Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Kloki.arm7.elf

Overview

General Information

Sample name:Kloki.arm7.elf
Analysis ID:1586174
MD5:59e45a4511c74f2fe41b09e5ccb31a75
SHA1:b31584e95374b98df6a574400c048e70e3a6c081
SHA256:76f480bb5d3b4321c07669e00e4d64dbefaa08cb5be971eb42c35add03deabc7
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1586174
Start date and time:2025-01-08 19:50:24 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 36s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.arm7.elf
Detection:MAL
Classification:mal52.spre.linELF@0/0@1/0

Warnings

  • VT rate limit hit for: Kloki.arm7.elf

Runtime Messages

Command:/tmp/Kloki.arm7.elf
PID:6216
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh (PID: 6226, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 6226, Parent: 1477, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • sh (PID: 6247, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
  • gnome-shell (PID: 6247, Parent: 1477, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • sh (PID: 6249, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 6249, Parent: 1477, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • sh (PID: 6250, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gdm3 New Fork (PID: 6253, Parent: 1320)
  • Default (PID: 6253, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6255, Parent: 1320)
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-08T19:51:02.125573+010025000362Misc Attack83.222.191.9013566192.168.2.2342716TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Kloki.arm7.elfReversingLabs: Detection: 18%
Source: global trafficTCP traffic: 192.168.2.23:49348 -> 83.222.174.65:13566
Source: global trafficTCP traffic: 192.168.2.23:49712 -> 83.222.120.26:13566
Source: global trafficTCP traffic: 192.168.2.23:38192 -> 83.222.113.115:13566
Source: global trafficTCP traffic: 192.168.2.23:51804 -> 83.222.162.124:13566
Source: global trafficTCP traffic: 192.168.2.23:40404 -> 83.222.110.147:13566
Source: global trafficTCP traffic: 192.168.2.23:36332 -> 83.222.139.136:13566
Source: global trafficTCP traffic: 192.168.2.23:60344 -> 83.222.239.2:13566
Source: global trafficTCP traffic: 192.168.2.23:35316 -> 83.222.42.90:13566
Source: global trafficTCP traffic: 192.168.2.23:35870 -> 83.222.249.243:13566
Source: global trafficTCP traffic: 192.168.2.23:46410 -> 83.222.201.239:13566
Source: global trafficTCP traffic: 192.168.2.23:55004 -> 83.222.107.74:13566
Source: global trafficTCP traffic: 192.168.2.23:43646 -> 83.222.143.240:13566
Source: global trafficTCP traffic: 192.168.2.23:40772 -> 83.222.31.105:13566
Source: global trafficTCP traffic: 192.168.2.23:43930 -> 83.222.87.151:13566
Source: global trafficTCP traffic: 192.168.2.23:48966 -> 83.222.245.140:13566
Source: global trafficTCP traffic: 192.168.2.23:35110 -> 83.222.93.163:13566
Source: global trafficTCP traffic: 192.168.2.23:39750 -> 83.222.206.214:13566
Source: global trafficTCP traffic: 192.168.2.23:50804 -> 83.222.189.63:13566
Source: global trafficTCP traffic: 192.168.2.23:49074 -> 83.222.73.96:13566
Source: global trafficTCP traffic: 192.168.2.23:33182 -> 83.222.187.184:13566
Source: global trafficTCP traffic: 192.168.2.23:51968 -> 83.222.243.70:13566
Source: global trafficTCP traffic: 192.168.2.23:39014 -> 83.222.64.226:13566
Source: global trafficTCP traffic: 192.168.2.23:42906 -> 83.222.72.106:13566
Source: global trafficTCP traffic: 192.168.2.23:58558 -> 83.222.60.65:13566
Source: global trafficTCP traffic: 192.168.2.23:44370 -> 83.222.94.6:13566
Source: global trafficTCP traffic: 192.168.2.23:50102 -> 83.222.49.201:13566
Source: global trafficTCP traffic: 192.168.2.23:37886 -> 83.222.80.192:13566
Source: global trafficTCP traffic: 192.168.2.23:57800 -> 83.222.185.111:13566
Source: global trafficTCP traffic: 192.168.2.23:33402 -> 83.222.41.17:13566
Source: global trafficTCP traffic: 192.168.2.23:41704 -> 83.222.6.30:13566
Source: global trafficTCP traffic: 192.168.2.23:36310 -> 83.222.157.100:13566
Source: global trafficTCP traffic: 192.168.2.23:39684 -> 83.222.193.107:13566
Source: global trafficTCP traffic: 192.168.2.23:41696 -> 83.222.58.127:13566
Source: global trafficTCP traffic: 192.168.2.23:32982 -> 83.222.170.131:13566
Source: global trafficTCP traffic: 192.168.2.23:60404 -> 83.222.223.101:13566
Source: global trafficTCP traffic: 192.168.2.23:41062 -> 83.222.59.210:13566
Source: global trafficTCP traffic: 192.168.2.23:52992 -> 83.222.171.123:13566
Source: global trafficTCP traffic: 192.168.2.23:54074 -> 83.222.181.243:13566
Source: global trafficTCP traffic: 192.168.2.23:49922 -> 83.222.230.241:13566
Source: global trafficTCP traffic: 192.168.2.23:50772 -> 83.222.53.68:13566
Source: global trafficTCP traffic: 192.168.2.23:60882 -> 83.222.247.102:13566
Source: global trafficTCP traffic: 192.168.2.23:55560 -> 83.222.13.71:13566
Source: global trafficTCP traffic: 192.168.2.23:36972 -> 83.222.38.198:13566
Source: global trafficTCP traffic: 192.168.2.23:42100 -> 83.222.183.80:13566
Source: global trafficTCP traffic: 192.168.2.23:57316 -> 83.222.215.189:13566
Source: global trafficTCP traffic: 192.168.2.23:48554 -> 83.222.110.117:13566
Source: global trafficTCP traffic: 192.168.2.23:52358 -> 83.222.33.48:13566
Source: global trafficTCP traffic: 192.168.2.23:39534 -> 83.222.224.91:13566
Source: global trafficTCP traffic: 192.168.2.23:41400 -> 83.222.175.139:13566
Source: global trafficTCP traffic: 192.168.2.23:48026 -> 83.222.223.142:13566
Source: global trafficTCP traffic: 192.168.2.23:39920 -> 83.222.240.26:13566
Source: global trafficTCP traffic: 192.168.2.23:35274 -> 83.222.96.156:13566
Source: global trafficTCP traffic: 192.168.2.23:49142 -> 83.222.150.21:13566
Source: global trafficTCP traffic: 192.168.2.23:58484 -> 83.222.143.124:13566
Source: global trafficTCP traffic: 192.168.2.23:52214 -> 83.222.7.196:13566
Source: global trafficTCP traffic: 192.168.2.23:32806 -> 83.222.192.254:13566
Source: global trafficTCP traffic: 192.168.2.23:36708 -> 83.222.42.205:13566
Source: global trafficTCP traffic: 192.168.2.23:38864 -> 83.222.70.81:13566
Source: global trafficTCP traffic: 192.168.2.23:48990 -> 83.222.147.253:13566
Source: global trafficTCP traffic: 192.168.2.23:40406 -> 83.222.161.107:13566
Source: global trafficTCP traffic: 192.168.2.23:55208 -> 83.222.186.15:13566
Source: global trafficTCP traffic: 192.168.2.23:41016 -> 83.222.224.220:13566
Source: global trafficTCP traffic: 192.168.2.23:39352 -> 83.222.63.192:13566
Source: global trafficTCP traffic: 192.168.2.23:39388 -> 83.222.55.238:13566
Source: global trafficTCP traffic: 192.168.2.23:44692 -> 83.222.75.22:13566
Source: global trafficTCP traffic: 192.168.2.23:53790 -> 83.222.124.60:13566
Source: global trafficTCP traffic: 192.168.2.23:43084 -> 83.222.49.221:13566
Source: global trafficTCP traffic: 192.168.2.23:46326 -> 83.222.216.199:13566
Source: global trafficTCP traffic: 192.168.2.23:39232 -> 83.222.242.103:13566
Source: global trafficTCP traffic: 192.168.2.23:42448 -> 83.222.67.249:13566
Source: global trafficTCP traffic: 192.168.2.23:34420 -> 83.222.44.3:13566
Source: global trafficTCP traffic: 192.168.2.23:46528 -> 83.222.248.86:13566
Source: global trafficTCP traffic: 192.168.2.23:43840 -> 83.222.208.62:13566
Source: global trafficTCP traffic: 192.168.2.23:33496 -> 83.222.167.99:13566
Source: global trafficTCP traffic: 192.168.2.23:54456 -> 83.222.59.72:13566
Source: global trafficTCP traffic: 192.168.2.23:41332 -> 83.222.206.245:13566
Source: global trafficTCP traffic: 192.168.2.23:38264 -> 83.222.88.174:13566
Source: global trafficTCP traffic: 192.168.2.23:42380 -> 83.222.209.151:13566
Source: global trafficTCP traffic: 192.168.2.23:54840 -> 83.222.111.9:13566
Source: global trafficTCP traffic: 192.168.2.23:53076 -> 83.222.134.186:13566
Source: global trafficTCP traffic: 192.168.2.23:59260 -> 83.222.31.2:13566
Source: global trafficTCP traffic: 192.168.2.23:59814 -> 83.222.246.80:13566
Source: global trafficTCP traffic: 192.168.2.23:55778 -> 83.222.223.206:13566
Source: global trafficTCP traffic: 192.168.2.23:54810 -> 83.222.23.210:13566
Source: global trafficTCP traffic: 192.168.2.23:60346 -> 83.222.54.90:13566
Source: global trafficTCP traffic: 192.168.2.23:40780 -> 83.222.203.98:13566
Source: global trafficTCP traffic: 192.168.2.23:42298 -> 83.222.93.195:13566
Source: global trafficTCP traffic: 192.168.2.23:38834 -> 83.222.184.45:13566
Source: global trafficTCP traffic: 192.168.2.23:41952 -> 83.222.1.96:13566
Source: global trafficTCP traffic: 192.168.2.23:42716 -> 83.222.191.90:13566
Source: /tmp/Kloki.arm7.elf (PID: 6216)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500036 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 19 : 83.222.191.90:13566 -> 192.168.2.23:42716
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.174.65
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.174.65
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.174.65
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.174.65
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.120.26
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.113.115
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.120.26
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.113.115
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.113.115
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.162.124
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.113.115
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.162.124
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.139.136
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.239.2
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.139.136
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.42.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.239.2
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.249.243
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.42.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.201.239
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.249.243
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.201.239
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.107.74
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.240
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.107.74
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.31.105
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.240
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.87.151
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.31.105
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.245.140
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.93.163
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.87.151
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.206.214
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.245.140
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.189.63
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.93.163
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.73.96
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.206.214
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.187.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.189.63
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.243.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.73.96
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.187.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.64.226
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.243.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.72.106
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.64.226
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.60.65
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.72.106
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.94.6
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1532, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 2302, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6194, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6226, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6247, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6249, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6250, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6255, result: successfulJump to behavior
Source: LOAD without section mappingsProgram segment: 0x8000
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1532, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 2302, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6194, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6226, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6247, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6249, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6250, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6223)SIGKILL sent: pid: 6255, result: successfulJump to behavior
Source: classification engineClassification label: mal52.spre.linELF@0/0@1/0
Source: Kloki.arm7.elfSubmission file: segment LOAD with 7.8908 entropy (max. 8.0)
Source: Kloki.arm7.elfSubmission file: segment LOAD with 7.9695 entropy (max. 8.0)
Source: /tmp/Kloki.arm7.elf (PID: 6216)Queries kernel information via 'uname': Jump to behavior
Source: Kloki.arm7.elf, 6216.1.00007ffe00998000.00007ffe009b9000.rw-.sdmp, Kloki.arm7.elf, 6221.1.00007ffe00998000.00007ffe009b9000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/Kloki.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.arm7.elf
Source: Kloki.arm7.elf, 6216.1.0000560e4e683000.0000560e4e7d4000.rw-.sdmp, Kloki.arm7.elf, 6221.1.0000560e4e683000.0000560e4e7d4000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: Kloki.arm7.elf, 6216.1.00007ffe00998000.00007ffe009b9000.rw-.sdmp, Kloki.arm7.elf, 6221.1.00007ffe00998000.00007ffe009b9000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: Kloki.arm7.elf, 6216.1.0000560e4e683000.0000560e4e7d4000.rw-.sdmp, Kloki.arm7.elf, 6221.1.0000560e4e683000.0000560e4e7d4000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586174 Sample: Kloki.arm7.elf Startdate: 08/01/2025 Architecture: LINUX Score: 52 23 83.222.162.124, 13566, 51804 WAVENETLB Bulgaria 2->23 25 83.222.124.60, 13566, 53790 TRI-ASTrueRecordsIncES Russian Federation 2->25 27 91 other IPs or domains 2->27 31 Multi AV Scanner detection for submitted file 2->31 8 Kloki.arm7.elf 2->8         started        10 gnome-session-binary sh gsd-sharing 2->10         started        12 gnome-session-binary sh gnome-shell 2->12         started        14 4 other processes 2->14 signatures3 process4 process5 16 Kloki.arm7.elf 8->16         started        process6 18 Kloki.arm7.elf 16->18         started        21 Kloki.arm7.elf 16->21         started        signatures7 29 Sample tries to kill multiple processes (SIGKILL) 18->29

