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x80021480	0x21480	0x2a5a	0x0	0x2	A	2
.ctors	PROGBITS	0x80025ee0	0x23ee0	0xc	0x0	0x3	WA	4
.dtors	PROGBITS	0x80025eec	0x23eec	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x80025f00	0x23f00	0x4890	0x0	0x3	WA	32
.bss	NOBITS	0x8002a790	0x28790	0x459c	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x28790	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0x23eda	0x23eda	6.1992	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0x23ee0	0x80025ee0	0x80025ee0	0x48b0	0x8e4c	0.3930	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2025 22:56:01.425718069 CET	34676	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:01.430643082 CET	33966	34676	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:01.430707932 CET	34676	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:01.431526899 CET	34676	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:01.436316013 CET	33966	34676	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:01.436358929 CET	34676	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:01.441148996 CET	33966	34676	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:02.075778008 CET	33966	34676	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:02.075910091 CET	34676	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.076088905 CET	34676	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.146650076 CET	34678	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.151439905 CET	33966	34678	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:02.151504040 CET	34678	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.152249098 CET	34678	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.157037020 CET	33966	34678	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:02.157099962 CET	34678	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.161890030 CET	33966	34678	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:02.775326967 CET	33966	34678	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:02.775531054 CET	34678	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.775589943 CET	34678	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.848409891 CET	34680	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.853199005 CET	33966	34680	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:02.853312016 CET	34680	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.854033947 CET	34680	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.858766079 CET	33966	34680	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:02.858856916 CET	34680	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:02.863625050 CET	33966	34680	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:03.505821943 CET	33966	34680	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:03.506105900 CET	34680	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:03.506105900 CET	34680	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:03.577505112 CET	34682	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:03.582276106 CET	33966	34682	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:03.582319975 CET	34682	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:03.582937956 CET	34682	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:03.587760925 CET	33966	34682	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:03.587820053 CET	34682	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:03.592632055 CET	33966	34682	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:04.219460964 CET	33966	34682	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:04.219597101 CET	34682	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.219644070 CET	34682	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.290602922 CET	34684	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.295429945 CET	33966	34684	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:04.295478106 CET	34684	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.296155930 CET	34684	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.300961018 CET	33966	34684	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:04.301006079 CET	34684	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.305792093 CET	33966	34684	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:04.923147917 CET	33966	34684	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:04.923434973 CET	34684	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.923481941 CET	34684	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.994398117 CET	34686	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.999177933 CET	33966	34686	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:04.999228001 CET	34686	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:04.999895096 CET	34686	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:05.004707098 CET	33966	34686	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:05.004754066 CET	34686	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:05.009551048 CET	33966	34686	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:05.622597933 CET	33966	34686	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:05.623023987 CET	34686	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:05.623044014 CET	34686	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:05.693806887 CET	34688	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:05.698657036 CET	33966	34688	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:05.698700905 CET	34688	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:05.699367046 CET	34688	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:05.704113007 CET	33966	34688	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:05.704160929 CET	34688	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:05.708924055 CET	33966	34688	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:06.335613966 CET	33966	34688	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:06.335680008 CET	34688	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:06.335737944 CET	34688	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:06.407546043 CET	34690	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:06.412317038 CET	33966	34690	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:06.412385941 CET	34690	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:06.413002014 CET	34690	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:06.417762041 CET	33966	34690	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:06.417828083 CET	34690	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:06.422610998 CET	33966	34690	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:07.040826082 CET	33966	34690	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:07.041080952 CET	34690	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.041080952 CET	34690	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.112313032 CET	34692	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.117176056 CET	33966	34692	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:07.117223024 CET	34692	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.117826939 CET	34692	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.122606039 CET	33966	34692	