Edit tour

Linux Analysis Report
spc.elf

Overview

General Information

Sample name:	spc.elf
Analysis ID:	1589170
MD5:	4f7f0dab1d24e937c23e6751ef51e43b
SHA1:	fd8c1dcea98b5299c1a3a9cba82951f3503e5b92
SHA256:	d5f3530e9847792931687d2d693fda27de9b6d32de5650d33f8aef6aa9c53af8
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai, Moobot

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Detected Mirai

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Mirai

Yara detected Moobot

Connects to many ports of the same IP (likely port scanning)

Sample deletes itself

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes the "rm" command used to delete files or directories

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589170
Start date and time:	2025-01-11 14:45:02 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	spc.elf
Detection:	MAL
Classification:	mal100.troj.evad.linELF@0/0@74/0

Warnings

VT rate limit hit for: update.byeux.com

Runtime Messages

Command:	/tmp/spc.elf
PID:	6265
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	done.
Standard Error:

Process Tree

system is lnxubuntu20

spc.elf (PID: 6265, Parent: 6189, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/spc.elf

spc.elf New Fork (PID: 6267, Parent: 6265)

spc.elf New Fork (PID: 6269, Parent: 6267)

spc.elf New Fork (PID: 6270, Parent: 6267)

spc.elf New Fork (PID: 6273, Parent: 6270)

dash New Fork (PID: 6280, Parent: 4331)

rm (PID: 6280, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.lmaZ6NiHPq /tmp/tmp.Hdcvw0I1J0 /tmp/tmp.EKhH8LMmJS

dash New Fork (PID: 6281, Parent: 4331)

rm (PID: 6281, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.lmaZ6NiHPq /tmp/tmp.Hdcvw0I1J0 /tmp/tmp.EKhH8LMmJS

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Name	Description	Attribution	Blogpost URLs	Link
MooBot		No Attribution	https://blog.netlab.360.com/ddos-botnet-moobot-en/ https://blog.netlab.360.com/moobot-0day-unixcctv-dvr-en/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/ https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-RUSSIAN-ACTORS-USE-ROUTERS-FACILITATE-CYBER_OPERATIONS.PDF https://otx.alienvault.com/pulse/6075b645942d5adf9bb8949b	https://malpedia.caad.fkie.fraunhofer.de/details/elf.moobot

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
spc.elf	JoeSecurity_Moobot	Yara detected Moobot	Joe Security
spc.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
spc.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xc630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc66c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc70c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc75c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc798:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc7ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc7c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
6265.1.00007fac90011000.00007fac9001f000.r-x.sdmp	JoeSecurity_Moobot	Yara detected Moobot	Joe Security
6265.1.00007fac90011000.00007fac9001f000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6265.1.00007fac90011000.00007fac9001f000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xc630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc66c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc70c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc75c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc798:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc7ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc7c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: spc.elf PID: 6265	JoeSecurity_Moobot	Yara detected Moobot	Joe Security
Process Memory Space: spc.elf PID: 6265	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: spc.elf PID: 6265	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xcd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xf5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x109:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x131:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x145:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x159:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x181:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x195:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1f9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x221:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x235:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x249:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x25d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 1 entries

Suricata Signatures

ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T14:46:20.765035+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60542	107.189.4.201	58431	TCP
2025-01-11T14:46:22.417059+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60544	107.189.4.201	58431	TCP
2025-01-11T14:46:24.181642+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60546	107.189.4.201	58431	TCP
2025-01-11T14:46:25.846831+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60548	107.189.4.201	58431	TCP
2025-01-11T14:46:27.645719+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60550	107.189.4.201	58431	TCP
2025-01-11T14:46:29.384069+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60552	107.189.4.201	58431	TCP
2025-01-11T14:46:31.370054+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60554	107.189.4.201	58431	TCP
2025-01-11T14:46:33.337002+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60556	107.189.4.201	58431	TCP
2025-01-11T14:46:35.006115+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60558	107.189.4.201	58431	TCP
2025-01-11T14:46:36.729349+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60560	107.189.4.201	58431	TCP
2025-01-11T14:46:38.380070+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60562	107.189.4.201	58431	TCP
2025-01-11T14:46:40.055199+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60564	107.189.4.201	58431	TCP
2025-01-11T14:46:41.742733+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60566	107.189.4.201	58431	TCP
2025-01-11T14:46:43.395293+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60568	107.189.4.201	58431	TCP
2025-01-11T14:46:45.055082+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60570	107.189.4.201	58431	TCP
2025-01-11T14:46:46.707600+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60572	107.189.4.201	58431	TCP
2025-01-11T14:46:48.378751+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60574	107.189.4.201	58431	TCP
2025-01-11T14:46:50.021590+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60576	107.189.4.201	58431	TCP
2025-01-11T14:46:51.681739+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60578	107.189.4.201	58431	TCP
2025-01-11T14:46:53.333534+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60580	107.189.4.201	58431	TCP
2025-01-11T14:46:55.022517+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60582	107.189.4.201	58431	TCP
2025-01-11T14:46:56.801030+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60584	107.189.4.201	58431	TCP
2025-01-11T14:46:58.461457+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60586	107.189.4.201	58431	TCP
2025-01-11T14:47:00.132101+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60588	107.189.4.201	58431	TCP
2025-01-11T14:47:01.930840+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60590	107.189.4.201	58431	TCP
2025-01-11T14:47:03.621060+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60592	107.189.4.201	58431	TCP
2025-01-11T14:47:05.289293+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60594	107.189.4.201	58431	TCP
2025-01-11T14:47:06.946604+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60596	107.189.4.201	58431	TCP
2025-01-11T14:47:08.599470+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60598	107.189.4.201	58431	TCP
2025-01-11T14:47:10.281030+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60600	107.189.4.201	58431	TCP
2025-01-11T14:47:11.947997+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60602	107.189.4.201	58431	TCP
2025-01-11T14:47:13.662891+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60604	107.189.4.201	58431	TCP
2025-01-11T14:47:15.303195+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60606	107.189.4.201	58431	TCP
2025-01-11T14:47:17.106759+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60608	107.189.4.201	58431	TCP
2025-01-11T14:47:18.756051+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60610	107.189.4.201	58431	TCP
2025-01-11T14:47:21.047177+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60612	107.189.4.201	58431	TCP
2025-01-11T14:47:22.712873+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60614	107.189.4.201	58431	TCP
2025-01-11T14:47:24.383104+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60616	107.189.4.201	58431	TCP
2025-01-11T14:47:26.040850+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60618	107.189.4.201	58431	TCP
2025-01-11T14:47:27.708947+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60620	107.189.4.201	58431	TCP
2025-01-11T14:47:29.351143+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60622	107.189.4.201	58431	TCP
2025-01-11T14:47:30.990277+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60624	107.189.4.201	58431	TCP
2025-01-11T14:47:32.652578+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60626	107.189.4.201	58431	TCP
2025-01-11T14:47:34.421577+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60628	107.189.4.201	58431	TCP
2025-01-11T14:47:36.088768+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60630	107.189.4.201	58431	TCP
2025-01-11T14:47:37.744539+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60632	107.189.4.201	58431	TCP
2025-01-11T14:47:39.416170+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60634	107.189.4.201	58431	TCP
2025-01-11T14:47:41.071612+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60636	107.189.4.201	58431	TCP
2025-01-11T14:47:42.730002+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60638	107.189.4.201	58431	TCP
2025-01-11T14:47:44.380677+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60640	107.189.4.201	58431	TCP
2025-01-11T14:47:46.069385+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60642	107.189.4.201	58431	TCP
2025-01-11T14:47:47.708788+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60644	107.189.4.201	58431	TCP
2025-01-11T14:47:49.366319+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60646	107.189.4.201	58431	TCP
2025-01-11T14:47:51.039289+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60648	107.189.4.201	58431	TCP
2025-01-11T14:47:52.862700+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60650	107.189.4.201	58431	TCP
2025-01-11T14:47:54.538393+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60652	107.189.4.201	58431	TCP
2025-01-11T14:47:56.178640+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60654	107.189.4.201	58431	TCP
2025-01-11T14:47:57.836945+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60656	107.189.4.201	58431	TCP
2025-01-11T14:47:59.490788+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60658	107.189.4.201	58431	TCP
2025-01-11T14:48:01.162041+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60660	107.189.4.201	58431	TCP
2025-01-11T14:48:02.821186+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60662	107.189.4.201	58431	TCP
2025-01-11T14:48:04.480279+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60664	107.189.4.201	58431	TCP
2025-01-11T14:48:06.149851+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60666	107.189.4.201	58431	TCP
2025-01-11T14:48:07.821260+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60668	107.189.4.201	58431	TCP
2025-01-11T14:48:09.488156+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60670	107.189.4.201	58431	TCP
2025-01-11T14:48:11.150747+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60672	107.189.4.201	58431	TCP
2025-01-11T14:48:12.804547+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60674	107.189.4.201	58431	TCP
2025-01-11T14:48:14.463271+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60676	107.189.4.201	58431	TCP
2025-01-11T14:48:16.147552+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60678	107.189.4.201	58431	TCP
2025-01-11T14:48:17.808063+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60680	107.189.4.201	58431	TCP
2025-01-11T14:48:19.488896+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60682	107.189.4.201	58431	TCP
2025-01-11T14:48:21.132399+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60684	107.189.4.201	58431	TCP
2025-01-11T14:48:22.809478+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60686	107.189.4.201	58431	TCP
2025-01-11T14:48:24.488996+0100	2030491	1	Malware Command and Control Activity Detected	192.168.2.23	60688	107.189.4.201	58431	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: spc.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: spc.elf	Virustotal: Detection: 65%			Perma Link
Source: spc.elf	ReversingLabs: Detection: 65%

