Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Kloki.arm4.elf

Overview

General Information

Sample name:Kloki.arm4.elf
Analysis ID:1586170
MD5:2e22660cb3d80c9b815c2c202aeb026e
SHA1:90b64d1b75bf2187d5ff8b82420864f12929adfb
SHA256:84a616beb7ec6f1461fd1228ba8f629dc2b9c1d45e9cb26395e9ca7338dfc871
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1586170
Start date and time:2025-01-08 19:46:00 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 53s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.arm4.elf
Detection:MAL
Classification:mal52.spre.linELF@0/0@1/0

Warnings

  • VT rate limit hit for: Kloki.arm4.elf

Runtime Messages

Command:/tmp/Kloki.arm4.elf
PID:5531
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh (PID: 5539, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • sh (PID: 5559, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
  • gnome-shell (PID: 5559, Parent: 1383, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • sh (PID: 5560, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 5560, Parent: 1383, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • sh (PID: 5561, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 5561, Parent: 1383, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • gdm3 New Fork (PID: 5562, Parent: 1289)
  • Default (PID: 5562, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5566, Parent: 1289)
  • Default (PID: 5566, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5571, Parent: 1)
  • systemd-user-runtime-dir (PID: 5571, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-08T19:47:01.896811+010025000362Misc Attack83.222.191.9013566192.168.2.1456486TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Kloki.arm4.elfReversingLabs: Detection: 21%
Source: global trafficTCP traffic: 192.168.2.14:44754 -> 83.222.143.148:13566
Source: global trafficTCP traffic: 192.168.2.14:58470 -> 83.222.30.82:13566
Source: global trafficTCP traffic: 192.168.2.14:47508 -> 83.222.42.78:13566
Source: global trafficTCP traffic: 192.168.2.14:55548 -> 83.222.37.9:13566
Source: global trafficTCP traffic: 192.168.2.14:48446 -> 83.222.47.19:13566
Source: global trafficTCP traffic: 192.168.2.14:59576 -> 83.222.14.137:13566
Source: global trafficTCP traffic: 192.168.2.14:53404 -> 83.222.79.28:13566
Source: global trafficTCP traffic: 192.168.2.14:56458 -> 83.222.237.252:13566
Source: global trafficTCP traffic: 192.168.2.14:33388 -> 83.222.33.3:13566
Source: global trafficTCP traffic: 192.168.2.14:43956 -> 83.222.67.154:13566
Source: global trafficTCP traffic: 192.168.2.14:51952 -> 83.222.164.170:13566
Source: global trafficTCP traffic: 192.168.2.14:38646 -> 83.222.226.122:13566
Source: global trafficTCP traffic: 192.168.2.14:50828 -> 83.222.188.55:13566
Source: global trafficTCP traffic: 192.168.2.14:45466 -> 83.222.78.178:13566
Source: global trafficTCP traffic: 192.168.2.14:54958 -> 83.222.127.11:13566
Source: global trafficTCP traffic: 192.168.2.14:57780 -> 83.222.9.15:13566
Source: global trafficTCP traffic: 192.168.2.14:51310 -> 83.222.159.40:13566
Source: global trafficTCP traffic: 192.168.2.14:47812 -> 83.222.97.202:13566
Source: global trafficTCP traffic: 192.168.2.14:57844 -> 83.222.118.135:13566
Source: global trafficTCP traffic: 192.168.2.14:38362 -> 83.222.211.165:13566
Source: global trafficTCP traffic: 192.168.2.14:39870 -> 83.222.154.225:13566
Source: global trafficTCP traffic: 192.168.2.14:38296 -> 83.222.46.234:13566
Source: global trafficTCP traffic: 192.168.2.14:60866 -> 83.222.253.28:13566
Source: global trafficTCP traffic: 192.168.2.14:47462 -> 83.222.230.31:13566
Source: global trafficTCP traffic: 192.168.2.14:43134 -> 83.222.31.41:13566
Source: global trafficTCP traffic: 192.168.2.14:37366 -> 83.222.185.195:13566
Source: global trafficTCP traffic: 192.168.2.14:36026 -> 83.222.212.155:13566
Source: global trafficTCP traffic: 192.168.2.14:49688 -> 83.222.62.144:13566
Source: global trafficTCP traffic: 192.168.2.14:39756 -> 83.222.210.140:13566
Source: global trafficTCP traffic: 192.168.2.14:43830 -> 83.222.66.82:13566
Source: global trafficTCP traffic: 192.168.2.14:37420 -> 83.222.151.76:13566
Source: global trafficTCP traffic: 192.168.2.14:40496 -> 83.222.97.55:13566
Source: global trafficTCP traffic: 192.168.2.14:53530 -> 83.222.116.194:13566
Source: global trafficTCP traffic: 192.168.2.14:50906 -> 83.222.1.234:13566
Source: global trafficTCP traffic: 192.168.2.14:48248 -> 83.222.73.212:13566
Source: global trafficTCP traffic: 192.168.2.14:60668 -> 83.222.143.228:13566
Source: global trafficTCP traffic: 192.168.2.14:58744 -> 83.222.181.189:13566
Source: global trafficTCP traffic: 192.168.2.14:43608 -> 83.222.206.178:13566
Source: global trafficTCP traffic: 192.168.2.14:42050 -> 83.222.217.180:13566
Source: global trafficTCP traffic: 192.168.2.14:49176 -> 83.222.209.249:13566
Source: global trafficTCP traffic: 192.168.2.14:42548 -> 83.222.221.139:13566
Source: global trafficTCP traffic: 192.168.2.14:51828 -> 83.222.188.177:13566
Source: global trafficTCP traffic: 192.168.2.14:40664 -> 83.222.38.250:13566
Source: global trafficTCP traffic: 192.168.2.14:45282 -> 83.222.66.249:13566
Source: global trafficTCP traffic: 192.168.2.14:43432 -> 83.222.135.132:13566
Source: global trafficTCP traffic: 192.168.2.14:49476 -> 83.222.75.30:13566
Source: global trafficTCP traffic: 192.168.2.14:54086 -> 83.222.208.172:13566
Source: global trafficTCP traffic: 192.168.2.14:37972 -> 83.222.85.68:13566
Source: global trafficTCP traffic: 192.168.2.14:52894 -> 83.222.110.86:13566
Source: global trafficTCP traffic: 192.168.2.14:40260 -> 83.222.46.184:13566
Source: global trafficTCP traffic: 192.168.2.14:41360 -> 83.222.42.189:13566
Source: global trafficTCP traffic: 192.168.2.14:47846 -> 83.222.156.223:13566
Source: global trafficTCP traffic: 192.168.2.14:51100 -> 83.222.123.106:13566
Source: global trafficTCP traffic: 192.168.2.14:46388 -> 83.222.146.84:13566
Source: global trafficTCP traffic: 192.168.2.14:50058 -> 83.222.30.99:13566
Source: global trafficTCP traffic: 192.168.2.14:39276 -> 83.222.77.251:13566
Source: global trafficTCP traffic: 192.168.2.14:56444 -> 83.222.238.10:13566
Source: global trafficTCP traffic: 192.168.2.14:45230 -> 83.222.173.21:13566
Source: global trafficTCP traffic: 192.168.2.14:52168 -> 83.222.4.239:13566
Source: global trafficTCP traffic: 192.168.2.14:54590 -> 83.222.14.139:13566
Source: global trafficTCP traffic: 192.168.2.14:32804 -> 83.222.115.89:13566
Source: global trafficTCP traffic: 192.168.2.14:48966 -> 83.222.170.68:13566
Source: global trafficTCP traffic: 192.168.2.14:47918 -> 83.222.5.255:13566
Source: global trafficTCP traffic: 192.168.2.14:34934 -> 83.222.136.115:13566
Source: global trafficTCP traffic: 192.168.2.14:45460 -> 83.222.86.183:13566
Source: global trafficTCP traffic: 192.168.2.14:51634 -> 83.222.43.128:13566
Source: global trafficTCP traffic: 192.168.2.14:47110 -> 83.222.116.199:13566
Source: global trafficTCP traffic: 192.168.2.14:56486 -> 83.222.191.90:13566
Source: /tmp/Kloki.arm4.elf (PID: 5531)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500036 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 19 : 83.222.191.90:13566 -> 192.168.2.14:56486
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.30.82
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.30.82
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.30.82
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.30.82
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.42.78
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.37.9
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.42.78
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.47.19
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.37.9
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.47.19
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.47.19
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.14.137
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.47.19
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.79.28
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.14.137
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.79.28
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.79.28
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.237.252
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.33.3
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.79.28
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.237.252
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.67.154
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.33.3
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.164.170
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.67.154
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.226.122
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.164.170
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.188.55
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.226.122
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.78.178
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.188.55
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.127.11
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.78.178
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.9.15
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.127.11
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.159.40
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.9.15
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.97.202
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.159.40
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.118.135
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.97.202
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.211.165
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.118.135
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.154.225
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.211.165
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.46.234
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru