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:07.122668028 CET	34692	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.127404928 CET	33966	34692	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:07.753182888 CET	33966	34692	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:07.753515005 CET	34692	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.753515005 CET	34692	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.823998928 CET	34694	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.828766108 CET	33966	34694	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:07.828826904 CET	34694	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.829479933 CET	34694	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.834208965 CET	33966	34694	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:07.834275007 CET	34694	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:07.839052916 CET	33966	34694	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:08.481311083 CET	33966	34694	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:08.481570959 CET	34694	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:08.481570959 CET	34694	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:08.552263021 CET	34696	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:08.557060957 CET	33966	34696	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:08.557107925 CET	34696	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:08.557737112 CET	34696	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:08.562491894 CET	33966	34696	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:08.562536955 CET	34696	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:08.567343950 CET	33966	34696	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:09.192198992 CET	33966	34696	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:09.192325115 CET	34696	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.192382097 CET	34696	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.264204025 CET	34698	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.268965960 CET	33966	34698	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:09.269037962 CET	34698	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.269777060 CET	34698	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.274517059 CET	33966	34698	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:09.274564028 CET	34698	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.279339075 CET	33966	34698	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:09.892784119 CET	33966	34698	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:09.893024921 CET	34698	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.893024921 CET	34698	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.964224100 CET	34700	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.969052076 CET	33966	34700	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:09.969105959 CET	34700	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.969757080 CET	34700	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.975399017 CET	33966	34700	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:09.975464106 CET	34700	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:09.980252028 CET	33966	34700	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:10.594492912 CET	33966	34700	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:10.594681025 CET	34700	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:10.594681025 CET	34700	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:10.666663885 CET	34702	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:10.671418905 CET	33966	34702	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:10.671488047 CET	34702	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:10.672194958 CET	34702	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:10.676992893 CET	33966	34702	178.215.238.112	192.168.2.14
Jan 1, 2025 22:56:10.677077055 CET	34702	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:56:10.681871891 CET	33966	34702	178.215.238.112	192.168.2.14
Jan 1, 2025 22:57:20.739223957 CET	34702	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:57:20.744136095 CET	33966	34702	178.215.238.112	192.168.2.14
Jan 1, 2025 22:57:30.748864889 CET	34702	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:57:30.753650904 CET	33966	34702	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:00.306058884 CET	33966	34702	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:00.306391001 CET	34702	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:00.311222076 CET	33966	34702	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:01.383258104 CET	34704	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:01.388113022 CET	33966	34704	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:01.388199091 CET	34704	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:01.389157057 CET	34704	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:01.393898010 CET	33966	34704	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:01.393945932 CET	34704	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:01.398785114 CET	33966	34704	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:02.031056881 CET	33966	34704	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:02.031239033 CET	34704	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.031279087 CET	34704	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.102545977 CET	34706	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.107409954 CET	33966	34706	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:02.107467890 CET	34706	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.108082056 CET	34706	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.112864971 CET	33966	34706	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:02.112922907 CET	34706	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.117800951 CET	33966	34706	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:02.750102043 CET	33966	34706	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:02.750230074 CET	34706	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.750262022 CET	34706	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.820312023 CET	34708	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.825146914 CET	33966	34708	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:02.825221062 CET	34708	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.825989962 CET	34708	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.830789089 CET	33966	34708	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:02.830840111 CET	34708	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:02.835607052 CET	33966	34708	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:03.459202051 CET	33966	34708	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:03.459343910 CET	34708	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:03.459345102 CET	34708	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:03.538909912 CET	34710	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:03.543839931 CET	33966	34710	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:03.543931961 CET	34710	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:03.544745922 CET	34710	