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60554 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60546 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60578 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60576 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60562 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60560 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60574 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60566 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60584 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60572 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60550 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60558 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60638 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60544 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60564 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60598 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60654 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60596 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60606 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60570 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60580 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60582 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60610 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60548 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60614 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60668 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60648 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60594 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60590 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60650 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60642 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60658 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60556 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60600 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60656 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60588 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60634 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60552 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60660 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60664 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60670 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60682 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60542 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60674 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60586 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60568 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60636 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60632 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60608 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60652 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60622 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60676 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60680 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60640 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60602 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60644 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60686 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60620 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60672 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60618 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60688 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60662 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60666 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60592 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60628 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60646 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60678 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60612 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60684 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60630 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60604 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60616 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60624 -> 107.189.4.201:58431
Source: Network traffic	Suricata IDS: 2030491 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+) : 192.168.2.23:60626 -> 107.189.4.201:58431

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 107.189.4.201 ports 58431,1,3,4,5,8

Source: global traffic

TCP traffic: 192.168.2.23:60542 -> 107.189.4.201:58431

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Source: global traffic

DNS traffic detected: DNS query: update.byeux.com

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39256
Source: unknown	Network traffic detected: HTTP traffic on port 39256 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: spc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6265.1.00007fac90011000.00007fac9001f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: spc.elf PID: 6265, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: spc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6265.1.00007fac90011000.00007fac9001f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: spc.elf PID: 6265, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal100.troj.evad.linELF@0/0@74/0

Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1582/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/3088/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/230/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/232/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1579/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1699/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/234/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1335/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1698/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1334/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1576/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/2302/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/236/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/237/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/910/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/6227/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/912/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/2307/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/918/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1594/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1349/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1344/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1465/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1586/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/248/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/249/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1463/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/801/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/20/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/21/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1900/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/23/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/24/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/25/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/26/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/27/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/28/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/29/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/491/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/250/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/130/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/251/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/6250/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/252/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/132/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/253/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/254/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/255/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/256/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1599/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/257/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1477/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/379/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/258/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1476/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/259/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1475/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/6249/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/4745/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/30/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/2208/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/35/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1809/cmdline	Jump to behavior
Source: /tmp/spc.elf (PID: 6269)	File opened: /proc/1494/cmdline	Jump to behavior

Source: /usr/bin/dash (PID: 6280)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.lmaZ6NiHPq /tmp/tmp.Hdcvw0I1J0 /tmp/tmp.EKhH8LMmJS			Jump to behavior
Source: /usr/bin/dash (PID: 6281)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.lmaZ6NiHPq /tmp/tmp.Hdcvw0I1J0 /tmp/tmp.EKhH8LMmJS			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/spc.elf (PID: 6265)

File: /tmp/spc.elf

Jump to behavior

Source: /tmp/spc.elf (PID: 6265)

Queries kernel information via 'uname':

Jump to behavior

Source: spc.elf, 6265.1.0000563a70f90000.0000563a71015000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sparc
Source: spc.elf, 6265.1.0000563a70f90000.0000563a71015000.rw-.sdmp	Binary or memory string: p:V!/etc/qemu-binfmt/sparc
Source: spc.elf, 6265.1.00007ffc3f9a6000.00007ffc3f9c7000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sparc/tmp/spc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/spc.elf
Source: spc.elf, 6265.1.00007ffc3f9a6000.00007ffc3f9c7000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sparc

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: spc.elf, type: SAMPLE
Source: Yara match	File source: 6265.1.00007fac90011000.00007fac9001f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: spc.elf PID: 6265, type: MEMORYSTR

Yara detected Moobot

Source: Yara match	File source: spc.elf, type: SAMPLE
Source: Yara match	File source: 6265.1.00007fac90011000.00007fac9001f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: spc.elf PID: 6265, type: MEMORYSTR

Remote Access Functionality

Detected Mirai

Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)

Yara detected Mirai

Source: Yara match	File source: spc.elf, type: SAMPLE
Source: Yara match	File source: 6265.1.00007fac90011000.00007fac9001f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: spc.elf PID: 6265, type: MEMORYSTR

Yara detected Moobot

Source: Yara match	File source: spc.elf, type: SAMPLE
Source: Yara match	File source: 6265.1.00007fac90011000.00007fac9001f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: spc.elf PID: 6265, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 File Deletion	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
spc.elf	65%	Virustotal		Browse
spc.elf	66%	ReversingLabs	Linux.Trojan.Mirai
spc.elf	100%	Avira	EXP/ELF.Mirai.Z.A

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
update.byeux.com	107.189.4.201	true	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
107.189.4.201	update.byeux.com	United States	53667	PONYNETUS	true
34.249.145.219	unknown	United States	16509	AMAZON-02US	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
107.189.4.201	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse
	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse
	x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse
	JVL2bXW1ch.elf	Get hash	malicious	Mirai, Moobot	Browse
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse
34.249.145.219	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse
	Space.mips.elf	Get hash	malicious	Unknown	Browse
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse
	la.bot.arm7.elf	Get hash	malicious	Mirai	Browse
	mpsl.elf	Get hash	malicious	Mirai	Browse
	la.bot.arm5.elf	Get hash	malicious	Mirai	Browse
	main_arm.elf	Get hash	malicious	Mirai	Browse
	main_m68k.elf	Get hash	malicious	Mirai	Browse
	i586.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.42	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse
	ARMV6L.elf	Get hash	malicious	Unknown	Browse
	I586.elf	Get hash	malicious	Unknown	Browse
	POWERPC.elf	Get hash	malicious	Unknown	Browse
	SH4.elf	Get hash	malicious	Unknown	Browse
	sss.elf	Get hash	malicious	Gafgyt	Browse
	ARMV5L.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
update.byeux.com	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	107.189.4.201
	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	107.189.4.201
	x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse	107.189.4.201
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	107.189.4.201
	JVL2bXW1ch.elf	Get hash	malicious	Mirai, Moobot	Browse	107.189.4.201
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	107.189.4.201
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	107.189.4.201