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kloki.arm7.elf18%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    83.222.110.117
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.175.139
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.203.98
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.223.101
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.59.210
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.189.63
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.223.142
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.53.68
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.87.151
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.44.3
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.184.45
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.124.60
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.216.199
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.134.186
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.209.151
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.63.192
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.96.156
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.23.210
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.224.220
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.120.26
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.80.192
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.215.189
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.187.184
    		unknownBulgaria
    		43561NET1-ASBGfalse
    91.189.91.43
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    91.189.91.42
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    83.222.185.111
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.7.196
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.161.107
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.240.26
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.147.253
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.75.22
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.242.103
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.67.249
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.49.201
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.38.198
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.171.123
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.31.105
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.60.65
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.42.90
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.170.131
    		unknownBulgaria
    		49040KIG-UNISAT-TVBGfalse
    83.222.193.107
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.246.80
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.55.238
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.113.115
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.13.71
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.206.245
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.88.174
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.223.206
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.59.72
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.249.243
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.73.96
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.167.99
    		unknownBulgaria
    		49040KIG-UNISAT-TVBGfalse
    83.222.42.205
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.1.96
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.186.15
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.143.240
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.143.124
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.93.195
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.72.106
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.245.140
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.157.100
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.64.226
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.111.9
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.174.65
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.150.21
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.201.239
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.54.90
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.191.90
    		secure-network-rebirthltd.ruBulgaria
    		43561NET1-ASBGfalse
    83.222.239.2
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.41.17
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.31.2
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.58.127
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    109.202.202.202
    		unknownSwitzerland
    		13030INIT7CHfalse
    83.222.162.124
    		unknownBulgaria
    		31037WAVENETLBfalse
    83.222.110.147
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.94.6
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.33.48
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.107.74
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.192.254
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.93.163
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.70.81
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.183.80
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.181.243
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.230.241
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.248.86
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.247.102
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.208.62
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.139.136
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.243.70
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.6.30
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.224.91
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.49.221
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.206.214
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    91.189.91.43Kloki.arm6.elfGet hashmaliciousUnknownBrowse
      dlr.mips.elfGet hashmaliciousUnknownBrowse
        earm6.elfGet hashmaliciousMiraiBrowse
          2.elfGet hashmaliciousUnknownBrowse
            dlr.arm7.elfGet hashmaliciousUnknownBrowse
              main_x86.elfGet hashmaliciousMiraiBrowse
                m5.elfGet hashmaliciousUnknownBrowse
                  uYtea.x86.elfGet hashmaliciousUnknownBrowse
                    uYtea.mpsl.elfGet hashmaliciousUnknownBrowse
                      uYtea.x86_64.elfGet hashmaliciousUnknownBrowse
                        91.189.91.42Kloki.arm6.elfGet hashmaliciousUnknownBrowse
                          dlr.mips.elfGet hashmaliciousUnknownBrowse
                            earm6.elfGet hashmaliciousMiraiBrowse
                              2.elfGet hashmaliciousUnknownBrowse
                                dlr.arm7.elfGet hashmaliciousUnknownBrowse
                                  main_x86.elfGet hashmaliciousMiraiBrowse
                                    m5.elfGet hashmaliciousUnknownBrowse
                                      uYtea.x86.elfGet hashmaliciousUnknownBrowse
                                        uYtea.mpsl.elfGet hashmaliciousUnknownBrowse
                                          uYtea.x86_64.elfGet hashmaliciousUnknownBrowse