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:03.549536943 CET	33966	34710	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:03.549586058 CET	34710	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:03.554455996 CET	33966	34710	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:04.167540073 CET	33966	34710	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:04.167735100 CET	34710	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.167773008 CET	34710	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.238687038 CET	34712	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.243467093 CET	33966	34712	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:04.243541002 CET	34712	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.244143009 CET	34712	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.248902082 CET	33966	34712	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:04.248956919 CET	34712	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.253742933 CET	33966	34712	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:04.895668983 CET	33966	34712	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:04.895823956 CET	34712	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.895890951 CET	34712	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.969156981 CET	34714	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.974000931 CET	33966	34714	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:04.974090099 CET	34714	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.974978924 CET	34714	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.979856014 CET	33966	34714	178.215.238.112	192.168.2.14
Jan 1, 2025 22:58:04.979909897 CET	34714	33966	192.168.2.14	178.215.238.112
Jan 1, 2025 22:58:04.986155033 CET	33966	34714	178.215.238.112	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2025 22:56:01.334671974 CET	37699	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:01.387897015 CET	53	37699	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:01.390419960 CET	44996	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:01.397742033 CET	53	44996	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:01.398437977 CET	47310	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:01.404555082 CET	53	47310	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:01.405221939 CET	60522	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:01.411427975 CET	53	60522	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:01.412058115 CET	34022	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:01.418210030 CET	53	34022	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:01.418889999 CET	56574	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:01.425304890 CET	53	56574	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.076913118 CET	50833	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.083039999 CET	53	50833	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.083775043 CET	56935	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.090030909 CET	53	56935	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.090751886 CET	46934	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.097023010 CET	53	46934	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.097731113 CET	48498	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.104032040 CET	53	48498	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.104765892 CET	48121	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.111347914 CET	53	48121	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.112126112 CET	47752	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.118422031 CET	53	47752	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.119137049 CET	44496	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.125427008 CET	53	44496	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.126131058 CET	46645	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.132379055 CET	53	46645	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.133091927 CET	38897	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.139427900 CET	53	38897	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.140130997 CET	43164	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.146287918 CET	53	43164	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.776562929 CET	51323	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.782990932 CET	53	51323	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.783864021 CET	40196	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.790014029 CET	53	40196	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.790864944 CET	53000	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.796967983 CET	53	53000	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.797966003 CET	60743	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.804157019 CET	53	60743	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.805217981 CET	50533	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.811594963 CET	53	50533	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.812686920 CET	55805	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.819174051 CET	53	55805	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.820139885 CET	60836	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.826500893 CET	53	60836	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.827514887 CET	43510	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.833630085 CET	53	43510	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.834558010 CET	59158	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.840996981 CET	53	59158	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:02.841916084 CET	36134	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:02.847940922 CET	53	36134	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.506922960 CET	33860	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.512933016 CET	53	33860	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.513668060 CET	49813	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.520322084 CET	53	49813	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.521089077 CET	34535	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.527362108 CET	53	34535	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.528072119 CET	56867	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.534331083 CET	53	56867	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.535108089 CET	43767	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.541382074 CET	53	43767	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.542119026 CET	34074	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.548326969 CET	53	34074	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.549046993 CET	33978	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.555509090 CET	53	33978	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.556257963 CET	34104	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.562652111 CET	53	34104	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.563395023 CET	58440	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.569760084 CET	53	58440	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:03.570467949 CET	51794	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:03.577153921 