System Summary

barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 928, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 940, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 1444, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 1610, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 1639, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 3094, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 3268, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 3420, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5514, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5539, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5559, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5560, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5561, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5562, result: successfulJump to behavior
Source: LOAD without section mappingsProgram segment: 0x8000
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 928, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 940, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 1444, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 1610, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 1639, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 3094, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 3268, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 3420, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5514, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5539, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5559, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5560, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5561, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 5537)SIGKILL sent: pid: 5562, result: successfulJump to behavior
Source: classification engineClassification label: mal52.spre.linELF@0/0@1/0
Source: Kloki.arm4.elfSubmission file: segment LOAD with 7.8901 entropy (max. 8.0)
Source: Kloki.arm4.elfSubmission file: segment LOAD with 7.9555 entropy (max. 8.0)
Source: /tmp/Kloki.arm4.elf (PID: 5531)Queries kernel information via 'uname': Jump to behavior
Source: Kloki.arm4.elf, 5531.1.0000557fb68ab000.0000557fb6a22000.rw-.sdmp, Kloki.arm4.elf, 5535.1.0000557fb68ab000.0000557fb6a22000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: Kloki.arm4.elf, 5531.1.00007fffd21da000.00007fffd21fb000.rw-.sdmp, Kloki.arm4.elf, 5535.1.00007fffd21da000.00007fffd21fb000.rw-.sdmpBinary or memory string: mx86_64/usr/bin/qemu-arm/tmp/Kloki.arm4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.arm4.elf
Source: Kloki.arm4.elf, 5531.1.0000557fb68ab000.0000557fb6a22000.rw-.sdmp, Kloki.arm4.elf, 5535.1.0000557fb68ab000.0000557fb6a22000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: Kloki.arm4.elf, 5531.1.00007fffd21da000.00007fffd21fb000.rw-.sdmp, Kloki.arm4.elf, 5535.1.00007fffd21da000.00007fffd21fb000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586170 Sample: Kloki.arm4.elf Startdate: 08/01/2025 Architecture: LINUX Score: 52 23 83.222.164.170, 13566, 51952 WAVENETLB Bulgaria 2->23 25 83.222.127.11, 13566, 54958 TRI-ASTrueRecordsIncES Russian Federation 2->25 27 66 other IPs or domains 2->27 31 Multi AV Scanner detection for submitted file 2->31 8 Kloki.arm4.elf 2->8         started        10 gnome-session-binary sh gnome-shell 2->10         started        12 gnome-session-binary sh gsd-print-notifications 2->12         started        14 5 other processes 2->14 signatures3 process4 process5 16 Kloki.arm4.elf 8->16         started        process6 18 Kloki.arm4.elf 16->18         started        21 Kloki.arm4.elf 16->21         started        signatures7 29 Sample tries to kill multiple processes (SIGKILL) 18->29