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	91.189.91.42
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	91.189.91.42
	arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	91.189.91.42
	ARMV6L.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	I586.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	POWERPC.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SH4.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sst.elf	Get hash	malicious	Gafgyt	Browse	185.125.190.26
	sss.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
INIT7CH	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	109.202.202.202
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	109.202.202.202
	arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	109.202.202.202
	ARMV6L.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	I586.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	POWERPC.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	SH4.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	sss.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	ARMV5L.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
AMAZON-02US	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	34.249.145.219
	res.x86.elf	Get hash	malicious	Unknown	Browse	18.134.184.155
	Space.mips.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	QsBdpe1gK5.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	54.67.42.145
	HN1GiQ5tF7.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	qbSIgCrCgw.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	8L6MBxaJ2m.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	6.elf	Get hash	malicious	Unknown	Browse	54.122.159.233
	SH4.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
	3.elf	Get hash	malicious	Unknown	Browse	13.214.70.119
PONYNETUS	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	107.189.4.201
	uShK30bvrV.exe	Get hash	malicious	Remcos	Browse	172.86.115.221
	miori.spc.elf	Get hash	malicious	Unknown	Browse	107.189.6.73
	cZO.exe	Get hash	malicious	Unknown	Browse	107.189.28.6
	file.exe	Get hash	malicious	Unknown	Browse	205.185.126.56
	file.exe	Get hash	malicious	Unknown	Browse	205.185.126.56
	file.exe	Get hash	malicious	GhostRat, Nitol	Browse	198.98.57.188
	lx64.elf	Get hash	malicious	Unknown	Browse	205.185.126.56
	https://u48917305.ct.sendgrid.net/ls/click?upn=u001.ztQPJiWtq2gO8V-2Ftd7SxY9UCAq3VScTPSloeIw5UEMPd6e3nbPRvJ98moPTqmrdQ1eNbvwZHJ-2BEb4HrooVFNCTltmXW6SgRONKSmPzdFoWfDQT97cczFZ0vj7M2xBd2izDTi-2BL-2BoVqB8yVzV2GW7vOPvy3s9yVghrOS5vs-2BSnWyzJMkXQxVEReq4oLCDet7QAOvo_JkpSD-2Bg6VoLAQppUKMb-2BxDh4v4nbOeQFT31aoN-2FLkhvFCzY6wdlGM7RTNIi47OKR1tTaghG8tTKssArDNPSXAfX9wO6nsZ2FHn-2FunyaOti-2FaII-2FnbKYDXJOImW-2Bs9f4tYnWj8rqO7L0kp4KNRHBDo0iHoL8DEOGc8GMtzqzsIqERel6-2FxJyY4DBnsnUTOc2I4HCPKA6lxcCEXMtxEA1-2FnQ-3D-3D	Get hash	malicious	HTMLPhisher	Browse	198.251.89.144
	arm6.elf	Get hash	malicious	Mirai, Moobot	Browse	209.141.47.117

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.162474954251594
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	spc.elf
File size:	58'688 bytes
MD5:	4f7f0dab1d24e937c23e6751ef51e43b
SHA1:	fd8c1dcea98b5299c1a3a9cba82951f3503e5b92
SHA256:	d5f3530e9847792931687d2d693fda27de9b6d32de5650d33f8aef6aa9c53af8
SHA512:	8fb72d081d30981935974c89218df7959040def1339619059850f7c8e27fbeede7795b4f6738251bff97a9ca447560b6a6e08514bd444b443858c9b65bdaf058
SSDEEP:	1536:v6dIzQlmFrKq+uhTsufe7xqIQuEL75WtfbNPr+:y4TDOx1mVgNPr+
TLSH:	D1433C21BA761E27C0C1A47621FB4B25B6F147DE26E8C60A3DB20D9FAF705406553EF8
File Content Preview:	.ELF...........................4.........4. ...(.......................................................p..%P........dt.Q................................@..(....@.1.................#.....cp..`.....!..... ...@.....".........`......$ ... ...@...........`....