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            secure-network-rebirthltd.ruKloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            MNOGOBYTE-ASMoscowRussiaRUKloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.101.212
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.110.86
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.112.137
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.121.44
                                            Hilix.m68k.elfGet hashmaliciousMiraiBrowse
                                            • 45.87.110.254
                                            arm6.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.115.109
                                            https://santa-secret.ru/api/verify?a=NjgyODEwNCw1bWluOHE2MHpuX3J1LC9hY2NvdW50L2JveGVzLHZsYWRpbWlyLmdsdXNoZW5rb0Bob2NobGFuZC5ydSwyNDE0MTYzMg==Get hashmaliciousUnknownBrowse
                                            • 83.222.104.70
                                            mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 77.220.164.91
                                            i686.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.115.100
                                            mpsl.elfGet hashmaliciousMiraiBrowse
                                            • 146.255.196.1
                                            SONICDUO-ASRUKloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.222.79
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.217.180
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.222.190
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.215.205
                                            1.elfGet hashmaliciousUnknownBrowse
                                            • 31.173.25.14
                                            db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                            • 178.177.147.125
                                            splspc.elfGet hashmaliciousUnknownBrowse
                                            • 178.177.147.167
                                            nshppc.elfGet hashmaliciousMiraiBrowse
                                            • 178.177.4.37
                                            la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                            • 62.64.4.211
                                            arm.elfGet hashmaliciousUnknownBrowse
                                            • 178.178.150.14
                                            SYNTERRA-ASRUKloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.202.198
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.209.249
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.211.212
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.201.175
                                            jklspc.elfGet hashmaliciousUnknownBrowse
                                            • 83.229.251.147
                                            arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 213.243.99.148
                                            ppc.elfGet hashmaliciousUnknownBrowse
                                            • 83.229.251.127
                                            rebirth.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 83.229.145.146
                                            la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                            • 213.243.115.54
                                            5tSAlF2WkT.elfGet hashmaliciousMiraiBrowse
                                            • 83.229.251.180
                                            GCN-ASGCNAD-SofiaBulgariaBGKloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.181.63
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.173.21
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.181.68
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.166.36
                                            IMG001.exeGet hashmaliciousXmrigBrowse
                                            • 212.70.158.89

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            No created / dropped files found

                                            Static File Info

                                            General

                                            File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
                                            Entropy (8bit):7.981968689059483
                                            TrID:
                                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                            File name:Kloki.arm7.elf
                                            File size:57'964 bytes
                                            MD5:59e45a4511c74f2fe41b09e5ccb31a75
                                            SHA1:b31584e95374b98df6a574400c048e70e3a6c081
                                            SHA256:76f480bb5d3b4321c07669e00e4d64dbefaa08cb5be971eb42c35add03deabc7
                                            SHA512:ab87c2a85c157ddca2afb7c778e64a2a9877e87740b46380db240b2771b933b9240b0c6e997a8e1216eba6e346e65bca21fef7f9444fab9485e033bf12457606
                                            SSDEEP:1536:gSXAUniVqRZAYOfw/AvRPs0GkJLm7FqRXivF43:gONVOfw/AvRPNmXFW
                                            TLSH:4643026313CDE5B0EE231C73DA1464A8DB7735FDFDAB351620A3A9EC72913A41229643
                                            File Content Preview:.ELF..............(.........4...........4. ...(.........................0...........................................Q.td..............................t.sfga.........D...D......j..........?.E.h;....#..$...o....7....B.*...5N&"a....v&,....$I....r.W...S..s..X

                                            Static ELF Info

                                            ELF header

                                            Class:ELF32
                                            Data:2's complement, little endian
                                            Version:1 (current)
                                            Machine:ARM
                                            Version Number:0x1
                                            Type:EXEC (Executable file)
                                            OS/ABI:UNIX - Linux
                                            ABI Version:0
                                            Entry Point Address:0x38da4
                                            Flags:0x4000002
                                            ELF Header Size:52
                                            Program Header Offset:52
                                            Program Header Size:32
                                            Number of Program Headers:3
                                            Section Header Offset:0
                                            Section Header Size:40
                                            Number of Section Headers:0
                                            Header String Table Index:0