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kloki.arm4.elf21%ReversingLabsLinux.Trojan.Svirtu

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    83.222.230.31
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.5.255
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.46.234
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.127.11
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.136.115
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.31.41
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.188.55
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.1.234
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.159.40
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.164.170
    		unknownBulgaria
    		31037WAVENETLBfalse
    83.222.42.189
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.143.228
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.221.139
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.86.183
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.143.148
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.211.165
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.185.195
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.14.137
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.14.139
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.77.251
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.97.202
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.47.19
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.79.28
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.30.82
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.78.178
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.46.184
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.66.249
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.75.30
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.118.135
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.181.189
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.62.144
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.85.68
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.173.21
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.135.132
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.208.172
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.43.128
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.42.78
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.67.154
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.66.82
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.188.177
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.238.10
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.212.155
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.210.140
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.9.15
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.115.89
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.116.199
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.156.223
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.170.68
    		unknownBulgaria
    		49040KIG-UNISAT-TVBGfalse
    83.222.116.194
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.206.178
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.73.212
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.123.106
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.37.9
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.191.90
    		secure-network-rebirthltd.ruBulgaria
    		43561NET1-ASBGfalse
    83.222.97.55
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.209.249
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.33.3
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.146.84
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.110.86
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.30.99
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.4.239
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.226.122
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.237.252
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.38.250
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.217.180
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.253.28
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.151.76
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.154.225
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    secure-network-rebirthltd.ruKloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    COGECO-PEER1CAKloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.237.30
    http://plnbl.io/review/VdCYQSoKp54zGet hashmaliciousHTMLPhisherBrowse
    • 66.33.60.194
    miori.sh4.elfGet hashmaliciousUnknownBrowse
    • 209.35.191.178
    https://bawarq.org/r.php?id=YoExsdlTj9ej3sIxs1X7aZn3DzYWS8OQ2Get hashmaliciousUnknownBrowse
    • 162.254.38.37
    Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
    • 69.90.254.78
    https://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
    • 66.33.60.194
    https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
    • 66.33.60.35
    armv4l.elfGet hashmaliciousUnknownBrowse
    • 176.74.182.119
    fuckunix.x86.elfGet hashmaliciousMiraiBrowse
    • 69.90.30.210
    Fantazy.x86.elfGet hashmaliciousUnknownBrowse
    • 72.51.27.59
    LOL-ASluLUKloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.34.98
    jew.x86.elfGet hashmaliciousUnknownBrowse
    • 85.10.122.249
    ppc.elfGet hashmaliciousMiraiBrowse
    • 85.10.122.239
    sh4.elfGet hashmaliciousMirai, MoobotBrowse
    • 85.10.122.206
    debug.dbg.elfGet hashmaliciousMirai, GafgytBrowse
    • 85.10.122.235
    sh4.elfGet hashmaliciousUnknownBrowse
    • 85.10.122.213
    wlcougQfbn.elfGet hashmaliciousUnknownBrowse
    • 85.10.122.243
    J8hytxrLBJ.elfGet hashmaliciousMiraiBrowse
    • 85.10.122.212
    u3FxQf1X9v.elfGet hashmaliciousMiraiBrowse
    • 85.10.122.211
    9BrsO1bmfY.elfGet hashmaliciousMiraiBrowse
    • 185.6.235.73
    MASTERHOST-ASMoscowRussiaRUKloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.6.146
    https://klickskydd.skolverket.org/?url=https%3A%2F%2Fwww.gazeta.ru%2Fpolitics%2Fnews%2F2024%2F12%2F22%2F24684722.shtml&id=71de&rcpt=upplysningstjansten@skolverket.se&tss=1735469857&msgid=b53e7603-c5d3-11ef-8a2e-0050569b0508&html=1&h=ded85c63Get hashmaliciousHTMLPhisherBrowse
    • 87.242.127.163
    https://www.gazeta.ru/politics/news/2024/12/22/24684722.shtmlGet hashmaliciousHTMLPhisherBrowse
    • 87.242.127.163
    https://www.gazeta.ru/politics/news/2024/12/22/24684854.shtmlGet hashmaliciousHTMLPhisherBrowse
    • 87.242.127.163
    nabm68k.elfGet hashmaliciousUnknownBrowse
    • 84.252.174.53
    f5TWdT5EAc.exeGet hashmaliciousPhorpiex, RHADAMANTHYS, XmrigBrowse
    • 90.156.163.119
    newtpp.exeGet hashmaliciousXmrigBrowse
    • 90.156.160.43
    LM94OE0VNK.exeGet hashmaliciousUnknownBrowse
    • 90.156.160.6
    santi.exeGet hashmaliciousFormBookBrowse
    • 90.156.201.74
    arm.nn-20241122-0008.elfGet hashmaliciousMirai, OkiruBrowse
    • 217.16.29.179
    TRI-ASTrueRecordsIncESKloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.126.31
    https://sazi.online/91150/?utm_source=HueVu&utm_medium=AlluringAngels&utm_campaign=Girls&fbclid=IwAR0edkaxp99ZoQQmBnk5RzNjaLguZlK7xHWUVNwiZ8B5L1Dgxb2UluLI-6UGet hashmaliciousUnknownBrowse
    • 212.124.124.115
    https://sports.zaly.online/57724/Get hashmaliciousUnknownBrowse
    • 212.124.124.8
    skyljne.arm5.elfGet hashmaliciousMiraiBrowse
    • 212.124.111.159
    https://sumosear.ch/phone/405-437-3238Get hashmaliciousUnknownBrowse
    • 212.124.124.186
    https://www.filezzz.com/d/4bc0a5a2dec44da992c97637b636bd92/Purchase%20Order%20(2)%20(1).html/previewGet hashmaliciousHTMLPhisherBrowse
    • 212.124.105.153
    https://dolphin-app-gmqrc.ondigitalocean.app/c0678e7d922226400010b5657b4f5159/?client_id=0000007990-0000-0lty-ij00-000000000&y=6eamRuYXBpZXJAaGVuaWZmLmNvbQ%3D%3D&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=trueGet hashmaliciousUnknownBrowse
    • 212.124.125.206
    preggo.apkGet hashmaliciousUnknownBrowse
    • 212.124.124.151
    preggo.apkGet hashmaliciousUnknownBrowse
    • 212.124.125.156