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	Sparc
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x101a4
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	58288
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10094	0x94	0x1c	0x0	0x6	AX	4
.text	PROGBITS	0x100b0	0xb0	0xc488	0x0	0x6	AX	4
.fini	PROGBITS	0x1c538	0xc538	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x1c550	0xc550	0x1aa8	0x0	0x2	A	8
.ctors	PROGBITS	0x2e000	0xe000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x2e008	0xe008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x2e018	0xe018	0x358	0x0	0x3	WA	8
.bss	NOBITS	0x2e370	0xe370	0x21e0	0x0	0x3	WA	8
.shstrtab	STRTAB	0x0	0xe370	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000	0x10000	0xdff8	0xdff8	6.2061	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xe000	0x2e000	0x2e000	0x370	0x2550	2.6336	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-11T14:46:20.765035+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60542	107.189.4.201	58431	TCP
2025-01-11T14:46:22.417059+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60544	107.189.4.201	58431	TCP
2025-01-11T14:46:24.181642+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60546	107.189.4.201	58431	TCP
2025-01-11T14:46:25.846831+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60548	107.189.4.201	58431	TCP
2025-01-11T14:46:27.645719+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60550	107.189.4.201	58431	TCP
2025-01-11T14:46:29.384069+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60552	107.189.4.201	58431	TCP
2025-01-11T14:46:31.370054+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60554	107.189.4.201	58431	TCP
2025-01-11T14:46:33.337002+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60556	107.189.4.201	58431	TCP
2025-01-11T14:46:35.006115+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60558	107.189.4.201	58431	TCP
2025-01-11T14:46:36.729349+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60560	107.189.4.201	58431	TCP
2025-01-11T14:46:38.380070+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60562	107.189.4.201	58431	TCP
2025-01-11T14:46:40.055199+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60564	107.189.4.201	58431	TCP
2025-01-11T14:46:41.742733+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60566	107.189.4.201	58431	TCP
2025-01-11T14:46:43.395293+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60568	107.189.4.201	58431	TCP
2025-01-11T14:46:45.055082+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60570	107.189.4.201	58431	TCP
2025-01-11T14:46:46.707600+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60572	107.189.4.201	58431	TCP
2025-01-11T14:46:48.378751+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60574	107.189.4.201	58431	TCP
2025-01-11T14:46:50.021590+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60576	107.189.4.201	58431	TCP
2025-01-11T14:46:51.681739+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60578	107.189.4.201	58431	TCP
2025-01-11T14:46:53.333534+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60580	107.189.4.201	58431	TCP
2025-01-11T14:46:55.022517+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60582	107.189.4.201	58431	TCP
2025-01-11T14:46:56.801030+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60584	107.189.4.201	58431	TCP
2025-01-11T14:46:58.461457+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60586	107.189.4.201	58431	TCP
2025-01-11T14:47:00.132101+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60588	107.189.4.201	58431	TCP
2025-01-11T14:47:01.930840+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60590	107.189.4.201	58431	TCP
2025-01-11T14:47:03.621060+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60592	107.189.4.201	58431	TCP
2025-01-11T14:47:05.289293+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60594	107.189.4.201	58431	TCP
2025-01-11T14:47:06.946604+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60596	107.189.4.201	58431	TCP
2025-01-11T14:47:08.599470+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60598	107.189.4.201	58431	TCP
2025-01-11T14:47:10.281030+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60600	107.189.4.201	58431	TCP
2025-01-11T14:47:11.947997+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60602	107.189.4.201	58431	TCP
2025-01-11T14:47:13.662891+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60604	107.189.4.201	58431	TCP
2025-01-11T14:47:15.303195+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60606	107.189.4.201	58431	TCP
2025-01-11T14:47:17.106759+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60608	107.189.4.201	58431	TCP
2025-01-11T14:47:18.756051+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60610	107.189.4.201	58431	TCP
2025-01-11T14:47:21.047177+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60612	107.189.4.201	58431	TCP
2025-01-11T14:47:22.712873+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60614	107.189.4.201	58431	TCP
2025-01-11T14:47:24.383104+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60616	107.189.4.201	58431	TCP
2025-01-11T14:47:26.040850+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60618	107.189.4.201	58431	TCP
2025-01-11T14:47:27.708947+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60620	107.189.4.201	58431	TCP
2025-01-11T14:47:29.351143+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60622	107.189.4.201	58431	TCP
2025-01-11T14:47:30.990277+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60624	107.189.4.201	58431	TCP
2025-01-11T14:47:32.652578+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60626	107.189.4.201	58431	TCP
2025-01-11T14:47:34.421577+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60628	107.189.4.201	58431	TCP
2025-01-11T14:47:36.088768+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60630	107.189.4.201	58431	TCP
2025-01-11T14:47:37.744539+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60632	107.189.4.201	58431	TCP
2025-01-11T14:47:39.416170+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60634	107.189.4.201	58431	TCP
2025-01-11T14:47:41.071612+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60636	107.189.4.201	58431	TCP
2025-01-11T14:47:42.730002+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60638	107.189.4.201	58431	TCP
2025-01-11T14:47:44.380677+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60640	107.189.4.201	58431	TCP
2025-01-11T14:47:46.069385+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60642	107.189.4.201	58431	TCP
2025-01-11T14:47:47.708788+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60644	107.189.4.201	58431	TCP
2025-01-11T14:47:49.366319+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60646	107.189.4.201	58431	TCP
2025-01-11T14:47:51.039289+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60648	107.189.4.201	58431	TCP
2025-01-11T14:47:52.862700+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60650	107.189.4.201	58431	TCP
2025-01-11T14:47:54.538393+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60652	107.189.4.201	58431	TCP
2025-01-11T14:47:56.178640+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60654	107.189.4.201	58431	TCP
2025-01-11T14:47:57.836945+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60656	107.189.4.201	58431	TCP
2025-01-11T14:47:59.490788+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60658	107.189.4.201	58431	TCP
2025-01-11T14:48:01.162041+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60660	107.189.4.201	58431	TCP
2025-01-11T14:48:02.821186+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60662	107.189.4.201	58431	TCP
2025-01-11T14:48:04.480279+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60664	107.189.4.201	58431	TCP
2025-01-11T14:48:06.149851+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60666	107.189.4.201	58431	TCP
2025-01-11T14:48:07.821260+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60668	107.189.4.201	58431	TCP
2025-01-11T14:48:09.488156+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60670	107.189.4.201	58431	TCP
2025-01-11T14:48:11.150747+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60672	107.189.4.201	58431	TCP
2025-01-11T14:48:12.804547+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60674	107.189.4.201	58431	TCP
2025-01-11T14:48:14.463271+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60676	107.189.4.201	58431	TCP
2025-01-11T14:48:16.147552+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60678	107.189.4.201	58431	TCP
2025-01-11T14:48:17.808063+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60680	107.189.4.201	58431	TCP
2025-01-11T14:48:19.488896+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60682	107.189.4.201	58431	TCP
2025-01-11T14:48:21.132399+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60684	107.189.4.201	58431	TCP
2025-01-11T14:48:22.809478+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60686	107.189.4.201	58431	TCP
2025-01-11T14:48:24.488996+0100	2030491	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M2 (Group String Len 2+)	1	192.168.2.23	60688	107.189.4.201	58431	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 14:46:19.871129036 CET	43928	443	192.168.2.23	91.189.91.42
Jan 11, 2025 14:46:20.754048109 CET	60542	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:20.758975029 CET	58431	60542	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:20.759198904 CET	60542	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:20.765034914 CET	60542	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:20.769849062 CET	58431	60542	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:22.396585941 CET	58431	60542	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:22.396871090 CET	60542	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:22.401803970 CET	58431	60542	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:22.408826113 CET	60544	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:22.413790941 CET	58431	60544	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:22.413863897 CET	60544	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:22.417058945 CET	60544	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:22.421905994 CET	58431	60544	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:24.055588961 CET	58431	60544	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:24.055879116 CET	60544	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:24.060878992 CET	58431	60544	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:24.171421051 CET	60546	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:24.176358938 CET	58431	60546	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:24.176431894 CET	60546	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:24.181642056 CET	60546	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:24.186491966 CET	58431	60546	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:25.818298101 CET	58431	60546	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:25.818423986 CET	60546	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:25.823367119 CET	58431	60546	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:25.835344076 CET	60548	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:25.842793941 CET	58431	60548	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:25.842924118 CET	60548	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:25.846831083 CET	60548	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:25.852937937 CET	58431	60548	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:27.476272106 CET	58431	60548	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:27.476377964 CET	60548	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:27.481400967 CET	58431	60548	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:27.636008978 CET	60550	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:27.640868902 CET	58431	60550	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:27.640925884 CET	60550	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:27.645719051 CET	60550	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:27.650572062 CET	58431	60550	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:29.272119045 CET	58431	60550	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:29.272217035 CET	60550	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:29.277108908 CET	58431	60550	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:29.378113985 CET	60552	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:29.382972956 CET	58431	60552	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:29.383030891 CET	60552	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:29.384068966 CET	60552	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:29.388894081 CET	58431	60552	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:30.780483961 CET	443	39256	34.249.145.219	192.168.2.23
Jan 11, 2025 14:46:30.784094095 CET	39256	443	192.168.2.23	34.249.145.219
Jan 11, 2025 14:46:30.789134026 CET	443	39256	34.249.145.219	192.168.2.23
Jan 11, 2025 14:46:31.057384014 CET	58431	60552	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:31.057499886 CET	60552	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:31.057499886 CET	60552	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:31.062438011 CET	58431	60552	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:31.364274979 CET	60554	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:31.369179010 CET	58431	60554	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:31.369235992 CET	60554	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:31.370054007 CET	60554	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:31.374866009 CET	58431	60554	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:33.041692019 CET	58431	60554	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:33.044116020 CET	60554	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:33.049103022 CET	58431	60554	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:33.330926895 CET	60556	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:33.335866928 CET	58431	60556	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:33.335938931 CET	60556	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:33.337002039 CET	60556	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:33.341902018 CET	58431	60556	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:34.717084885 CET	42516	80	192.168.2.23	109.202.202.202
Jan 11, 2025 14:46:34.976592064 CET	58431	60556	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:34.976841927 CET	60556	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:34.981874943 CET	58431	60556	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:34.998086929 CET	60558	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:35.002984047 CET	58431	60558	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:35.003043890 CET	60558	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:35.006114960 CET	60558	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:35.011020899 CET	58431	60558	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:36.714483976 CET	58431	60558	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:36.714781046 CET	60558	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:36.719815969 CET	58431	60558	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:36.722973108 CET	60560	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:36.728696108 CET	58431	60560	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:36.728753090 CET	60560	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:36.729348898 CET	60560	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:36.734247923 CET	58431	60560	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:38.365942955 CET	58431	60560	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:38.366261005 CET	60560	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:38.371192932 CET	58431	60560	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:38.374490023 CET	60562	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:38.379358053 CET	58431	60562	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:38.379462957 CET	60562	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:38.380069971 CET	60562	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:38.384919882 CET	58431	60562	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:40.040726900 CET	58431	60562	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:40.040920973 CET	60562	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:40.045902967 CET	58431	60562	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:40.049556017 CET	60564	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:40.054531097 CET	58431	60564	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:40.054604053 CET	60564	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:40.055198908 CET	60564	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:40.060121059 CET	58431	60564	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:40.860251904 CET	43928	443	192.168.2.23	91.189.91.42