CET	53	51794	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.220593929 CET	46195	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.226779938 CET	53	46195	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.227618933 CET	36207	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.234081984 CET	53	36207	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.234883070 CET	47818	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.240823984 CET	53	47818	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.241647005 CET	57289	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.247706890 CET	53	57289	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.248534918 CET	58203	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.254692078 CET	53	58203	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.255530119 CET	46156	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.261867046 CET	53	46156	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.262687922 CET	47144	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.269153118 CET	53	47144	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.269979000 CET	37171	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.276277065 CET	53	37171	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.276998043 CET	44394	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.283219099 CET	53	44394	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.283962965 CET	40480	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.290227890 CET	53	40480	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.924551964 CET	50195	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.930840969 CET	53	50195	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.931608915 CET	51142	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.938194036 CET	53	51142	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.938940048 CET	57075	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.945023060 CET	53	57075	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.945756912 CET	57218	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.952205896 CET	53	57218	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.952939987 CET	49450	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.958997011 CET	53	49450	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.959773064 CET	52939	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.966110945 CET	53	52939	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.966850042 CET	41365	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.972986937 CET	53	41365	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.973722935 CET	41705	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.980166912 CET	53	41705	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.980871916 CET	58386	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.987090111 CET	53	58386	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:04.987782955 CET	45885	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:04.994044065 CET	53	45885	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.624062061 CET	45175	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.630304098 CET	53	45175	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.631043911 CET	54952	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.637461901 CET	53	54952	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.638170958 CET	58279	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.644462109 CET	53	58279	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.645200968 CET	59948	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.651390076 CET	53	59948	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.652122974 CET	37443	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.658380985 CET	53	37443	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.659116983 CET	54116	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.665507078 CET	53	54116	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.666220903 CET	40311	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.672488928 CET	53	40311	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.673216105 CET	52347	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.679450035 CET	53	52347	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.680164099 CET	37601	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.686470985 CET	53	37601	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:05.687164068 CET	58807	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:05.693442106 CET	53	58807	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.337107897 CET	43186	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.343369961 CET	53	43186	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.344794989 CET	45939	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.351110935 CET	53	45939	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.352437973 CET	44180	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.358443022 CET	53	44180	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.359122992 CET	55923	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.365324974 CET	53	55923	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.366025925 CET	35307	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.372217894 CET	53	35307	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.372925043 CET	34519	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.379242897 CET	53	34519	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.379935026 CET	40607	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.386352062 CET	53	40607	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.387032986 CET	40273	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.393467903 CET	53	40273	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.394227982 CET	37432	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.400509119 CET	53	37432	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:06.401171923 CET	52462	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:06.407207012 CET	53	52462	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.041898012 CET	43614	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.048441887 CET	53	43614	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.049325943 CET	56594	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.055488110 CET	53	56594	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.056220055 CET	49776	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.062521935 CET	53	49776	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.063290119 CET	34926	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.069638968 CET	53	34926	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.070326090 CET	41078	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.076494932 CET	53	41078	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.077191114 CET	38982	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.083457947 CET	53	38982	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.084161997 CET	54983	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.090620041 CET	53	54983	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.091315031 CET	54872	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.097660065 