                                            Program Segments

                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                            LOAD0x00x80000x80000x10000x21a307.89080x6RW 0x8000
                                            LOAD0x00x300000x300000x9f930x9f937.96950x5R E0x8000
                                            GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2025-01-08T19:51:02.125573+01002500036ET COMPROMISED Known Compromised or Hostile Host Traffic group 19283.222.191.9013566192.168.2.2342716TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 8, 2025 19:51:01.731276989 CET4934813566192.168.2.2383.222.174.65
                                            Jan 8, 2025 19:51:01.736143112 CET135664934883.222.174.65192.168.2.23
                                            Jan 8, 2025 19:51:01.736200094 CET4934813566192.168.2.2383.222.174.65
                                            Jan 8, 2025 19:51:01.738056898 CET4934813566192.168.2.2383.222.174.65
                                            Jan 8, 2025 19:51:01.742912054 CET135664934883.222.174.65192.168.2.23
                                            Jan 8, 2025 19:51:01.742986917 CET4934813566192.168.2.2383.222.174.65
                                            Jan 8, 2025 19:51:01.752896070 CET4971213566192.168.2.2383.222.120.26
                                            Jan 8, 2025 19:51:01.756649017 CET3819213566192.168.2.2383.222.113.115
                                            Jan 8, 2025 19:51:01.757744074 CET135664971283.222.120.26192.168.2.23
                                            Jan 8, 2025 19:51:01.757812977 CET4971213566192.168.2.2383.222.120.26
                                            Jan 8, 2025 19:51:01.761477947 CET135663819283.222.113.115192.168.2.23
                                            Jan 8, 2025 19:51:01.761519909 CET3819213566192.168.2.2383.222.113.115
                                            Jan 8, 2025 19:51:01.770401955 CET3819213566192.168.2.2383.222.113.115
                                            Jan 8, 2025 19:51:01.772494078 CET5180413566192.168.2.2383.222.162.124
                                            Jan 8, 2025 19:51:01.775090933 CET4040413566192.168.2.2383.222.110.147
                                            Jan 8, 2025 19:51:01.775258064 CET135663819283.222.113.115192.168.2.23
                                            Jan 8, 2025 19:51:01.775302887 CET3819213566192.168.2.2383.222.113.115
                                            Jan 8, 2025 19:51:01.777288914 CET135665180483.222.162.124192.168.2.23
                                            Jan 8, 2025 19:51:01.777352095 CET5180413566192.168.2.2383.222.162.124
                                            Jan 8, 2025 19:51:01.778166056 CET3633213566192.168.2.2383.222.139.136
                                            Jan 8, 2025 19:51:01.779879093 CET135664040483.222.110.147192.168.2.23
                                            Jan 8, 2025 19:51:01.779920101 CET4040413566192.168.2.2383.222.110.147
                                            Jan 8, 2025 19:51:01.781357050 CET6034413566192.168.2.2383.222.239.2
                                            Jan 8, 2025 19:51:01.782931089 CET135663633283.222.139.136192.168.2.23
                                            Jan 8, 2025 19:51:01.782978058 CET3633213566192.168.2.2383.222.139.136
                                            Jan 8, 2025 19:51:01.785824060 CET3531613566192.168.2.2383.222.42.90
                                            Jan 8, 2025 19:51:01.786164999 CET135666034483.222.239.2192.168.2.23
                                            Jan 8, 2025 19:51:01.786210060 CET6034413566192.168.2.2383.222.239.2
                                            Jan 8, 2025 19:51:01.788352966 CET3587013566192.168.2.2383.222.249.243
                                            Jan 8, 2025 19:51:01.790640116 CET135663531683.222.42.90192.168.2.23
                                            Jan 8, 2025 19:51:01.790683031 CET3531613566192.168.2.2383.222.42.90
                                            Jan 8, 2025 19:51:01.791563988 CET4641013566192.168.2.2383.222.201.239
                                            Jan 8, 2025 19:51:01.793158054 CET135663587083.222.249.243192.168.2.23
                                            Jan 8, 2025 19:51:01.793201923 CET3587013566192.168.2.2383.222.249.243
                                            Jan 8, 2025 19:51:01.796426058 CET135664641083.222.201.239192.168.2.23
                                            Jan 8, 2025 19:51:01.796468973 CET4641013566192.168.2.2383.222.201.239
                                            Jan 8, 2025 19:51:01.796857119 CET5500413566192.168.2.2383.222.107.74
                                            Jan 8, 2025 19:51:01.800668955 CET4364613566192.168.2.2383.222.143.240
                                            Jan 8, 2025 19:51:01.801639080 CET135665500483.222.107.74192.168.2.23
                                            Jan 8, 2025 19:51:01.801681995 CET5500413566192.168.2.2383.222.107.74
                                            Jan 8, 2025 19:51:01.803105116 CET4077213566192.168.2.2383.222.31.105
                                            Jan 8, 2025 19:51:01.805461884 CET135664364683.222.143.240192.168.2.23
                                            Jan 8, 2025 19:51:01.805502892 CET4364613566192.168.2.2383.222.143.240
                                            Jan 8, 2025 19:51:01.806694984 CET4393013566192.168.2.2383.222.87.151
                                            Jan 8, 2025 19:51:01.807914019 CET135664077283.222.31.105192.168.2.23
                                            Jan 8, 2025 19:51:01.807955980 CET4077213566192.168.2.2383.222.31.105
                                            Jan 8, 2025 19:51:01.808269978 CET4896613566192.168.2.2383.222.245.140
                                            Jan 8, 2025 19:51:01.810096979 CET3511013566192.168.2.2383.222.93.163
                                            Jan 8, 2025 19:51:01.811465025 CET135664393083.222.87.151192.168.2.23
                                            Jan 8, 2025 19:51:01.811517954 CET4393013566192.168.2.2383.222.87.151
                                            Jan 8, 2025 19:51:01.812424898 CET3975013566192.168.2.2383.222.206.214
                                            Jan 8, 2025 19:51:01.813031912 CET135664896683.222.245.140192.168.2.23
                                            Jan 8, 2025 19:51:01.813067913 CET4896613566192.168.2.2383.222.245.140
                                            Jan 8, 2025 19:51:01.814323902 CET5080413566192.168.2.2383.222.189.63
                                            Jan 8, 2025 19:51:01.814888000 CET135663511083.222.93.163192.168.2.23
                                            Jan 8, 2025 19:51:01.814924955 CET3511013566192.168.2.2383.222.93.163
                                            Jan 8, 2025 19:51:01.816951036 CET4907413566192.168.2.2383.222.73.96
                                            Jan 8, 2025 19:51:01.817276001 CET135663975083.222.206.214192.168.2.23
                                            Jan 8, 2025 19:51:01.817327023 CET3975013566192.168.2.2383.222.206.214
                                            Jan 8, 2025 19:51:01.818785906 CET3318213566192.168.2.2383.222.187.184
                                            Jan 8, 2025 19:51:01.819120884 CET135665080483.222.189.63192.168.2.23
                                            Jan 8, 2025 19:51:01.819164991 CET5080413566192.168.2.2383.222.189.63
                                            Jan 8, 2025 19:51:01.820303917 CET5196813566192.168.2.2383.222.243.70
                                            Jan 8, 2025 19:51:01.821746111 CET135664907483.222.73.96192.168.2.23
                                            Jan 8, 2025 19:51:01.821788073 CET4907413566192.168.2.2383.222.73.96
                                            Jan 8, 2025 19:51:01.823546886 CET135663318283.222.187.184192.168.2.23
                                            Jan 8, 2025 19:51:01.823585033 CET3318213566192.168.2.2383.222.187.184
                                            Jan 8, 2025 19:51:01.824218988 CET3901413566192.168.2.2383.222.64.226
                                            Jan 8, 2025 19:51:01.825076103 CET135665196883.222.243.70192.168.2.23
                                            Jan 8, 2025 19:51:01.825131893 CET5196813566192.168.2.2383.222.243.70
                                            Jan 8, 2025 19:51:01.826169014 CET4290613566192.168.2.2383.222.72.106
                                            Jan 8, 2025 19:51:01.829020023 CET135663901483.222.64.226192.168.2.23
                                            Jan 8, 2025 19:51:01.829066038 CET3901413566192.168.2.2383.222.64.226