Jan 11, 2025 14:46:41.728509903 CET	58431	60564	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:41.728704929 CET	60564	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:41.733634949 CET	58431	60564	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:41.737128973 CET	60566	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:41.742054939 CET	58431	60566	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:41.742136002 CET	60566	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:41.742733002 CET	60566	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:41.748184919 CET	58431	60566	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:43.381273985 CET	58431	60566	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:43.381558895 CET	60566	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:43.386420965 CET	58431	60566	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:43.389753103 CET	60568	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:43.394578934 CET	58431	60568	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:43.394649029 CET	60568	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:43.395292997 CET	60568	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:43.400187969 CET	58431	60568	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:45.040872097 CET	58431	60568	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:45.041074038 CET	60568	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:45.045974970 CET	58431	60568	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:45.049357891 CET	60570	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:45.054192066 CET	58431	60570	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:45.054248095 CET	60570	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:45.055082083 CET	60570	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:45.059849977 CET	58431	60570	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:46.694025993 CET	58431	60570	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:46.694230080 CET	60570	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:46.699137926 CET	58431	60570	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:46.702258110 CET	60572	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:46.707084894 CET	58431	60572	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:46.707129955 CET	60572	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:46.707600117 CET	60572	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:46.712333918 CET	58431	60572	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:48.365405083 CET	58431	60572	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:48.365556002 CET	60572	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:48.370444059 CET	58431	60572	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:48.373363972 CET	60574	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:48.378118038 CET	58431	60574	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:48.378200054 CET	60574	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:48.378751040 CET	60574	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:48.383501053 CET	58431	60574	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:50.005750895 CET	58431	60574	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:50.005975962 CET	60574	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:50.010904074 CET	58431	60574	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:50.015610933 CET	60576	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:50.020549059 CET	58431	60576	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:50.020629883 CET	60576	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:50.021589994 CET	60576	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:50.026417017 CET	58431	60576	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:51.667279959 CET	58431	60576	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:51.667530060 CET	60576	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:51.672513962 CET	58431	60576	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:51.676069975 CET	60578	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:51.680974960 CET	58431	60578	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:51.681094885 CET	60578	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:51.681739092 CET	60578	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:51.686578989 CET	58431	60578	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:53.319295883 CET	58431	60578	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:53.319467068 CET	60578	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:53.324385881 CET	58431	60578	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:53.327883959 CET	60580	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:53.332855940 CET	58431	60580	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:53.332963943 CET	60580	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:53.333534002 CET	60580	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:53.338433981 CET	58431	60580	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:55.008641958 CET	58431	60580	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:55.008822918 CET	60580	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:55.013807058 CET	58431	60580	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:55.016962051 CET	60582	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:55.021802902 CET	58431	60582	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:55.021861076 CET	60582	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:55.022516966 CET	60582	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:55.027345896 CET	58431	60582	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:56.666222095 CET	58431	60582	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:56.666428089 CET	60582	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:56.671427965 CET	58431	60582	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:56.795051098 CET	60584	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:56.799968958 CET	58431	60584	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:56.800029039 CET	60584	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:56.801029921 CET	60584	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:56.805881977 CET	58431	60584	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:58.446506023 CET	58431	60584	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:58.446666956 CET	60584	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:58.451695919 CET	58431	60584	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:58.455473900 CET	60586	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:58.460372925 CET	58431	60586	107.189.4.201	192.168.2.23
Jan 11, 2025 14:46:58.460428953 CET	60586	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:58.461457014 CET	60586	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:46:58.466319084 CET	58431	60586	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:00.116518021 CET	58431	60586	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:00.116767883 CET	60586	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:00.121798038 CET	58431	60586	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:00.126106024 CET	60588	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:00.131061077 CET	58431	60588	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:00.131128073 CET	60588	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:00.132101059 CET	60588	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:00.137048960 CET	58431	60588	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:01.772119999 CET	58431	60588	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:01.772309065 CET	60588	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:01.777234077 CET	58431	60588	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:01.925071955 CET	60590	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:01.930052996 CET	58431	60590	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:01.930123091 CET	60590	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:01.930840015 CET	60590	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:01.935676098 CET	58431	60590	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:03.605870008 CET	58431	60590	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:03.606043100 CET	60590	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:03.611032009 CET	58431	60590	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:03.615189075 CET	60592	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:03.620062113 CET	58431	60592	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:03.620115995 CET	60592	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:03.621059895 CET	60592	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:03.625914097 CET	58431	60592	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:05.273773909 CET	58431	60592	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:05.273974895 CET	60592	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:05.278842926 CET	58431	60592	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:05.283164024 CET	60594	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:05.288105965 CET	58431	60594	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:05.288189888 CET	60594	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:05.289293051 CET	60594	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:05.294121981 CET	58431	60594	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:06.931993961 CET	58431	60594	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:06.932173967 CET	60594	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:06.937098980 CET	58431	60594	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:06.940639019 CET	60596	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:06.945579052 CET	58431	60596	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:06.945640087 CET	60596	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:06.946604013 CET	60596	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:06.954011917 CET	58431	60596	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:08.584306955 CET	58431	60596	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:08.584516048 CET	60596	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:08.589451075 CET	58431	60596	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:08.593533993 CET	60598	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:08.598474979 CET	58431	60598	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:08.598550081 CET	60598	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:08.599469900 CET	60598	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:08.604362965 CET	58431	60598	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:10.262998104 CET	58431	60598	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:10.263169050 CET	60598	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:10.269856930 CET	58431	60598	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:10.273828983 CET	60600	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:10.280008078 CET	58431	60600	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:10.280061960 CET	60600	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:10.281029940 CET	60600	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:10.285842896 CET	58431	60600	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:11.933067083 CET	58431	60600	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:11.933233023 CET	60600	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:11.938117027 CET	58431	60600	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:11.941993952 CET	60602	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:11.946885109 CET	58431	60602	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:11.946947098 CET	60602	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:11.947997093 CET	60602	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:11.952877998 CET	58431	60602	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:13.647511959 CET	58431	60602	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:13.647821903 CET	60602	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:13.652863979 CET	58431	60602	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:13.656737089 CET	60604	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:13.661751986 CET	58431	60604	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:13.661808968 CET	60604	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:13.662890911 CET	60604	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:13.667768002 CET	58431	60604	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:15.287689924 CET	58431	60604	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:15.287888050 CET	60604	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:15.292821884 CET	58431	60604	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:15.296586037 CET	60606	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:15.302207947 CET	58431	60606	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:15.302275896 CET	60606	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:15.303195000 CET	60606	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:15.308038950 CET	58431	60606	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:16.948725939 CET	58431	60606	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:16.948890924 CET	60606	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:16.953792095 CET	58431	60606	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:17.100740910 CET	60608	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:17.105598927 CET	58431	60608	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:17.105668068 CET	60608	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:17.106759071 CET	60608	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:17.111576080 CET	58431	60608	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:18.740938902 CET	58431	60608	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:18.741228104 CET	60608	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:18.746236086 CET	58431	60608	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:18.750086069 CET	60610	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:18.754941940 CET	58431	60610	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:18.755013943 CET	60610	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:18.756051064 CET	60610	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:18.760879993 CET	58431	60610	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:21.032238960 CET	58431	60610	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:21.032332897 CET	58431	60610	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:21.032402992 CET	60610	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:21.032450914 CET	60610	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:21.032475948 CET	58431	60610	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:21.032541990 CET	60610	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:21.037645102 CET	58431	60610	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:21.041321993 CET	60612	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:21.046123981 CET	58431	60612	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:21.046179056 CET	60612	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:21.047177076 CET	60612	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:21.051950932 CET	58431	60612	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:21.814522028 CET	43928	443	192.168.2.23	91.189.91.42