CET	53	54872	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.098335981 CET	38417	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.104990005 CET	53	38417	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.105650902 CET	49991	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.111995935 CET	53	49991	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.754313946 CET	53275	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.760566950 CET	53	53275	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.761327982 CET	43163	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.767891884 CET	53	43163	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.768625021 CET	59734	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.774874926 CET	53	59734	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.775573015 CET	53330	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.781867981 CET	53	53330	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.782598019 CET	35246	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.788811922 CET	53	35246	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.789474964 CET	50263	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.795753956 CET	53	50263	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.796435118 CET	58823	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.802728891 CET	53	58823	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.803368092 CET	37043	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.809698105 CET	53	37043	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.810405970 CET	44588	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.816646099 CET	53	44588	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:07.817379951 CET	34616	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:07.823626041 CET	53	34616	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.482273102 CET	37533	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.488750935 CET	53	37533	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.489500999 CET	53888	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.495831013 CET	53	53888	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.496551991 CET	59779	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.502810955 CET	53	59779	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.503514051 CET	60813	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.509773970 CET	53	60813	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.510555029 CET	60522	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.517167091 CET	53	60522	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.517868042 CET	58004	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.524204969 CET	53	58004	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.524880886 CET	33528	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.531183004 CET	53	33528	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.531915903 CET	53732	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.538228989 CET	53	53732	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.538937092 CET	41657	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.545006990 CET	53	41657	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:08.545698881 CET	53266	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:08.551927090 CET	53	53266	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.193361998 CET	52637	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.199625015 CET	53	52637	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.200417042 CET	35230	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.206657887 CET	53	35230	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.207410097 CET	36886	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.213813066 CET	53	36886	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.214565992 CET	42029	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.220899105 CET	53	42029	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.221791029 CET	58961	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.227983952 CET	53	58961	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.228760004 CET	54792	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.235045910 CET	53	54792	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.235862970 CET	43418	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.241991043 CET	53	43418	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.242727041 CET	52318	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.249145985 CET	53	52318	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.249905109 CET	52684	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.256181955 CET	53	52684	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.256932020 CET	50687	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.263835907 CET	53	50687	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.893824100 CET	50814	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.900096893 CET	53	50814	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.900862932 CET	47060	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.907138109 CET	53	47060	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.907923937 CET	42715	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.914201021 CET	53	42715	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.915016890 CET	55057	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.921514988 CET	53	55057	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.922269106 CET	54122	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.928509951 CET	53	54122	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.929287910 CET	59523	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.935183048 CET	53	59523	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.935918093 CET	57017	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.942531109 CET	53	57017	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.943243980 CET	38183	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.949493885 CET	53	38183	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.950223923 CET	49335	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.956804991 CET	53	49335	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:09.957539082 CET	33093	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:09.963874102 CET	53	33093	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.595457077 CET	50924	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.601785898 CET	53	50924	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.602564096 CET	44061	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.608930111 CET	53	44061	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.609677076 CET	59753	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.615865946 CET	53	59753	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.616631985 CET	34568	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.622791052 CET	53	34568	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.623594999 CET	49977	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.629740000 CET	53	49977	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.630486012 CET	36664	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.636758089 CET	53	36664	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.637509108 CET	37434	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.643549919 CET	53	37434	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.644256115 CET	39532	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.650454044 CET	53	39532	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.651180983 CET	45642	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.659137964 CET	53	45642	8.8.8.8	192.168.2.14