                                            Jan 8, 2025 19:51:01.830100060 CET5855813566192.168.2.2383.222.60.65
                                            Jan 8, 2025 19:51:01.830965042 CET135664290683.222.72.106192.168.2.23
                                            Jan 8, 2025 19:51:01.831007957 CET4290613566192.168.2.2383.222.72.106
                                            Jan 8, 2025 19:51:01.831650019 CET4437013566192.168.2.2383.222.94.6
                                            Jan 8, 2025 19:51:01.834935904 CET135665855883.222.60.65192.168.2.23
                                            Jan 8, 2025 19:51:01.834988117 CET5855813566192.168.2.2383.222.60.65
                                            Jan 8, 2025 19:51:01.835057020 CET5010213566192.168.2.2383.222.49.201
                                            Jan 8, 2025 19:51:01.836451054 CET135664437083.222.94.6192.168.2.23
                                            Jan 8, 2025 19:51:01.836496115 CET4437013566192.168.2.2383.222.94.6
                                            Jan 8, 2025 19:51:01.837626934 CET3788613566192.168.2.2383.222.80.192
                                            Jan 8, 2025 19:51:01.839833975 CET135665010283.222.49.201192.168.2.23
                                            Jan 8, 2025 19:51:01.839879036 CET5010213566192.168.2.2383.222.49.201
                                            Jan 8, 2025 19:51:01.842031956 CET5780013566192.168.2.2383.222.185.111
                                            Jan 8, 2025 19:51:01.842437983 CET135663788683.222.80.192192.168.2.23
                                            Jan 8, 2025 19:51:01.842483044 CET3788613566192.168.2.2383.222.80.192
                                            Jan 8, 2025 19:51:01.844402075 CET3340213566192.168.2.2383.222.41.17
                                            Jan 8, 2025 19:51:01.846791029 CET135665780083.222.185.111192.168.2.23
                                            Jan 8, 2025 19:51:01.846843004 CET5780013566192.168.2.2383.222.185.111
                                            Jan 8, 2025 19:51:01.849126101 CET135663340283.222.41.17192.168.2.23
                                            Jan 8, 2025 19:51:01.849183083 CET3340213566192.168.2.2383.222.41.17
                                            Jan 8, 2025 19:51:01.852478027 CET3340213566192.168.2.2383.222.41.17
                                            Jan 8, 2025 19:51:01.853899002 CET4170413566192.168.2.2383.222.6.30
                                            Jan 8, 2025 19:51:01.856193066 CET3631013566192.168.2.2383.222.157.100
                                            Jan 8, 2025 19:51:01.857243061 CET135663340283.222.41.17192.168.2.23
                                            Jan 8, 2025 19:51:01.857285976 CET3340213566192.168.2.2383.222.41.17
                                            Jan 8, 2025 19:51:01.858692884 CET135664170483.222.6.30192.168.2.23
                                            Jan 8, 2025 19:51:01.858735085 CET4170413566192.168.2.2383.222.6.30
                                            Jan 8, 2025 19:51:01.860251904 CET3968413566192.168.2.2383.222.193.107
                                            Jan 8, 2025 19:51:01.861071110 CET135663631083.222.157.100192.168.2.23
                                            Jan 8, 2025 19:51:01.861112118 CET3631013566192.168.2.2383.222.157.100
                                            Jan 8, 2025 19:51:01.862471104 CET4169613566192.168.2.2383.222.58.127
                                            Jan 8, 2025 19:51:01.864968061 CET135663968483.222.193.107192.168.2.23
                                            Jan 8, 2025 19:51:01.865009069 CET3968413566192.168.2.2383.222.193.107
                                            Jan 8, 2025 19:51:01.865685940 CET3298213566192.168.2.2383.222.170.131
                                            Jan 8, 2025 19:51:01.867208958 CET135664169683.222.58.127192.168.2.23
                                            Jan 8, 2025 19:51:01.867258072 CET4169613566192.168.2.2383.222.58.127
                                            Jan 8, 2025 19:51:01.867997885 CET6040413566192.168.2.2383.222.223.101
                                            Jan 8, 2025 19:51:01.870482922 CET135663298283.222.170.131192.168.2.23
                                            Jan 8, 2025 19:51:01.870524883 CET3298213566192.168.2.2383.222.170.131
                                            Jan 8, 2025 19:51:01.870814085 CET4106213566192.168.2.2383.222.59.210
                                            Jan 8, 2025 19:51:01.872474909 CET5299213566192.168.2.2383.222.171.123
                                            Jan 8, 2025 19:51:01.872773886 CET135666040483.222.223.101192.168.2.23
                                            Jan 8, 2025 19:51:01.872813940 CET6040413566192.168.2.2383.222.223.101
                                            Jan 8, 2025 19:51:01.875561953 CET135664106283.222.59.210192.168.2.23
                                            Jan 8, 2025 19:51:01.875602961 CET4106213566192.168.2.2383.222.59.210
                                            Jan 8, 2025 19:51:01.876354933 CET5407413566192.168.2.2383.222.181.243
                                            Jan 8, 2025 19:51:01.877229929 CET135665299283.222.171.123192.168.2.23
                                            Jan 8, 2025 19:51:01.877276897 CET5299213566192.168.2.2383.222.171.123
                                            Jan 8, 2025 19:51:01.878468037 CET4992213566192.168.2.2383.222.230.241
                                            Jan 8, 2025 19:51:01.880377054 CET5077213566192.168.2.2383.222.53.68
                                            Jan 8, 2025 19:51:01.881160021 CET135665407483.222.181.243192.168.2.23
                                            Jan 8, 2025 19:51:01.881201982 CET5407413566192.168.2.2383.222.181.243
                                            Jan 8, 2025 19:51:01.883234978 CET135664992283.222.230.241192.168.2.23
                                            Jan 8, 2025 19:51:01.883280993 CET4992213566192.168.2.2383.222.230.241
                                            Jan 8, 2025 19:51:01.884037018 CET6088213566192.168.2.2383.222.247.102
                                            Jan 8, 2025 19:51:01.885171890 CET135665077283.222.53.68192.168.2.23
                                            Jan 8, 2025 19:51:01.885215998 CET5077213566192.168.2.2383.222.53.68
                                            Jan 8, 2025 19:51:01.886375904 CET5556013566192.168.2.2383.222.13.71
                                            Jan 8, 2025 19:51:01.888797045 CET135666088283.222.247.102192.168.2.23
                                            Jan 8, 2025 19:51:01.888847113 CET6088213566192.168.2.2383.222.247.102
                                            Jan 8, 2025 19:51:01.889480114 CET3697213566192.168.2.2383.222.38.198
                                            Jan 8, 2025 19:51:01.891182899 CET135665556083.222.13.71192.168.2.23
                                            Jan 8, 2025 19:51:01.891226053 CET5556013566192.168.2.2383.222.13.71
                                            Jan 8, 2025 19:51:01.894043922 CET4210013566192.168.2.2383.222.183.80
                                            Jan 8, 2025 19:51:01.894299984 CET135663697283.222.38.198192.168.2.23
                                            Jan 8, 2025 19:51:01.894342899 CET3697213566192.168.2.2383.222.38.198
                                            Jan 8, 2025 19:51:01.897114992 CET5731613566192.168.2.2383.222.215.189
                                            Jan 8, 2025 19:51:01.898822069 CET135664210083.222.183.80192.168.2.23
                                            Jan 8, 2025 19:51:01.898864985 CET4210013566192.168.2.2383.222.183.80
                                            Jan 8, 2025 19:51:01.900444031 CET4855413566192.168.2.2383.222.110.117
                                            Jan 8, 2025 19:51:01.901894093 CET135665731683.222.215.189192.168.2.23
                                            Jan 8, 2025 19:51:01.901936054 CET5731613566192.168.2.2383.222.215.189
                                            Jan 8, 2025 19:51:01.903440952 CET5235813566192.168.2.2383.222.33.48
                                            Jan 8, 2025 19:51:01.905270100 CET135664855483.222.110.117192.168.2.23
                                            Jan 8, 2025 19:51:01.905311108 CET4855413566192.168.2.2383.222.110.117
                                            Jan 8, 2025 19:51:01.906383991 CET3953413566192.168.2.2383.222.224.91
                                            Jan 8, 2025 19:51:01.908204079 CET135665235883.222.33.48192.168.2.23
                                            Jan 8, 2025 19:51:01.908260107 CET5235813566192.168.2.2383.222.33.48