Jan 11, 2025 14:47:22.697746992 CET	58431	60612	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:22.697915077 CET	60612	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:22.702837944 CET	58431	60612	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:22.706866980 CET	60614	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:22.711735010 CET	58431	60614	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:22.711815119 CET	60614	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:22.712872982 CET	60614	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:22.717762947 CET	58431	60614	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:24.367686987 CET	58431	60614	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:24.367939949 CET	60614	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:24.372813940 CET	58431	60614	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:24.377119064 CET	60616	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:24.382008076 CET	58431	60616	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:24.382121086 CET	60616	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:24.383104086 CET	60616	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:24.387924910 CET	58431	60616	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:26.026506901 CET	58431	60616	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:26.026802063 CET	60616	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:26.031750917 CET	58431	60616	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:26.035128117 CET	60618	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:26.040046930 CET	58431	60618	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:26.040103912 CET	60618	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:26.040849924 CET	60618	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:26.045708895 CET	58431	60618	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:27.693886042 CET	58431	60618	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:27.694060087 CET	60618	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:27.698951006 CET	58431	60618	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:27.703020096 CET	60620	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:27.707942009 CET	58431	60620	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:27.708019972 CET	60620	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:27.708946943 CET	60620	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:27.713881016 CET	58431	60620	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:29.335171938 CET	58431	60620	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:29.335375071 CET	60620	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:29.340358019 CET	58431	60620	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:29.345124006 CET	60622	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:29.350075960 CET	58431	60622	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:29.350135088 CET	60622	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:29.351142883 CET	60622	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:29.355957985 CET	58431	60622	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:30.975722075 CET	58431	60622	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:30.976069927 CET	60622	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:30.981086969 CET	58431	60622	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:30.984601974 CET	60624	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:30.989588022 CET	58431	60624	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:30.989644051 CET	60624	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:30.990277052 CET	60624	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:30.995270967 CET	58431	60624	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:32.637253046 CET	58431	60624	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:32.637432098 CET	60624	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:32.642369986 CET	58431	60624	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:32.646737099 CET	60626	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:32.651635885 CET	58431	60626	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:32.651700974 CET	60626	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:32.652578115 CET	60626	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:32.657452106 CET	58431	60626	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:34.406706095 CET	58431	60626	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:34.406985044 CET	60626	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:34.411936998 CET	58431	60626	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:34.415644884 CET	60628	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:34.420547009 CET	58431	60628	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:34.420603037 CET	60628	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:34.421576977 CET	60628	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:34.426403999 CET	58431	60628	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:36.073985100 CET	58431	60628	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:36.074160099 CET	60628	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:36.079092979 CET	58431	60628	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:36.082799911 CET	60630	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:36.087660074 CET	58431	60630	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:36.087718964 CET	60630	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:36.088768005 CET	60630	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:36.093671083 CET	58431	60630	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:37.729747057 CET	58431	60630	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:37.730004072 CET	60630	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:37.734759092 CET	58431	60630	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:37.738590002 CET	60632	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:37.743443966 CET	58431	60632	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:37.743526936 CET	60632	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:37.744539022 CET	60632	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:37.749344110 CET	58431	60632	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:39.400984049 CET	58431	60632	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:39.401127100 CET	60632	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:39.406052113 CET	58431	60632	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:39.410196066 CET	60634	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:39.415087938 CET	58431	60634	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:39.415144920 CET	60634	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:39.416169882 CET	60634	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:39.420939922 CET	58431	60634	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:41.057213068 CET	58431	60634	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:41.057373047 CET	60634	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:41.062305927 CET	58431	60634	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:41.065896988 CET	60636	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:41.070795059 CET	58431	60636	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:41.070854902 CET	60636	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:41.071611881 CET	60636	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:41.076458931 CET	58431	60636	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:42.713618994 CET	58431	60636	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:42.713759899 CET	60636	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:42.720807076 CET	58431	60636	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:42.724312067 CET	60638	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:42.729177952 CET	58431	60638	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:42.729238033 CET	60638	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:42.730001926 CET	60638	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:42.734915972 CET	58431	60638	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:44.366625071 CET	58431	60638	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:44.366775990 CET	60638	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:44.371711016 CET	58431	60638	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:44.374979019 CET	60640	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:44.379818916 CET	58431	60640	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:44.379879951 CET	60640	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:44.380676985 CET	60640	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:44.385504961 CET	58431	60640	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:46.055170059 CET	58431	60640	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:46.055473089 CET	60640	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:46.060461044 CET	58431	60640	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:46.063723087 CET	60642	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:46.068618059 CET	58431	60642	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:46.068674088 CET	60642	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:46.069385052 CET	60642	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:46.074235916 CET	58431	60642	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:47.694375992 CET	58431	60642	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:47.694547892 CET	60642	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:47.699496984 CET	58431	60642	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:47.703175068 CET	60644	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:47.708148003 CET	58431	60644	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:47.708211899 CET	60644	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:47.708787918 CET	60644	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:47.713588953 CET	58431	60644	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:49.351531982 CET	58431	60644	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:49.351703882 CET	60644	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:49.356631994 CET	58431	60644	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:49.360688925 CET	60646	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:49.365588903 CET	58431	60646	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:49.365657091 CET	60646	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:49.366318941 CET	60646	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:49.371185064 CET	58431	60646	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:51.024877071 CET	58431	60646	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:51.025068045 CET	60646	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:51.030016899 CET	58431	60646	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:51.033523083 CET	60648	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:51.038485050 CET	58431	60648	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:51.038548946 CET	60648	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:51.039288998 CET	60648	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:51.044214010 CET	58431	60648	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:52.694683075 CET	58431	60648	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:52.694901943 CET	60648	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:52.699840069 CET	58431	60648	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:52.856939077 CET	60650	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:52.861850977 CET	58431	60650	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:52.861951113 CET	60650	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:52.862699986 CET	60650	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:52.867638111 CET	58431	60650	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:54.524533987 CET	58431	60650	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:54.524789095 CET	60650	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:54.529647112 CET	58431	60650	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:54.532819986 CET	60652	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:54.537702084 CET	58431	60652	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:54.537775040 CET	60652	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:54.538393021 CET	60652	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:54.543275118 CET	58431	60652	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:56.164845943 CET	58431	60652	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:56.165024996 CET	60652	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:56.169955969 CET	58431	60652	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:56.173139095 CET	60654	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:56.177970886 CET	58431	60654	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:56.178039074 CET	60654	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:56.178639889 CET	60654	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:56.183459997 CET	58431	60654	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:57.823438883 CET	58431	60654	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:57.823685884 CET	60654	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:57.828583956 CET	58431	60654	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:57.831432104 CET	60656	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:57.836272001 CET	58431	60656	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:57.836323977 CET	60656	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:57.836945057 CET	60656	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:57.841767073 CET	58431	60656	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:59.476666927 CET	58431	60656	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:59.476866007 CET	60656	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:59.481838942 CET	58431	60656	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:59.485126972 CET	60658	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:59.490087986 CET	58431	60658	107.189.4.201	192.168.2.23