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, no section header
    Entropy (8bit):7.953025596579037
    TrID:
    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
    File name:Kloki.arm4.elf
    File size:32'164 bytes
    MD5:2e22660cb3d80c9b815c2c202aeb026e
    SHA1:90b64d1b75bf2187d5ff8b82420864f12929adfb
    SHA256:84a616beb7ec6f1461fd1228ba8f629dc2b9c1d45e9cb26395e9ca7338dfc871
    SHA512:86221993ce4adc082ff93f687b706fb1d37971af608c3d9938c04274e120b99c2c26e8dffe6c0224a44858b7e5b3fea957dd31c2a018895983df56c7059e93e0
    SSDEEP:768:heh2UMosaCcZeOHVBT/M5ZD1k05EQCO14gFfosBKUHnC3UGwt:urVPT/IthkO1TwPUHnewt
    TLSH:ACE2E1236590E8B3C63111B3DC3D9902779BA6A521DAB075070CC2B67F89D9318BB87F
    File Content Preview:.ELF...a..........(......k..4...........4. ...(..........................5...........................|...|..........Q.td............................\...sfga........\...\.......P..........?.E.h;.}...^..........f<....%.",.....n7..Io..a...e...9.<...B9..{..j.

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, little endian
    Version:1 (current)
    Machine:ARM
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:ARM - ABI
    ABI Version:0
    Entry Point Address:0x26b04
    Flags:0x202
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:0
    Section Header Size:40
    Number of Section Headers:0
    Header String Table Index:0

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x80000x80000x10000x135007.89010x6RW 0x8000
    LOAD0x00x200000x200000x7cb30x7cb37.95550x5R E0x8000
    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

    Network Behavior

    Suricata IDS Alerts

    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
    2025-01-08T19:47:01.896811+01002500036ET COMPROMISED Known Compromised or Hostile Host Traffic group 19283.222.191.9013566192.168.2.1456486TCP