                                            Jan 8, 2025 19:51:01.909576893 CET4140013566192.168.2.2383.222.175.139
                                            Jan 8, 2025 19:51:01.911185980 CET135663953483.222.224.91192.168.2.23
                                            Jan 8, 2025 19:51:01.911242962 CET3953413566192.168.2.2383.222.224.91
                                            Jan 8, 2025 19:51:01.914577961 CET135664140083.222.175.139192.168.2.23
                                            Jan 8, 2025 19:51:01.914621115 CET4140013566192.168.2.2383.222.175.139
                                            Jan 8, 2025 19:51:01.914987087 CET4802613566192.168.2.2383.222.223.142
                                            Jan 8, 2025 19:51:01.919205904 CET3992013566192.168.2.2383.222.240.26
                                            Jan 8, 2025 19:51:01.919725895 CET135664802683.222.223.142192.168.2.23
                                            Jan 8, 2025 19:51:01.919769049 CET4802613566192.168.2.2383.222.223.142
                                            Jan 8, 2025 19:51:01.922760963 CET3527413566192.168.2.2383.222.96.156
                                            Jan 8, 2025 19:51:01.923990965 CET135663992083.222.240.26192.168.2.23
                                            Jan 8, 2025 19:51:01.924052000 CET3992013566192.168.2.2383.222.240.26
                                            Jan 8, 2025 19:51:01.926295996 CET4914213566192.168.2.2383.222.150.21
                                            Jan 8, 2025 19:51:01.927567959 CET135663527483.222.96.156192.168.2.23
                                            Jan 8, 2025 19:51:01.927628040 CET3527413566192.168.2.2383.222.96.156
                                            Jan 8, 2025 19:51:01.929902077 CET5848413566192.168.2.2383.222.143.124
                                            Jan 8, 2025 19:51:01.931070089 CET135664914283.222.150.21192.168.2.23
                                            Jan 8, 2025 19:51:01.931104898 CET4914213566192.168.2.2383.222.150.21
                                            Jan 8, 2025 19:51:01.933522940 CET5221413566192.168.2.2383.222.7.196
                                            Jan 8, 2025 19:51:01.934679985 CET135665848483.222.143.124192.168.2.23
                                            Jan 8, 2025 19:51:01.934720993 CET5848413566192.168.2.2383.222.143.124
                                            Jan 8, 2025 19:51:01.936477900 CET3280613566192.168.2.2383.222.192.254
                                            Jan 8, 2025 19:51:01.938347101 CET135665221483.222.7.196192.168.2.23
                                            Jan 8, 2025 19:51:01.938388109 CET5221413566192.168.2.2383.222.7.196
                                            Jan 8, 2025 19:51:01.940221071 CET3670813566192.168.2.2383.222.42.205
                                            Jan 8, 2025 19:51:01.941270113 CET135663280683.222.192.254192.168.2.23
                                            Jan 8, 2025 19:51:01.941313028 CET3280613566192.168.2.2383.222.192.254
                                            Jan 8, 2025 19:51:01.945044041 CET135663670883.222.42.205192.168.2.23
                                            Jan 8, 2025 19:51:01.945091009 CET3670813566192.168.2.2383.222.42.205
                                            Jan 8, 2025 19:51:01.945734024 CET3670813566192.168.2.2383.222.42.205
                                            Jan 8, 2025 19:51:01.947905064 CET3886413566192.168.2.2383.222.70.81
                                            Jan 8, 2025 19:51:01.950540066 CET135663670883.222.42.205192.168.2.23
                                            Jan 8, 2025 19:51:01.950582027 CET3670813566192.168.2.2383.222.42.205
                                            Jan 8, 2025 19:51:01.952742100 CET135663886483.222.70.81192.168.2.23
                                            Jan 8, 2025 19:51:01.952788115 CET3886413566192.168.2.2383.222.70.81
                                            Jan 8, 2025 19:51:01.952943087 CET4899013566192.168.2.2383.222.147.253
                                            Jan 8, 2025 19:51:01.957452059 CET4040613566192.168.2.2383.222.161.107
                                            Jan 8, 2025 19:51:01.957828045 CET135664899083.222.147.253192.168.2.23
                                            Jan 8, 2025 19:51:01.957871914 CET4899013566192.168.2.2383.222.147.253
                                            Jan 8, 2025 19:51:01.961879969 CET5520813566192.168.2.2383.222.186.15
                                            Jan 8, 2025 19:51:01.962351084 CET135664040683.222.161.107192.168.2.23
                                            Jan 8, 2025 19:51:01.962394953 CET4040613566192.168.2.2383.222.161.107
                                            Jan 8, 2025 19:51:01.966248989 CET4101613566192.168.2.2383.222.224.220
                                            Jan 8, 2025 19:51:01.966639996 CET135665520883.222.186.15192.168.2.23
                                            Jan 8, 2025 19:51:01.966697931 CET5520813566192.168.2.2383.222.186.15
                                            Jan 8, 2025 19:51:01.970649004 CET3935213566192.168.2.2383.222.63.192
                                            Jan 8, 2025 19:51:01.971045017 CET135664101683.222.224.220192.168.2.23
                                            Jan 8, 2025 19:51:01.971081018 CET4101613566192.168.2.2383.222.224.220
                                            Jan 8, 2025 19:51:01.975461006 CET135663935283.222.63.192192.168.2.23
                                            Jan 8, 2025 19:51:01.975497961 CET3935213566192.168.2.2383.222.63.192
                                            Jan 8, 2025 19:51:01.975528955 CET3938813566192.168.2.2383.222.55.238
                                            Jan 8, 2025 19:51:01.980328083 CET135663938883.222.55.238192.168.2.23
                                            Jan 8, 2025 19:51:01.980374098 CET3938813566192.168.2.2383.222.55.238
                                            Jan 8, 2025 19:51:01.982340097 CET4469213566192.168.2.2383.222.75.22
                                            Jan 8, 2025 19:51:01.985733986 CET5379013566192.168.2.2383.222.124.60
                                            Jan 8, 2025 19:51:01.987303972 CET135664469283.222.75.22192.168.2.23
                                            Jan 8, 2025 19:51:01.987348080 CET4469213566192.168.2.2383.222.75.22
                                            Jan 8, 2025 19:51:01.989842892 CET4308413566192.168.2.2383.222.49.221
                                            Jan 8, 2025 19:51:01.990628958 CET135665379083.222.124.60192.168.2.23
                                            Jan 8, 2025 19:51:01.990669012 CET5379013566192.168.2.2383.222.124.60
                                            Jan 8, 2025 19:51:01.993745089 CET4632613566192.168.2.2383.222.216.199
                                            Jan 8, 2025 19:51:01.994682074 CET135664308483.222.49.221192.168.2.23
                                            Jan 8, 2025 19:51:01.994726896 CET4308413566192.168.2.2383.222.49.221
                                            Jan 8, 2025 19:51:01.997581959 CET3923213566192.168.2.2383.222.242.103
                                            Jan 8, 2025 19:51:01.998542070 CET135664632683.222.216.199192.168.2.23
                                            Jan 8, 2025 19:51:01.998588085 CET4632613566192.168.2.2383.222.216.199
                                            Jan 8, 2025 19:51:02.001558065 CET4244813566192.168.2.2383.222.67.249
                                            Jan 8, 2025 19:51:02.002670050 CET135663923283.222.242.103192.168.2.23
                                            Jan 8, 2025 19:51:02.002713919 CET3923213566192.168.2.2383.222.242.103
                                            Jan 8, 2025 19:51:02.005608082 CET3442013566192.168.2.2383.222.44.3
                                            Jan 8, 2025 19:51:02.006412029 CET135664244883.222.67.249192.168.2.23
                                            Jan 8, 2025 19:51:02.006454945 CET4244813566192.168.2.2383.222.67.249
                                            Jan 8, 2025 19:51:02.009598970 CET4652813566192.168.2.2383.222.248.86
                                            Jan 8, 2025 19:51:02.010484934 CET135663442083.222.44.3192.168.2.23
                                            Jan 8, 2025 19:51:02.010521889 CET3442013566192.168.2.2383.222.44.3
                                            Jan 8, 2025 19:51:02.013499022 CET4384013566192.168.2.2383.222.208.62
                                            Jan 8, 2025 19:51:02.014384985 CET135664652883.222.248.86192.168.2.23
                                            Jan 8, 2025 19:51:02.014426947 CET4652813566192.168.2.2383.222.248.86
                                            Jan 8, 2025 19:51:02.017230034 CET3349613566192.168.2.2383.222.167.99