Jan 1, 2025 22:56:10.659883976 CET	33840	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:56:10.666273117 CET	53	33840	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.310106039 CET	35685	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.316611052 CET	53	35685	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.317662954 CET	47944	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.323988914 CET	53	47944	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.324965954 CET	33185	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.331206083 CET	53	33185	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.332165003 CET	37641	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.338496923 CET	53	37641	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.339488983 CET	41331	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.345782042 CET	53	41331	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.347882986 CET	34987	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.354233980 CET	53	34987	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.355140924 CET	42850	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.361319065 CET	53	42850	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.362210989 CET	38502	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.368233919 CET	53	38502	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.369198084 CET	51002	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.375458002 CET	53	51002	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:01.376431942 CET	54816	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:01.382780075 CET	53	54816	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.032443047 CET	50883	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.038870096 CET	53	50883	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.039565086 CET	60442	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.045876980 CET	53	60442	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.046531916 CET	56791	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.052694082 CET	53	56791	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.053514957 CET	46142	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.059739113 CET	53	46142	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.060408115 CET	41099	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.066652060 CET	53	41099	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.067332983 CET	60217	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.073798895 CET	53	60217	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.074517012 CET	59863	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.080986023 CET	53	59863	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.081649065 CET	42912	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.087935925 CET	53	42912	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.088587046 CET	56259	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.095060110 CET	53	56259	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.095968962 CET	46202	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.102226019 CET	53	46202	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.751065016 CET	50571	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.757262945 CET	53	50571	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.757863998 CET	44540	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.764172077 CET	53	44540	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.764748096 CET	49635	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.771024942 CET	53	49635	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.771642923 CET	42180	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.778080940 CET	53	42180	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.778673887 CET	36286	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.785226107 CET	53	36286	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.785809040 CET	37907	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.792061090 CET	53	37907	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.792753935 CET	37101	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.799038887 CET	53	37101	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.799623966 CET	54824	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.805841923 CET	53	54824	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.806407928 CET	41467	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.812704086 CET	53	41467	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:02.813257933 CET	58261	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:02.819684029 CET	53	58261	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.460058928 CET	50581	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.466361046 CET	53	50581	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.467041969 CET	47350	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.473351002 CET	53	47350	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.473968983 CET	51994	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.480554104 CET	53	51994	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.488249063 CET	37163	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.494501114 CET	53	37163	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.495439053 CET	51138	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.501889944 CET	53	51138	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.502893925 CET	55387	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.509433031 CET	53	55387	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.510339975 CET	48653	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.516587019 CET	53	48653	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.517462969 CET	59450	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.523955107 CET	53	59450	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.524847031 CET	37778	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.531138897 CET	53	37778	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:03.531963110 CET	47292	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:03.538449049 CET	53	47292	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.168643951 CET	42218	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.175077915 CET	53	42218	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.176213980 CET	53210	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.182476044 CET	53	53210	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.183329105 CET	55758	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.189662933 CET	53	55758	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.190368891 CET	43134	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.196858883 