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 8, 2025 19:47:01.569853067 CET4475413566192.168.2.1483.222.143.148
    Jan 8, 2025 19:47:01.574610949 CET135664475483.222.143.148192.168.2.14
    Jan 8, 2025 19:47:01.574692011 CET4475413566192.168.2.1483.222.143.148
    Jan 8, 2025 19:47:01.576587915 CET4475413566192.168.2.1483.222.143.148
    Jan 8, 2025 19:47:01.581446886 CET135664475483.222.143.148192.168.2.14
    Jan 8, 2025 19:47:01.581495047 CET4475413566192.168.2.1483.222.143.148
    Jan 8, 2025 19:47:01.600162983 CET5847013566192.168.2.1483.222.30.82
    Jan 8, 2025 19:47:01.604962111 CET135665847083.222.30.82192.168.2.14
    Jan 8, 2025 19:47:01.605015039 CET5847013566192.168.2.1483.222.30.82
    Jan 8, 2025 19:47:01.618233919 CET5847013566192.168.2.1483.222.30.82
    Jan 8, 2025 19:47:01.623116016 CET135665847083.222.30.82192.168.2.14
    Jan 8, 2025 19:47:01.623147964 CET5847013566192.168.2.1483.222.30.82
    Jan 8, 2025 19:47:01.625601053 CET4750813566192.168.2.1483.222.42.78
    Jan 8, 2025 19:47:01.629892111 CET5554813566192.168.2.1483.222.37.9
    Jan 8, 2025 19:47:01.630403996 CET135664750883.222.42.78192.168.2.14
    Jan 8, 2025 19:47:01.630450010 CET4750813566192.168.2.1483.222.42.78
    Jan 8, 2025 19:47:01.631341934 CET4844613566192.168.2.1483.222.47.19
    Jan 8, 2025 19:47:01.634639025 CET135665554883.222.37.9192.168.2.14
    Jan 8, 2025 19:47:01.634689093 CET5554813566192.168.2.1483.222.37.9
    Jan 8, 2025 19:47:01.636176109 CET135664844683.222.47.19192.168.2.14
    Jan 8, 2025 19:47:01.636244059 CET4844613566192.168.2.1483.222.47.19
    Jan 8, 2025 19:47:01.643153906 CET4844613566192.168.2.1483.222.47.19
    Jan 8, 2025 19:47:01.646699905 CET5957613566192.168.2.1483.222.14.137
    Jan 8, 2025 19:47:01.648053885 CET135664844683.222.47.19192.168.2.14
    Jan 8, 2025 19:47:01.648103952 CET4844613566192.168.2.1483.222.47.19
    Jan 8, 2025 19:47:01.648237944 CET5340413566192.168.2.1483.222.79.28
    Jan 8, 2025 19:47:01.651485920 CET135665957683.222.14.137192.168.2.14
    Jan 8, 2025 19:47:01.651539087 CET5957613566192.168.2.1483.222.14.137
    Jan 8, 2025 19:47:01.653003931 CET135665340483.222.79.28192.168.2.14
    Jan 8, 2025 19:47:01.653048992 CET5340413566192.168.2.1483.222.79.28
    Jan 8, 2025 19:47:01.660068035 CET5340413566192.168.2.1483.222.79.28
    Jan 8, 2025 19:47:01.661174059 CET5645813566192.168.2.1483.222.237.252
    Jan 8, 2025 19:47:01.663919926 CET3338813566192.168.2.1483.222.33.3
    Jan 8, 2025 19:47:01.664877892 CET135665340483.222.79.28192.168.2.14
    Jan 8, 2025 19:47:01.664923906 CET5340413566192.168.2.1483.222.79.28
    Jan 8, 2025 19:47:01.665920973 CET135665645883.222.237.252192.168.2.14
    Jan 8, 2025 19:47:01.665966988 CET5645813566192.168.2.1483.222.237.252
    Jan 8, 2025 19:47:01.666832924 CET4395613566192.168.2.1483.222.67.154
    Jan 8, 2025 19:47:01.668704033 CET135663338883.222.33.3192.168.2.14
    Jan 8, 2025 19:47:01.668772936 CET3338813566192.168.2.1483.222.33.3
    Jan 8, 2025 19:47:01.669761896 CET5195213566192.168.2.1483.222.164.170
    Jan 8, 2025 19:47:01.671674013 CET135664395683.222.67.154192.168.2.14
    Jan 8, 2025 19:47:01.671708107 CET4395613566192.168.2.1483.222.67.154
    Jan 8, 2025 19:47:01.673381090 CET3864613566192.168.2.1483.222.226.122
    Jan 8, 2025 19:47:01.674518108 CET135665195283.222.164.170192.168.2.14
    Jan 8, 2025 19:47:01.674559116 CET5195213566192.168.2.1483.222.164.170
    Jan 8, 2025 19:47:01.676362038 CET5082813566192.168.2.1483.222.188.55
    Jan 8, 2025 19:47:01.678133965 CET135663864683.222.226.122192.168.2.14
    Jan 8, 2025 19:47:01.678177118 CET3864613566192.168.2.1483.222.226.122
    Jan 8, 2025 19:47:01.679579020 CET4546613566192.168.2.1483.222.78.178
    Jan 8, 2025 19:47:01.681184053 CET135665082883.222.188.55192.168.2.14
    Jan 8, 2025 19:47:01.681231976 CET5082813566192.168.2.1483.222.188.55
    Jan 8, 2025 19:47:01.682698011 CET5495813566192.168.2.1483.222.127.11
    Jan 8, 2025 19:47:01.684415102 CET135664546683.222.78.178192.168.2.14
    Jan 8, 2025 19:47:01.684452057 CET4546613566192.168.2.1483.222.78.178
    Jan 8, 2025 19:47:01.685240984 CET5778013566192.168.2.1483.222.9.15
    Jan 8, 2025 19:47:01.687465906 CET135665495883.222.127.11192.168.2.14
    Jan 8, 2025 19:47:01.687511921 CET5495813566192.168.2.1483.222.127.11
    Jan 8, 2025 19:47:01.688198090 CET5131013566192.168.2.1483.222.159.40
    Jan 8, 2025 19:47:01.690057993 CET135665778083.222.9.15192.168.2.14
    Jan 8, 2025 19:47:01.690118074 CET5778013566192.168.2.1483.222.9.15
    Jan 8, 2025 19:47:01.691561937 CET4781213566192.168.2.1483.222.97.202
    Jan 8, 2025 19:47:01.693038940 CET135665131083.222.159.40192.168.2.14
    Jan 8, 2025 19:47:01.693083048 CET5131013566192.168.2.1483.222.159.40
    Jan 8, 2025 19:47:01.694892883 CET5784413566192.168.2.1483.222.118.135
    Jan 8, 2025 19:47:01.696320057 CET135664781283.222.97.202192.168.2.14
    Jan 8, 2025 19:47:01.696361065 CET4781213566192.168.2.1483.222.97.202
    Jan 8, 2025 19:47:01.697841883 CET3836213566192.168.2.1483.222.211.165
    Jan 8, 2025 19:47:01.699680090 CET135665784483.222.118.135192.168.2.14
    Jan 8, 2025 19:47:01.699727058 CET5784413566192.168.2.1483.222.118.135
    Jan 8, 2025 19:47:01.701452017 CET3987013566192.168.2.1483.222.154.225
    Jan 8, 2025 19:47:01.702656984 CET135663836283.222.211.165192.168.2.14
    Jan 8, 2025 19:47:01.702697992 CET3836213566192.168.2.1483.222.211.165
    Jan 8, 2025 19:47:01.702965975 CET3829613566192.168.2.1483.222.46.234
    Jan 8, 2025 19:47:01.704400063 CET6086613566192.168.2.1483.222.253.28
    Jan 8, 2025 19:47:01.706146955 CET4746213566192.168.2.1483.222.230.31
    Jan 8, 2025 19:47:01.706275940 CET135663987083.222.154.225192.168.2.14
    Jan 8, 2025 19:47:01.706319094 CET3987013566192.168.2.1483.222.154.225
    Jan 8, 2025 19:47:01.707926035 CET135663829683.222.46.234192.168.2.14