                                            Jan 8, 2025 19:51:02.018333912 CET135664384083.222.208.62192.168.2.23
                                            Jan 8, 2025 19:51:02.018377066 CET4384013566192.168.2.2383.222.208.62
                                            Jan 8, 2025 19:51:02.021023989 CET5445613566192.168.2.2383.222.59.72
                                            Jan 8, 2025 19:51:02.021996021 CET135663349683.222.167.99192.168.2.23
                                            Jan 8, 2025 19:51:02.022034883 CET3349613566192.168.2.2383.222.167.99
                                            Jan 8, 2025 19:51:02.025677919 CET4133213566192.168.2.2383.222.206.245
                                            Jan 8, 2025 19:51:02.025840998 CET135665445683.222.59.72192.168.2.23
                                            Jan 8, 2025 19:51:02.025878906 CET5445613566192.168.2.2383.222.59.72
                                            Jan 8, 2025 19:51:02.030500889 CET3826413566192.168.2.2383.222.88.174
                                            Jan 8, 2025 19:51:02.030524015 CET135664133283.222.206.245192.168.2.23
                                            Jan 8, 2025 19:51:02.030567884 CET4133213566192.168.2.2383.222.206.245
                                            Jan 8, 2025 19:51:02.034977913 CET4238013566192.168.2.2383.222.209.151
                                            Jan 8, 2025 19:51:02.035350084 CET135663826483.222.88.174192.168.2.23
                                            Jan 8, 2025 19:51:02.035388947 CET3826413566192.168.2.2383.222.88.174
                                            Jan 8, 2025 19:51:02.039747000 CET5484013566192.168.2.2383.222.111.9
                                            Jan 8, 2025 19:51:02.039793015 CET135664238083.222.209.151192.168.2.23
                                            Jan 8, 2025 19:51:02.039835930 CET4238013566192.168.2.2383.222.209.151
                                            Jan 8, 2025 19:51:02.044565916 CET5307613566192.168.2.2383.222.134.186
                                            Jan 8, 2025 19:51:02.044575930 CET135665484083.222.111.9192.168.2.23
                                            Jan 8, 2025 19:51:02.044626951 CET5484013566192.168.2.2383.222.111.9
                                            Jan 8, 2025 19:51:02.049412966 CET135665307683.222.134.186192.168.2.23
                                            Jan 8, 2025 19:51:02.049452066 CET5307613566192.168.2.2383.222.134.186
                                            Jan 8, 2025 19:51:02.049500942 CET5926013566192.168.2.2383.222.31.2
                                            Jan 8, 2025 19:51:02.054339886 CET135665926083.222.31.2192.168.2.23
                                            Jan 8, 2025 19:51:02.054361105 CET5981413566192.168.2.2383.222.246.80
                                            Jan 8, 2025 19:51:02.054378033 CET5926013566192.168.2.2383.222.31.2
                                            Jan 8, 2025 19:51:02.059171915 CET135665981483.222.246.80192.168.2.23
                                            Jan 8, 2025 19:51:02.059216022 CET5981413566192.168.2.2383.222.246.80
                                            Jan 8, 2025 19:51:02.059539080 CET5577813566192.168.2.2383.222.223.206
                                            Jan 8, 2025 19:51:02.064327955 CET135665577883.222.223.206192.168.2.23
                                            Jan 8, 2025 19:51:02.064373970 CET5577813566192.168.2.2383.222.223.206
                                            Jan 8, 2025 19:51:02.064848900 CET5481013566192.168.2.2383.222.23.210
                                            Jan 8, 2025 19:51:02.069627047 CET135665481083.222.23.210192.168.2.23
                                            Jan 8, 2025 19:51:02.069664955 CET5481013566192.168.2.2383.222.23.210
                                            Jan 8, 2025 19:51:02.071058989 CET6034613566192.168.2.2383.222.54.90
                                            Jan 8, 2025 19:51:02.075884104 CET135666034683.222.54.90192.168.2.23
                                            Jan 8, 2025 19:51:02.075927019 CET6034613566192.168.2.2383.222.54.90
                                            Jan 8, 2025 19:51:02.077181101 CET4078013566192.168.2.2383.222.203.98
                                            Jan 8, 2025 19:51:02.081980944 CET135664078083.222.203.98192.168.2.23
                                            Jan 8, 2025 19:51:02.082025051 CET4078013566192.168.2.2383.222.203.98
                                            Jan 8, 2025 19:51:02.083343983 CET4229813566192.168.2.2383.222.93.195
                                            Jan 8, 2025 19:51:02.088218927 CET135664229883.222.93.195192.168.2.23
                                            Jan 8, 2025 19:51:02.088270903 CET4229813566192.168.2.2383.222.93.195
                                            Jan 8, 2025 19:51:02.089473963 CET3883413566192.168.2.2383.222.184.45
                                            Jan 8, 2025 19:51:02.094286919 CET135663883483.222.184.45192.168.2.23
                                            Jan 8, 2025 19:51:02.094326019 CET3883413566192.168.2.2383.222.184.45
                                            Jan 8, 2025 19:51:02.097686052 CET4195213566192.168.2.2383.222.1.96
                                            Jan 8, 2025 19:51:02.102515936 CET135664195283.222.1.96192.168.2.23
                                            Jan 8, 2025 19:51:02.102571011 CET4195213566192.168.2.2383.222.1.96
                                            Jan 8, 2025 19:51:02.104932070 CET4195213566192.168.2.2383.222.1.96
                                            Jan 8, 2025 19:51:02.109831095 CET135664195283.222.1.96192.168.2.23
                                            Jan 8, 2025 19:51:02.109890938 CET4195213566192.168.2.2383.222.1.96
                                            Jan 8, 2025 19:51:02.120729923 CET4271613566192.168.2.2383.222.191.90
                                            Jan 8, 2025 19:51:02.125572920 CET135664271683.222.191.90192.168.2.23
                                            Jan 8, 2025 19:51:02.125624895 CET4271613566192.168.2.2383.222.191.90
                                            Jan 8, 2025 19:51:02.127619028 CET4271613566192.168.2.2383.222.191.90
                                            Jan 8, 2025 19:51:02.132544041 CET135664271683.222.191.90192.168.2.23
                                            Jan 8, 2025 19:51:02.132589102 CET4271613566192.168.2.2383.222.191.90
                                            Jan 8, 2025 19:51:02.137365103 CET135664271683.222.191.90192.168.2.23
                                            Jan 8, 2025 19:51:03.300817013 CET43928443192.168.2.2391.189.91.42
                                            Jan 8, 2025 19:51:08.932043076 CET42836443192.168.2.2391.189.91.43
                                            Jan 8, 2025 19:51:10.467897892 CET4251680192.168.2.23109.202.202.202
                                            Jan 8, 2025 19:51:12.132018089 CET4271613566192.168.2.2383.222.191.90
                                            Jan 8, 2025 19:51:12.136885881 CET135664271683.222.191.90192.168.2.23
                                            Jan 8, 2025 19:51:12.336652040 CET135664271683.222.191.90192.168.2.23
                                            Jan 8, 2025 19:51:12.336765051 CET4271613566192.168.2.2383.222.191.90
                                            Jan 8, 2025 19:51:12.744738102 CET135664271683.222.191.90192.168.2.23
                                            Jan 8, 2025 19:51:12.744946003 CET4271613566192.168.2.2383.222.191.90
                                            Jan 8, 2025 19:51:23.266091108 CET43928443192.168.2.2391.189.91.42
                                            Jan 8, 2025 19:51:35.552371025 CET42836443192.168.2.2391.189.91.43
                                            Jan 8, 2025 19:51:41.695513964 CET4251680192.168.2.23109.202.202.202
                                            Jan 8, 2025 19:52:04.220470905 CET43928443192.168.2.2391.189.91.42
                                            Jan 8, 2025 19:52:12.793634892 CET4271613566192.168.2.2383.222.191.90
                                            Jan 8, 2025 19:52:12.798588037 CET135664271683.222.191.90192.168.2.23
                                            Jan 8, 2025 19:52:12.997734070 CET135664271683.222.191.90192.168.2.23
                                            Jan 8, 2025 19:52:12.997878075 CET4271613566192.168.2.2383.222.191.90
                                            Jan 8, 2025 19:52:13.745471001 CET135664271683.222.191.90192.168.2.23
                                            Jan 8, 2025 19:52:13.745565891 CET4271613566192.168.2.2383.222.191.90