Jan 11, 2025 14:47:59.490149975 CET	60658	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:59.490787983 CET	60658	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:47:59.495615959 CET	58431	60658	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:01.148066998 CET	58431	60658	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:01.148335934 CET	60658	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:01.153261900 CET	58431	60658	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:01.156555891 CET	60660	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:01.161410093 CET	58431	60660	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:01.161461115 CET	60660	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:01.162040949 CET	60660	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:01.166886091 CET	58431	60660	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:02.807383060 CET	58431	60660	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:02.807523012 CET	60660	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:02.812388897 CET	58431	60660	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:02.815711975 CET	60662	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:02.820563078 CET	58431	60662	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:02.820616961 CET	60662	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:02.821186066 CET	60662	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:02.826903105 CET	58431	60662	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:04.462202072 CET	58431	60662	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:04.462619066 CET	60662	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:04.469257116 CET	58431	60662	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:04.472918987 CET	60664	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:04.479145050 CET	58431	60664	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:04.479208946 CET	60664	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:04.480278969 CET	60664	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:04.485136986 CET	58431	60664	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:06.136445045 CET	58431	60664	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:06.136641026 CET	60664	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:06.141654968 CET	58431	60664	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:06.144153118 CET	60666	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:06.149219036 CET	58431	60666	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:06.149267912 CET	60666	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:06.149851084 CET	60666	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:06.154675961 CET	58431	60666	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:07.807385921 CET	58431	60666	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:07.807554007 CET	60666	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:07.812405109 CET	58431	60666	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:07.815362930 CET	60668	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:07.820611954 CET	58431	60668	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:07.820662975 CET	60668	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:07.821259975 CET	60668	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:07.826065063 CET	58431	60668	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:09.473999977 CET	58431	60668	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:09.474134922 CET	60668	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:09.479110956 CET	58431	60668	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:09.482373953 CET	60670	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:09.487282991 CET	58431	60670	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:09.487344980 CET	60670	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:09.488156080 CET	60670	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:09.493012905 CET	58431	60670	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:11.134708881 CET	58431	60670	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:11.134963036 CET	60670	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:11.139867067 CET	58431	60670	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:11.144859076 CET	60672	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:11.149784088 CET	58431	60672	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:11.149844885 CET	60672	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:11.150747061 CET	60672	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:11.155584097 CET	58431	60672	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:12.790821075 CET	58431	60672	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:12.790941000 CET	60672	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:12.795917034 CET	58431	60672	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:12.799091101 CET	60674	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:12.803983927 CET	58431	60674	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:12.804039955 CET	60674	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:12.804547071 CET	60674	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:12.809443951 CET	58431	60674	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:14.449305058 CET	58431	60674	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:14.449445009 CET	60674	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:14.454374075 CET	58431	60674	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:14.457659960 CET	60676	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:14.462608099 CET	58431	60676	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:14.462718964 CET	60676	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:14.463270903 CET	60676	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:14.468152046 CET	58431	60676	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:16.133724928 CET	58431	60676	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:16.133873940 CET	60676	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:16.138818026 CET	58431	60676	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:16.142005920 CET	60678	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:16.146912098 CET	58431	60678	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:16.147010088 CET	60678	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:16.147552013 CET	60678	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:16.152441025 CET	58431	60678	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:17.793811083 CET	58431	60678	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:17.793970108 CET	60678	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:17.798959970 CET	58431	60678	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:17.802534103 CET	60680	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:17.807424068 CET	58431	60680	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:17.807492971 CET	60680	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:17.808063030 CET	60680	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:17.812912941 CET	58431	60680	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:19.473944902 CET	58431	60680	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:19.474271059 CET	60680	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:19.479223967 CET	58431	60680	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:19.482903004 CET	60682	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:19.487839937 CET	58431	60682	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:19.487915039 CET	60682	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:19.488895893 CET	60682	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:19.493731022 CET	58431	60682	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:21.117641926 CET	58431	60682	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:21.117780924 CET	60682	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:21.122744083 CET	58431	60682	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:21.126518965 CET	60684	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:21.131418943 CET	58431	60684	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:21.131485939 CET	60684	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:21.132399082 CET	60684	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:21.137288094 CET	58431	60684	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:22.795846939 CET	58431	60684	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:22.796041965 CET	60684	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:22.800890923 CET	58431	60684	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:22.803955078 CET	60686	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:22.808780909 CET	58431	60686	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:22.808836937 CET	60686	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:22.809478045 CET	60686	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:22.814270020 CET	58431	60686	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:24.474224091 CET	58431	60686	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:24.474499941 CET	60686	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:24.479343891 CET	58431	60686	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:24.483320951 CET	60688	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:24.488195896 CET	58431	60688	107.189.4.201	192.168.2.23
Jan 11, 2025 14:48:24.488245010 CET	60688	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:24.488996029 CET	60688	58431	192.168.2.23	107.189.4.201
Jan 11, 2025 14:48:24.493720055 CET	58431	60688	107.189.4.201	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 14:46:20.621429920 CET	43897	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:20.750608921 CET	53	43897	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:22.400115967 CET	37540	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:22.407104015 CET	53	37540	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:24.065073013 CET	54194	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:24.167109966 CET	53	54194	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:25.824316025 CET	43260	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:25.831480980 CET	53	43260	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:27.478777885 CET	34093	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:27.635440111 CET	53	34093	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:29.273312092 CET	56520	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:29.377567053 CET	53	56520	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:31.209656954 CET	34682	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:31.363796949 CET	53	34682	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:33.168548107 CET	49304	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:33.330193996 CET	53	49304	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:34.990176916 CET	41091	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:34.997399092 CET	53	41091	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:36.715537071 CET	45618	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:36.722652912 CET	53	45618	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:38.367058992 CET	50725	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:38.374140024 CET	53	50725	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:40.041610003 CET	44023	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:40.049201012 CET	53	44023	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:41.729561090 CET	34573	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:41.736674070 CET	53	34573	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:43.382596016 CET	37969	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:43.389409065 CET	53	37969	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:45.041909933 CET	33391	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:45.049041033 CET	53	33391	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:46.694963932 CET	35097	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:46.701977015 CET	53	35097	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:48.366228104 CET	48596	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:48.373009920 CET	53	48596	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:50.007255077 CET	57108	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:50.015105009 CET	53	57108	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:51.668620110 CET	56889	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:51.675709963 CET	53	56889	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:53.320355892 CET	54381	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:53.327518940 CET	53	54381	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:55.009826899 CET	60766	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:55.016617060 CET	53	60766	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:56.667397022 CET	50905	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:56.794346094 CET	53	50905	8.8.8.8	192.168.2.23
Jan 11, 2025 14:46:58.448060036 CET	35997	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:46:58.454880953 CET	53	35997	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:00.118093967 CET	50143	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:00.125576019 CET	53	50143	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:01.773888111 CET	36873	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:01.924236059 CET	53	36873	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:03.607623100 CET	54346	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:03.614653111 CET	53	54346	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:05.275428057 CET	37902	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:05.282536030 CET	53	37902	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:06.933424950 CET	48852	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:06.940171957 CET	53	48852	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:08.585803032 CET	43859	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:08.593051910 CET	53	43859	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:10.264503002 CET	51495	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:10.273339033 CET	53	51495	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:11.934591055 CET	48986	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:11.941468954 CET	53	48986	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:13.649164915 CET	44445	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:13.656109095 CET	53	44445	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:15.289163113 CET	34496	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:15.296089888 CET	53	34496	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:16.950166941 CET	48299	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:17.099857092 CET	53	48299	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:18.742273092 CET	34032	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:18.749217987 CET	53	34032	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:21.033874035 CET	35386	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:21.040766001 CET	53	35386	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:22.699379921 CET	58448	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:22.706322908 CET	53	58448	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:24.369143009 CET	34905	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:24.376621962 CET	53	34905	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:26.027786016 CET	34150	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:26.034706116 CET	53	34150	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:27.695487022 CET	56851	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:27.702472925 CET	53	56851	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:29.336658955 CET	36963	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:29.344540119 CET	53	36963	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:30.977018118 CET	38387	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:30.984201908 CET	