    Jan 8, 2025 19:47:01.707969904 CET3829613566192.168.2.1483.222.46.234
    Jan 8, 2025 19:47:01.708651066 CET4313413566192.168.2.1483.222.31.41
    Jan 8, 2025 19:47:01.709167957 CET135666086683.222.253.28192.168.2.14
    Jan 8, 2025 19:47:01.709209919 CET6086613566192.168.2.1483.222.253.28
    Jan 8, 2025 19:47:01.711263895 CET135664746283.222.230.31192.168.2.14
    Jan 8, 2025 19:47:01.711302996 CET4746213566192.168.2.1483.222.230.31
    Jan 8, 2025 19:47:01.711507082 CET3736613566192.168.2.1483.222.185.195
    Jan 8, 2025 19:47:01.713560104 CET135664313483.222.31.41192.168.2.14
    Jan 8, 2025 19:47:01.714027882 CET4313413566192.168.2.1483.222.31.41
    Jan 8, 2025 19:47:01.715337992 CET3602613566192.168.2.1483.222.212.155
    Jan 8, 2025 19:47:01.716907024 CET135663736683.222.185.195192.168.2.14
    Jan 8, 2025 19:47:01.717118979 CET3736613566192.168.2.1483.222.185.195
    Jan 8, 2025 19:47:01.718063116 CET4968813566192.168.2.1483.222.62.144
    Jan 8, 2025 19:47:01.722490072 CET135663602683.222.212.155192.168.2.14
    Jan 8, 2025 19:47:01.722537041 CET3602613566192.168.2.1483.222.212.155
    Jan 8, 2025 19:47:01.722677946 CET3975613566192.168.2.1483.222.210.140
    Jan 8, 2025 19:47:01.724539042 CET135664968883.222.62.144192.168.2.14
    Jan 8, 2025 19:47:01.724577904 CET4968813566192.168.2.1483.222.62.144
    Jan 8, 2025 19:47:01.726982117 CET4383013566192.168.2.1483.222.66.82
    Jan 8, 2025 19:47:01.727531910 CET135663975683.222.210.140192.168.2.14
    Jan 8, 2025 19:47:01.727580070 CET3975613566192.168.2.1483.222.210.140
    Jan 8, 2025 19:47:01.729499102 CET3742013566192.168.2.1483.222.151.76
    Jan 8, 2025 19:47:01.731726885 CET135664383083.222.66.82192.168.2.14
    Jan 8, 2025 19:47:01.731772900 CET4383013566192.168.2.1483.222.66.82
    Jan 8, 2025 19:47:01.734349012 CET135663742083.222.151.76192.168.2.14
    Jan 8, 2025 19:47:01.734400034 CET3742013566192.168.2.1483.222.151.76
    Jan 8, 2025 19:47:01.754406929 CET3742013566192.168.2.1483.222.151.76
    Jan 8, 2025 19:47:01.755655050 CET4049613566192.168.2.1483.222.97.55
    Jan 8, 2025 19:47:01.758447886 CET5353013566192.168.2.1483.222.116.194
    Jan 8, 2025 19:47:01.759306908 CET135663742083.222.151.76192.168.2.14
    Jan 8, 2025 19:47:01.759351015 CET3742013566192.168.2.1483.222.151.76
    Jan 8, 2025 19:47:01.760438919 CET135664049683.222.97.55192.168.2.14
    Jan 8, 2025 19:47:01.760478020 CET4049613566192.168.2.1483.222.97.55
    Jan 8, 2025 19:47:01.761107922 CET5090613566192.168.2.1483.222.1.234
    Jan 8, 2025 19:47:01.763243914 CET135665353083.222.116.194192.168.2.14
    Jan 8, 2025 19:47:01.763298988 CET5353013566192.168.2.1483.222.116.194
    Jan 8, 2025 19:47:01.765902996 CET135665090683.222.1.234192.168.2.14
    Jan 8, 2025 19:47:01.765953064 CET5090613566192.168.2.1483.222.1.234
    Jan 8, 2025 19:47:01.766227007 CET5090613566192.168.2.1483.222.1.234
    Jan 8, 2025 19:47:01.767014980 CET4824813566192.168.2.1483.222.73.212
    Jan 8, 2025 19:47:01.770339966 CET6066813566192.168.2.1483.222.143.228
    Jan 8, 2025 19:47:01.771224976 CET135665090683.222.1.234192.168.2.14
    Jan 8, 2025 19:47:01.771275043 CET5090613566192.168.2.1483.222.1.234
    Jan 8, 2025 19:47:01.771892071 CET135664824883.222.73.212192.168.2.14
    Jan 8, 2025 19:47:01.771931887 CET4824813566192.168.2.1483.222.73.212
    Jan 8, 2025 19:47:01.775170088 CET5874413566192.168.2.1483.222.181.189
    Jan 8, 2025 19:47:01.775201082 CET135666066883.222.143.228192.168.2.14
    Jan 8, 2025 19:47:01.775250912 CET6066813566192.168.2.1483.222.143.228
    Jan 8, 2025 19:47:01.779546022 CET4360813566192.168.2.1483.222.206.178
    Jan 8, 2025 19:47:01.780035019 CET135665874483.222.181.189192.168.2.14
    Jan 8, 2025 19:47:01.780070066 CET5874413566192.168.2.1483.222.181.189
    Jan 8, 2025 19:47:01.782449007 CET4205013566192.168.2.1483.222.217.180
    Jan 8, 2025 19:47:01.784363031 CET135664360883.222.206.178192.168.2.14
    Jan 8, 2025 19:47:01.784423113 CET4360813566192.168.2.1483.222.206.178
    Jan 8, 2025 19:47:01.787271023 CET135664205083.222.217.180192.168.2.14
    Jan 8, 2025 19:47:01.787399054 CET4205013566192.168.2.1483.222.217.180
    Jan 8, 2025 19:47:01.788239002 CET4917613566192.168.2.1483.222.209.249
    Jan 8, 2025 19:47:01.791266918 CET4254813566192.168.2.1483.222.221.139
    Jan 8, 2025 19:47:01.793082952 CET135664917683.222.209.249192.168.2.14
    Jan 8, 2025 19:47:01.793123007 CET4917613566192.168.2.1483.222.209.249
    Jan 8, 2025 19:47:01.793575048 CET5182813566192.168.2.1483.222.188.177
    Jan 8, 2025 19:47:01.795984983 CET4066413566192.168.2.1483.222.38.250
    Jan 8, 2025 19:47:01.795994043 CET135664254883.222.221.139192.168.2.14
    Jan 8, 2025 19:47:01.796066999 CET4254813566192.168.2.1483.222.221.139
    Jan 8, 2025 19:47:01.797975063 CET4528213566192.168.2.1483.222.66.249
    Jan 8, 2025 19:47:01.798333883 CET135665182883.222.188.177192.168.2.14
    Jan 8, 2025 19:47:01.798378944 CET5182813566192.168.2.1483.222.188.177
    Jan 8, 2025 19:47:01.800221920 CET4343213566192.168.2.1483.222.135.132
    Jan 8, 2025 19:47:01.800842047 CET135664066483.222.38.250192.168.2.14
    Jan 8, 2025 19:47:01.800899029 CET4066413566192.168.2.1483.222.38.250
    Jan 8, 2025 19:47:01.802809000 CET135664528283.222.66.249192.168.2.14
    Jan 8, 2025 19:47:01.802865028 CET4528213566192.168.2.1483.222.66.249
    Jan 8, 2025 19:47:01.803281069 CET4947613566192.168.2.1483.222.75.30
    Jan 8, 2025 19:47:01.805005074 CET135664343283.222.135.132192.168.2.14
    Jan 8, 2025 19:47:01.805048943 CET4343213566192.168.2.1483.222.135.132
    Jan 8, 2025 19:47:01.805871010 CET5408613566192.168.2.1483.222.208.172
    Jan 8, 2025 19:47:01.808068991 CET135664947683.222.75.30192.168.2.14
    Jan 8, 2025 19:47:01.808114052 CET4947613566192.168.2.1483.222.75.30
    Jan 8, 2025 19:47:01.808764935 CET3797213566192.168.2.1483.222.85.68