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 8, 2025 19:51:02.108376026 CET3515553192.168.2.238.8.8.8
                                            Jan 8, 2025 19:51:02.118469954 CET53351558.8.8.8192.168.2.23

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Jan 8, 2025 19:51:02.108376026 CET192.168.2.238.8.8.80x9db7Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Jan 8, 2025 19:51:02.118469954 CET8.8.8.8192.168.2.230x9db7No error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

                                            System Behavior

                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/tmp/Kloki.arm7.elf
                                            Arguments:/tmp/Kloki.arm7.elf
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/tmp/Kloki.arm7.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/tmp/Kloki.arm7.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/tmp/Kloki.arm7.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/usr/libexec/gnome-session-binary
                                            Arguments:-
                                            File size:334664 bytes
                                            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/bin/sh
                                            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/usr/libexec/gsd-sharing
                                            Arguments:/usr/libexec/gsd-sharing
                                            File size:35424 bytes
                                            MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/usr/libexec/gnome-session-binary
                                            Arguments:-
                                            File size:334664 bytes
                                            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/bin/sh
                                            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/usr/bin/gnome-shell
                                            Arguments:/usr/bin/gnome-shell
                                            File size:23168 bytes
                                            MD5 hash:da7a257239677622fe4b3a65972c9e87

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/usr/libexec/gnome-session-binary
                                            Arguments:-
                                            File size:334664 bytes
                                            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/bin/sh
                                            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:01
                                            Start date (UTC):08/01/2025
                                            Path:/usr/libexec/gsd-print-notifications
                                            Arguments:/usr/libexec/gsd-print-notifications
                                            File size:51840 bytes
                                            MD5 hash:71539698aa691718cee775d6b9450ae2

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/usr/libexec/gnome-session-binary
                                            Arguments:-
                                            File size:334664 bytes
                                            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:00
                                            Start date (UTC):08/01/2025
                                            Path:/bin/sh
                                            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:01
                                            Start date (UTC):08/01/2025
                                            Path:/usr/sbin/gdm3
                                            Arguments:-
                                            File size:453296 bytes
                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:01
                                            Start date (UTC):08/01/2025
                                            Path:/etc/gdm3/PrimeOff/Default
                                            Arguments:/etc/gdm3/PrimeOff/Default
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Chronological Activities


                                            General

                                            Start time (UTC):18:51:01
                                            Start date (UTC):08/01/2025
                                            Path:/usr/sbin/gdm3
                                            Arguments:-
                                            File size:453296 bytes
                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                            Chronological Activities