CET	53	43134	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.197484016 CET	57997	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.203684092 CET	53	57997	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.204308987 CET	35476	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.210391998 CET	53	35476	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.211045980 CET	50039	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.217412949 CET	53	50039	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.218039989 CET	60856	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.224354029 CET	53	60856	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.225074053 CET	44924	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.231358051 CET	53	44924	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.232084036 CET	52818	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.238368034 CET	53	52818	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.897238970 CET	40214	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.903405905 CET	53	40214	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.904448986 CET	59193	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.910655975 CET	53	59193	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.911629915 CET	45597	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.917916059 CET	53	45597	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.918912888 CET	51405	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.925127029 CET	53	51405	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.926081896 CET	51255	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.932141066 CET	53	51255	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.933096886 CET	42742	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.939377069 CET	53	42742	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.940401077 CET	34518	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.946670055 CET	53	34518	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.947652102 CET	33599	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.953933954 CET	53	33599	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.954895020 CET	42218	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.961311102 CET	53	42218	8.8.8.8	192.168.2.14
Jan 1, 2025 22:58:04.962306976 CET	40736	53	192.168.2.14	8.8.8.8
Jan 1, 2025 22:58:04.968625069 CET	53	40736	8.8.8.8	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 1, 2025 22:56:01.334671974 CET	192.168.2.14	8.8.8.8	0x9815	Standard query (0)	fingwi.cardiacpure.ru	A (IP address)	IN (0x0001)	false
Jan 1, 2025 22:56:02.076913118 CET	192.168.2.14	8.8.8.8	0x9f15	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:02.083775043 CET	192.168.2.14	8.8.8.8	0x9f15	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:02.090751886 CET	192.168.2.14	8.8.8.8	0x9f15	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:02.097731113 CET	192.168.2.14	8.8.8.8	0x9f15	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:02.104765892 CET	192.168.2.14	8.8.8.8	0x9f15	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:02.776562929 CET	192.168.2.14	8.8.8.8	0x4969	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:02.783864021 CET	192.168.2.14	8.8.8.8	0x4969	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:02.790864944 CET	192.168.2.14	8.8.8.8	0x4969	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:02.797966003 CET	192.168.2.14	8.8.8.8	0x4969	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:02.805217981 CET	192.168.2.14	8.8.8.8	0x4969	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	498	false
Jan 1, 2025 22:56:03.506922960 CET	192.168.2.14	8.8.8.8	0xc212	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	499	false
Jan 1, 2025 22:56:03.513668060 CET	192.168.2.14	8.8.8.8	0xc212	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	499	false
Jan 1, 2025 22:56:03.521089077 CET	192.168.2.14	8.8.8.8	0xc212	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	499	false
Jan 1, 2025 22:56:03.528072119 CET	192.168.2.14	8.8.8.8	0xc212	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	499	false
Jan 1, 2025 22:56:03.535108089 CET	192.168.2.14	8.8.8.8	0xc212	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	499	false
Jan 1, 2025 22:56:04.220593929 CET	192.168.2.14	8.8.8.8	0xeb57	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:04.227618933 CET	192.168.2.14	8.8.8.8	0xeb57	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:04.234883070 CET	192.168.2.14	8.8.8.8	0xeb57	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:04.241647005 CET	192.168.2.14	8.8.8.8	0xeb57	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:04.248534918 CET	192.168.2.14	8.8.8.8	0xeb57	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:04.924551964 CET	192.168.2.14	8.8.8.8	0x2b90	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:04.931608915 CET	192.168.2.14	8.8.8.8	0x2b90	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:04.938940048 CET	192.168.2.14	8.8.8.8	0x2b90	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:04.945756912 CET	192.168.2.14	8.8.8.8	0x2b90	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:04.952939987 CET	192.168.2.14	8.8.8.8	0x2b90	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	500	false
Jan 1, 2025 22:56:05.624062061 CET	192.168.2.14	8.8.8.8	0x528d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	501	false
Jan 1, 2025 22:56:05.631043911 CET	192.168.2.14	8.8.8.8	0x528d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	501	false
Jan 1, 2025 22:56:05.638170958 CET	192.168.2.14	8.8.8.8	0x528d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	501	false
Jan 1, 2025 22:56:05.645200968 CET	192.168.2.14	8.8.8.8	0x528d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	501	false
Jan 1, 2025 22:56:05.652122974 CET	192.168.2.14	8.8.8.8	0x528d	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	501	false
Jan 1, 2025 22:56:06.337107897 CET	192.168.2.14	8.8.8.8	0xfa95	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	502	false
Jan 1, 2025 22:56:06.344794989 CET	192.168.2.14	8.8.8.8	0xfa95	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	502	false
Jan 1, 2025 22:56:06.352437973 CET	192.168.2.14	8.8.8.8	0xfa95	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	502	false
Jan 1, 2025 22:56:06.359122992 CET	192.168.2.14	8.8.8.8	0xfa95	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	502	false
Jan 1, 2025 22:56:06.366025925 CET	192.168.2.14	8.8.8.8	0xfa95	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	502	false
Jan 1, 2025 22:56:07.041898012 CET	192.168.2.14	8.8.8.8	0xacf1	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:07.049325943 CET	192.168.2.14	8.8.8.8	0xacf1	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:07.056220055 CET	192.168.2.14	8.8.8.8	0xacf1	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:07.063290119 CET	192.168.2.14	8.8.8.8	0xacf1	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:07.070326090 CET	192.168.2.14	8.8.8.8	0xacf1	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:07.754313946 CET	192.168.2.14	8.8.8.8	0x66b	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:07.761327982 CET	192.168.2.14	8.8.8.8	0x66b	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:07.768625021 CET	192.168.2.14	8.8.8.8	0x66b	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:07.775573015 CET	192.168.2.14	8.8.8.8	0x66b	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:07.782598019 CET	192.168.2.14	8.8.8.8	0x66b	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	503	false