    Jan 8, 2025 19:47:01.810619116 CET135665408683.222.208.172192.168.2.14
    Jan 8, 2025 19:47:01.810664892 CET5408613566192.168.2.1483.222.208.172
    Jan 8, 2025 19:47:01.811774969 CET5289413566192.168.2.1483.222.110.86
    Jan 8, 2025 19:47:01.813508034 CET135663797283.222.85.68192.168.2.14
    Jan 8, 2025 19:47:01.813535929 CET3797213566192.168.2.1483.222.85.68
    Jan 8, 2025 19:47:01.814941883 CET4026013566192.168.2.1483.222.46.184
    Jan 8, 2025 19:47:01.816586018 CET135665289483.222.110.86192.168.2.14
    Jan 8, 2025 19:47:01.816618919 CET5289413566192.168.2.1483.222.110.86
    Jan 8, 2025 19:47:01.817548990 CET4136013566192.168.2.1483.222.42.189
    Jan 8, 2025 19:47:01.819720984 CET135664026083.222.46.184192.168.2.14
    Jan 8, 2025 19:47:01.819760084 CET4026013566192.168.2.1483.222.46.184
    Jan 8, 2025 19:47:01.820147991 CET4784613566192.168.2.1483.222.156.223
    Jan 8, 2025 19:47:01.822422028 CET5110013566192.168.2.1483.222.123.106
    Jan 8, 2025 19:47:01.822455883 CET135664136083.222.42.189192.168.2.14
    Jan 8, 2025 19:47:01.822487116 CET4136013566192.168.2.1483.222.42.189
    Jan 8, 2025 19:47:01.824779987 CET4638813566192.168.2.1483.222.146.84
    Jan 8, 2025 19:47:01.824938059 CET135664784683.222.156.223192.168.2.14
    Jan 8, 2025 19:47:01.824971914 CET4784613566192.168.2.1483.222.156.223
    Jan 8, 2025 19:47:01.827224016 CET5005813566192.168.2.1483.222.30.99
    Jan 8, 2025 19:47:01.827357054 CET135665110083.222.123.106192.168.2.14
    Jan 8, 2025 19:47:01.827398062 CET5110013566192.168.2.1483.222.123.106
    Jan 8, 2025 19:47:01.829555035 CET135664638883.222.146.84192.168.2.14
    Jan 8, 2025 19:47:01.829588890 CET4638813566192.168.2.1483.222.146.84
    Jan 8, 2025 19:47:01.831559896 CET3927613566192.168.2.1483.222.77.251
    Jan 8, 2025 19:47:01.832073927 CET135665005883.222.30.99192.168.2.14
    Jan 8, 2025 19:47:01.832134008 CET5005813566192.168.2.1483.222.30.99
    Jan 8, 2025 19:47:01.835927010 CET5644413566192.168.2.1483.222.238.10
    Jan 8, 2025 19:47:01.836345911 CET135663927683.222.77.251192.168.2.14
    Jan 8, 2025 19:47:01.836384058 CET3927613566192.168.2.1483.222.77.251
    Jan 8, 2025 19:47:01.839811087 CET4523013566192.168.2.1483.222.173.21
    Jan 8, 2025 19:47:01.840678930 CET135665644483.222.238.10192.168.2.14
    Jan 8, 2025 19:47:01.840720892 CET5644413566192.168.2.1483.222.238.10
    Jan 8, 2025 19:47:01.843869925 CET5216813566192.168.2.1483.222.4.239
    Jan 8, 2025 19:47:01.844619989 CET135664523083.222.173.21192.168.2.14
    Jan 8, 2025 19:47:01.844660997 CET4523013566192.168.2.1483.222.173.21
    Jan 8, 2025 19:47:01.848526955 CET5459013566192.168.2.1483.222.14.139
    Jan 8, 2025 19:47:01.848630905 CET135665216883.222.4.239192.168.2.14
    Jan 8, 2025 19:47:01.848706961 CET5216813566192.168.2.1483.222.4.239
    Jan 8, 2025 19:47:01.852154016 CET3280413566192.168.2.1483.222.115.89
    Jan 8, 2025 19:47:01.853360891 CET135665459083.222.14.139192.168.2.14
    Jan 8, 2025 19:47:01.853406906 CET5459013566192.168.2.1483.222.14.139
    Jan 8, 2025 19:47:01.855957985 CET4896613566192.168.2.1483.222.170.68
    Jan 8, 2025 19:47:01.856926918 CET135663280483.222.115.89192.168.2.14
    Jan 8, 2025 19:47:01.856967926 CET3280413566192.168.2.1483.222.115.89
    Jan 8, 2025 19:47:01.859514952 CET4791813566192.168.2.1483.222.5.255
    Jan 8, 2025 19:47:01.860733986 CET135664896683.222.170.68192.168.2.14
    Jan 8, 2025 19:47:01.860775948 CET4896613566192.168.2.1483.222.170.68
    Jan 8, 2025 19:47:01.863090038 CET3493413566192.168.2.1483.222.136.115
    Jan 8, 2025 19:47:01.864327908 CET135664791883.222.5.255192.168.2.14
    Jan 8, 2025 19:47:01.864367008 CET4791813566192.168.2.1483.222.5.255
    Jan 8, 2025 19:47:01.866894960 CET4546013566192.168.2.1483.222.86.183
    Jan 8, 2025 19:47:01.867935896 CET135663493483.222.136.115192.168.2.14
    Jan 8, 2025 19:47:01.867976904 CET3493413566192.168.2.1483.222.136.115
    Jan 8, 2025 19:47:01.870301962 CET5163413566192.168.2.1483.222.43.128
    Jan 8, 2025 19:47:01.871705055 CET135664546083.222.86.183192.168.2.14
    Jan 8, 2025 19:47:01.871751070 CET4546013566192.168.2.1483.222.86.183
    Jan 8, 2025 19:47:01.874130011 CET4711013566192.168.2.1483.222.116.199
    Jan 8, 2025 19:47:01.875102043 CET135665163483.222.43.128192.168.2.14
    Jan 8, 2025 19:47:01.875138044 CET5163413566192.168.2.1483.222.43.128
    Jan 8, 2025 19:47:01.878962040 CET135664711083.222.116.199192.168.2.14
    Jan 8, 2025 19:47:01.879010916 CET4711013566192.168.2.1483.222.116.199
    Jan 8, 2025 19:47:01.891962051 CET5648613566192.168.2.1483.222.191.90
    Jan 8, 2025 19:47:01.896811008 CET135665648683.222.191.90192.168.2.14
    Jan 8, 2025 19:47:01.896862030 CET5648613566192.168.2.1483.222.191.90
    Jan 8, 2025 19:47:01.901194096 CET5648613566192.168.2.1483.222.191.90
    Jan 8, 2025 19:47:01.905982971 CET135665648683.222.191.90192.168.2.14
    Jan 8, 2025 19:47:01.906019926 CET5648613566192.168.2.1483.222.191.90
    Jan 8, 2025 19:47:01.910811901 CET135665648683.222.191.90192.168.2.14
    Jan 8, 2025 19:47:11.909723043 CET5648613566192.168.2.1483.222.191.90
    Jan 8, 2025 19:47:11.914663076 CET135665648683.222.191.90192.168.2.14
    Jan 8, 2025 19:47:12.466519117 CET135665648683.222.191.90192.168.2.14
    Jan 8, 2025 19:47:12.466588020 CET5648613566192.168.2.1483.222.191.90
    Jan 8, 2025 19:47:12.600337029 CET135665648683.222.191.90192.168.2.14
    Jan 8, 2025 19:47:12.600394964 CET5648613566192.168.2.1483.222.191.90
    Jan 8, 2025 19:48:12.653641939 CET5648613566192.168.2.1483.222.191.90
    Jan 8, 2025 19:48:12.658710003 CET135665648683.222.191.90192.168.2.14
    Jan 8, 2025 19:48:12.862343073 CET135665648683.222.191.90192.168.2.14
    Jan 8, 2025 19:48:12.862483978 CET5648613566192.168.2.1483.222.191.90
    Jan 8, 2025 19:48:13.508074999 CET135665648683.222.191.90192.168.2.14
    Jan 8, 2025 19:48:13.508140087 CET5648613566192.168.2.1483.222.191.90