Jan 1, 2025 22:56:08.482273102 CET	192.168.2.14	8.8.8.8	0xe7cd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	504	false
Jan 1, 2025 22:56:08.489500999 CET	192.168.2.14	8.8.8.8	0xe7cd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	504	false
Jan 1, 2025 22:56:08.496551991 CET	192.168.2.14	8.8.8.8	0xe7cd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	504	false
Jan 1, 2025 22:56:08.503514051 CET	192.168.2.14	8.8.8.8	0xe7cd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	504	false
Jan 1, 2025 22:56:08.510555029 CET	192.168.2.14	8.8.8.8	0xe7cd	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	504	false
Jan 1, 2025 22:56:09.193361998 CET	192.168.2.14	8.8.8.8	0xb743	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:09.200417042 CET	192.168.2.14	8.8.8.8	0xb743	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:09.207410097 CET	192.168.2.14	8.8.8.8	0xb743	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:09.214565992 CET	192.168.2.14	8.8.8.8	0xb743	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:09.221791029 CET	192.168.2.14	8.8.8.8	0xb743	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:09.893824100 CET	192.168.2.14	8.8.8.8	0x33f8	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:09.900862932 CET	192.168.2.14	8.8.8.8	0x33f8	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:09.907923937 CET	192.168.2.14	8.8.8.8	0x33f8	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:09.915016890 CET	192.168.2.14	8.8.8.8	0x33f8	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:09.922269106 CET	192.168.2.14	8.8.8.8	0x33f8	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	505	false
Jan 1, 2025 22:56:10.595457077 CET	192.168.2.14	8.8.8.8	0x88a6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	506	false
Jan 1, 2025 22:56:10.602564096 CET	192.168.2.14	8.8.8.8	0x88a6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	506	false
Jan 1, 2025 22:56:10.609677076 CET	192.168.2.14	8.8.8.8	0x88a6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	506	false
Jan 1, 2025 22:56:10.616631985 CET	192.168.2.14	8.8.8.8	0x88a6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	506	false
Jan 1, 2025 22:56:10.623594999 CET	192.168.2.14	8.8.8.8	0x88a6	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	506	false
Jan 1, 2025 22:58:01.310106039 CET	192.168.2.14	8.8.8.8	0x429e	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 1, 2025 22:58:01.317662954 CET	192.168.2.14	8.8.8.8	0x429e	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 1, 2025 22:58:01.324965954 CET	192.168.2.14	8.8.8.8	0x429e	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 1, 2025 22:58:01.332165003 CET	192.168.2.14	8.8.8.8	0x429e	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 1, 2025 22:58:01.339488983 CET	192.168.2.14	8.8.8.8	0x429e	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	361	false
Jan 1, 2025 22:58:02.032443047 CET	192.168.2.14	8.8.8.8	0xf7ae	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:02.039565086 CET	192.168.2.14	8.8.8.8	0xf7ae	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:02.046531916 CET	192.168.2.14	8.8.8.8	0xf7ae	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:02.053514957 CET	192.168.2.14	8.8.8.8	0xf7ae	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:02.060408115 CET	192.168.2.14	8.8.8.8	0xf7ae	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:02.751065016 CET	192.168.2.14	8.8.8.8	0xe604	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:02.757863998 CET	192.168.2.14	8.8.8.8	0xe604	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:02.764748096 CET	192.168.2.14	8.8.8.8	0xe604	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:02.771642923 CET	192.168.2.14	8.8.8.8	0xe604	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:02.778673887 CET	192.168.2.14	8.8.8.8	0xe604	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	362	false
Jan 1, 2025 22:58:03.460058928 CET	192.168.2.14	8.8.8.8	0xa3cf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	363	false
Jan 1, 2025 22:58:03.467041969 CET	192.168.2.14	8.8.8.8	0xa3cf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	363	false
Jan 1, 2025 22:58:03.473968983 CET	192.168.2.14	8.8.8.8	0xa3cf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	363	false
Jan 1, 2025 22:58:03.488249063 CET	192.168.2.14	8.8.8.8	0xa3cf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	363	false
Jan 1, 2025 22:58:03.495439053 CET	192.168.2.14	8.8.8.8	0xa3cf	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	363	false
Jan 1, 2025 22:58:04.168643951 CET	192.168.2.14	8.8.8.8	0xd66	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false
Jan 1, 2025 22:58:04.176213980 CET	192.168.2.14	8.8.8.8	0xd66	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false
Jan 1, 2025 22:58:04.183329105 CET	192.168.2.14	8.8.8.8	0xd66	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false
Jan 1, 2025 22:58:04.190368891 CET	192.168.2.14	8.8.8.8	0xd66	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false
Jan 1, 2025 22:58:04.197484016 CET	192.168.2.14	8.8.8.8	0xd66	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false
Jan 1, 2025 22:58:04.897238970 CET	192.168.2.14	8.8.8.8	0xb7fb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false
Jan 1, 2025 22:58:04.904448986 CET	192.168.2.14	8.8.8.8	0xb7fb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false
Jan 1, 2025 22:58:04.911629915 CET	192.168.2.14	8.8.8.8	0xb7fb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false
Jan 1, 2025 22:58:04.918912888 CET	192.168.2.14	8.8.8.8	0xb7fb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false
Jan 1, 2025 22:58:04.926081896 CET	192.168.2.14	8.8.8.8	0xb7fb	Standard query (0)	fingwi.cardiacpure.ru. [malformed]	256	364	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 1, 2025 22:56:01.387897015 CET	8.8.8.8	192.168.2.14	0x9815	No error (0)	fingwi.cardiacpure.ru		178.215.238.112	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: wlw68k.elf PID: 5470, Parent PID: 5395

General

Start time (UTC):	21:56:00
Start date (UTC):	01/01/2025
Path:	/tmp/wlw68k.elf
Arguments:	/tmp/wlw68k.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: wlw68k.elf PID: 5472, Parent PID: 5470

General

Start time (UTC):	21:56:00
Start date (UTC):	01/01/2025
Path:	/tmp/wlw68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: wlw68k.elf PID: 5474, Parent PID: 5472

General

Start time (UTC):	21:56:00
Start date (UTC):	01/01/2025
Path:	/tmp/wlw68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report wlw68k.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/qemu-open.j8xmkN (deleted)

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: wlw68k.elf PID: 5470, Parent PID: 5395

General

Chronological Activities

Analysis Process: wlw68k.elf PID: 5472, Parent PID: 5470

General

Chronological Activities

Analysis Process: wlw68k.elf PID: 5474, Parent PID: 5472

General

Chronological Activities

Linux Analysis Report
wlw68k.elf