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 8, 2025 19:47:01.880095005 CET4485553192.168.2.148.8.8.8
    Jan 8, 2025 19:47:01.889650106 CET53448558.8.8.8192.168.2.14

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Jan 8, 2025 19:47:01.880095005 CET192.168.2.148.8.8.80xdc33Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jan 8, 2025 19:47:01.889650106 CET8.8.8.8192.168.2.140xdc33No error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

    System Behavior

    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.arm4.elf
    Arguments:/tmp/Kloki.arm4.elf
    File size:4956856 bytes
    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.arm4.elf
    Arguments:-
    File size:4956856 bytes
    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.arm4.elf
    Arguments:-
    File size:4956856 bytes
    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.arm4.elf
    Arguments:-
    File size:4956856 bytes
    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/usr/bin/gnome-shell
    Arguments:/usr/bin/gnome-shell
    File size:23168 bytes
    MD5 hash:da7a257239677622fe4b3a65972c9e87

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gsd-print-notifications
    Arguments:/usr/libexec/gsd-print-notifications
    File size:51840 bytes
    MD5 hash:71539698aa691718cee775d6b9450ae2

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gsd-rfkill
    Arguments:/usr/libexec/gsd-rfkill
    File size:51808 bytes
    MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/usr/sbin/gdm3
    Arguments:-
    File size:453296 bytes
    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

    Chronological Activities


    General

    Start time (UTC):18:47:00
    Start date (UTC):08/01/2025
    Path:/etc/gdm3/PrimeOff/Default
    Arguments:/etc/gdm3/PrimeOff/Default
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/sbin/gdm3
    Arguments:-
    File size:453296 bytes
    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/etc/gdm3/PrimeOff/Default
    Arguments:/etc/gdm3/PrimeOff/Default
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:11
    Start date (UTC):08/01/2025
    Path:/usr/lib/systemd/systemd
    Arguments:-
    File size:1620224 bytes
    MD5 hash:9b2bec7092a40488108543f9334aab75

    Chronological Activities


    General

    Start time (UTC):18:47:11
    Start date (UTC):08/01/2025
    Path:/lib/systemd/systemd-user-runtime-dir
    Arguments:/lib/systemd/systemd-user-runtime-dir stop 127
    File size:22672 bytes
    MD5 hash:d55f4b0847f88131dbcfb07435178e54

    Chronological Activities