53	38387	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:32.638648987 CET	37906	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:32.646220922 CET	53	37906	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:34.408343077 CET	50430	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:34.415095091 CET	53	50430	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:36.075712919 CET	60724	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:36.082252979 CET	53	60724	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:37.731483936 CET	38304	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:37.738065004 CET	53	38304	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:39.402626991 CET	41129	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:39.409677982 CET	53	41129	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:41.058438063 CET	45095	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:41.065495014 CET	53	45095	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:42.714827061 CET	39981	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:42.723799944 CET	53	39981	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:44.367813110 CET	54335	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:44.374564886 CET	53	54335	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:46.056243896 CET	47367	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:46.063301086 CET	53	47367	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:47.695328951 CET	35315	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:47.702836037 CET	53	35315	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:49.352622986 CET	56025	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:49.360256910 CET	53	56025	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:51.026021004 CET	33435	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:51.033071041 CET	53	33435	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:52.695920944 CET	40051	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:52.856327057 CET	53	40051	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:54.525527954 CET	54197	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:54.532468081 CET	53	54197	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:56.165873051 CET	49419	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:56.172739983 CET	53	49419	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:57.824357986 CET	55119	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:57.831084013 CET	53	55119	8.8.8.8	192.168.2.23
Jan 11, 2025 14:47:59.477729082 CET	56739	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:47:59.484755039 CET	53	56739	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:01.149005890 CET	41949	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:01.156239033 CET	53	41949	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:02.808240891 CET	42892	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:02.815401077 CET	53	42892	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:04.464073896 CET	54475	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:04.472337008 CET	53	54475	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:06.137382030 CET	49167	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:06.143820047 CET	53	49167	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:07.808557034 CET	51600	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:07.815032005 CET	53	51600	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:09.474993944 CET	52520	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:09.482031107 CET	53	52520	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:11.136070013 CET	46731	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:11.144340038 CET	53	46731	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:12.791671991 CET	33180	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:12.798790932 CET	53	33180	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:14.450206041 CET	51272	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:14.457346916 CET	53	51272	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:16.134618998 CET	45531	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:16.141693115 CET	53	45531	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:17.794841051 CET	34040	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:17.802181959 CET	53	34040	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:19.475548983 CET	53569	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:19.482361078 CET	53	53569	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:21.118942976 CET	48991	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:21.126025915 CET	53	48991	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:22.796720982 CET	58910	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:22.803611994 CET	53	58910	8.8.8.8	192.168.2.23
Jan 11, 2025 14:48:24.475429058 CET	54550	53	192.168.2.23	8.8.8.8
Jan 11, 2025 14:48:24.482784033 CET	53	54550	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 11, 2025 14:46:20.621429920 CET	192.168.2.23	8.8.8.8	0xdca8	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:22.400115967 CET	192.168.2.23	8.8.8.8	0xdae3	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:24.065073013 CET	192.168.2.23	8.8.8.8	0x6f8a	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:25.824316025 CET	192.168.2.23	8.8.8.8	0xfb3f	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:27.478777885 CET	192.168.2.23	8.8.8.8	0x7480	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:29.273312092 CET	192.168.2.23	8.8.8.8	0xa985	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:31.209656954 CET	192.168.2.23	8.8.8.8	0x9f0a	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:33.168548107 CET	192.168.2.23	8.8.8.8	0x3b72	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:34.990176916 CET	192.168.2.23	8.8.8.8	0xe495	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:36.715537071 CET	192.168.2.23	8.8.8.8	0x577	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:38.367058992 CET	192.168.2.23	8.8.8.8	0xae89	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:40.041610003 CET	192.168.2.23	8.8.8.8	0xfe21	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:41.729561090 CET	192.168.2.23	8.8.8.8	0x4bce	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:43.382596016 CET	192.168.2.23	8.8.8.8	0x51c2	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:45.041909933 CET	192.168.2.23	8.8.8.8	0x82ee	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:46.694963932 CET	192.168.2.23	8.8.8.8	0x610d	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:48.366228104 CET	192.168.2.23	8.8.8.8	0x7396	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:50.007255077 CET	192.168.2.23	8.8.8.8	0xf56c	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:51.668620110 CET	192.168.2.23	8.8.8.8	0x2a5d	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:53.320355892 CET	192.168.2.23	8.8.8.8	0xd899	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:55.009826899 CET	192.168.2.23	8.8.8.8	0x8c6e	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:56.667397022 CET	192.168.2.23	8.8.8.8	0x9abb	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:58.448060036 CET	192.168.2.23	8.8.8.8	0x3669	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:00.118093967 CET	192.168.2.23	8.8.8.8	0x96bc	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:01.773888111 CET	192.168.2.23	8.8.8.8	0x36d8	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:03.607623100 CET	192.168.2.23	8.8.8.8	0x941a	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:05.275428057 CET	192.168.2.23	8.8.8.8	0x5d33	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:06.933424950 CET	192.168.2.23	8.8.8.8	0xb7c2	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:08.585803032 CET	192.168.2.23	8.8.8.8	0xdd35	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:10.264503002 CET	192.168.2.23	8.8.8.8	0xf188	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:11.934591055 CET	192.168.2.23	8.8.8.8	0xf09a	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:13.649164915 CET	192.168.2.23	8.8.8.8	0x96b1	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:15.289163113 CET	192.168.2.23	8.8.8.8	0x3590	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:16.950166941 CET	192.168.2.23	8.8.8.8	0xd154	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:18.742273092 CET	192.168.2.23	8.8.8.8	0xf91d	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:21.033874035 CET	192.168.2.23	8.8.8.8	0xf071	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:22.699379921 CET	192.168.2.23	8.8.8.8	0x3118	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:24.369143009 CET	192.168.2.23	8.8.8.8	0x8d56	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:26.027786016 CET	192.168.2.23	8.8.8.8	0x14bf	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:27.695487022 CET	192.168.2.23	8.8.8.8	0x539c	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:29.336658955 CET	192.168.2.23	8.8.8.8	0x8079	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:30.977018118 CET	192.168.2.23	8.8.8.8	0xe1be	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:32.638648987 CET	192.168.2.23	8.8.8.8	0xf325	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:34.408343077 CET	192.168.2.23	8.8.8.8	0xbb4e	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:36.075712919 CET	192.168.2.23	8.8.8.8	0xcc16	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:37.731483936 CET	192.168.2.23	8.8.8.8	0x172d	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:39.402626991 CET	192.168.2.23	8.8.8.8	0x8275	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:41.058438063 CET	192.168.2.23	8.8.8.8	0x2635	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:42.714827061 CET	192.168.2.23	8.8.8.8	0x24d2	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:44.367813110 CET	192.168.2.23	8.8.8.8	0x38ed	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:46.056243896 CET	192.168.2.23	8.8.8.8	0xfa80	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:47.695328951 CET	192.168.2.23	8.8.8.8	0x944a	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:49.352622986 CET	192.168.2.23	8.8.8.8	0x3f5	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:51.026021004 CET	192.168.2.23	8.8.8.8	0x19b4	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:52.695920944 CET	192.168.2.23	8.8.8.8	0x7ccc	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:54.525527954 CET	192.168.2.23	8.8.8.8	0xc86a	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:56.165873051 CET	192.168.2.23	8.8.8.8	0x30f6	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:57.824357986 CET	192.168.2.23	8.8.8.8	0x1c99	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:59.477729082 CET	192.168.2.23	8.8.8.8	0xf696	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:01.149005890 CET	192.168.2.23	8.8.8.8	0x4a38	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:02.808240891 CET	192.168.2.23	8.8.8.8	0x77d1	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:04.464073896 CET	192.168.2.23	8.8.8.8	0x4715	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:06.137382030 CET	192.168.2.23	8.8.8.8	0x9947	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:07.808557034 CET	192.168.2.23	8.8.8.8	0x794b	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:09.474993944 CET	192.168.2.23	8.8.8.8	0xd6ca	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:11.136070013 CET	192.168.2.23	8.8.8.8	0xfa19	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:12.791671991 CET	192.168.2.23	8.8.8.8	0xe1f4	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:14.450206041 CET	192.168.2.23	8.8.8.8	0xefbf	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:16.134618998 CET	192.168.2.23	8.8.8.8	0xfdfc	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:17.794841051 CET	192.168.2.23	8.8.8.8	0xef0c	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:19.475548983 CET	192.168.2.23	8.8.8.8	0x103a	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:21.118942976 CET	192.168.2.23	8.8.8.8	0x620b	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:22.796720982 CET	192.168.2.23	8.8.8.8	0x9e28	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:24.475429058 CET	192.168.2.23	8.8.8.8	0xce8a	Standard query (0)	update.byeux.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 11, 2025 14:46:20.750608921 CET	8.8.8.8	192.168.2.23	0xdca8	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:22.407104015 CET	8.8.8.8	192.168.2.23	0xdae3	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:24.167109966 CET	8.8.8.8	192.168.2.23	0x6f8a	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:25.831480980 CET	8.8.8.8	192.168.2.23	0xfb3f	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:27.635440111 CET	8.8.8.8	192.168.2.23	0x7480	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:29.377567053 CET	8.8.8.8	192.168.2.23	0xa985	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:31.363796949 CET	8.8.8.8	192.168.2.23	0x9f0a	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:33.330193996 CET	8.8.8.8	192.168.2.23	0x3b72	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:34.997399092 CET	8.8.8.8	192.168.2.23	0xe495	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:36.722652912 CET	8.8.8.8	192.168.2.23	0x577	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:38.374140024 CET	8.8.8.8	192.168.2.23	0xae89	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:40.049201012 CET	8.8.8.8	192.168.2.23	0xfe21	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:41.736674070 CET	8.8.8.8	192.168.2.23	0x4bce	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:43.389409065 CET	8.8.8.8	192.168.2.23	0x51c2	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:45.049041033 CET	8.8.8.8	192.168.2.23	0x82ee	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:46.701977015 CET	8.8.8.8	192.168.2.23	0x610d	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:48.373009920 CET	8.8.8.8	192.168.2.23	0x7396	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:50.015105009 CET	8.8.8.8	192.168.2.23	0xf56c	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:51.675709963 CET	8.8.8.8	192.168.2.23	0x2a5d	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:53.327518940 CET	8.8.8.8	192.168.2.23	0xd899	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:55.016617060 CET	8.8.8.8	192.168.2.23	0x8c6e	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:56.794346094 CET	8.8.8.8	192.168.2.23	0x9abb	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:46:58.454880953 CET	8.8.8.8	192.168.2.23	0x3669	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:00.125576019 CET	8.8.8.8	192.168.2.23	0x96bc	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:01.924236059 CET	8.8.8.8	192.168.2.23	0x36d8	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:03.614653111 CET	8.8.8.8	192.168.2.23	0x941a	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:05.282536030 CET	8.8.8.8	192.168.2.23	0x5d33	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:06.940171957 CET	8.8.8.8	192.168.2.23	0xb7c2	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:08.593051910 CET	8.8.8.8	192.168.2.23	0xdd35	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:10.273339033 CET	8.8.8.8	192.168.2.23	0xf188	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:11.941468954 CET	8.8.8.8	192.168.2.23	0xf09a	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:13.656109095 CET	8.8.8.8	192.168.2.23	0x96b1	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:15.296089888 CET	8.8.8.8	192.168.2.23	0x3590	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:17.099857092 CET	8.8.8.8	192.168.2.23	0xd154	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:18.749217987 CET	8.8.8.8	192.168.2.23	0xf91d	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:21.040766001 CET	8.8.8.8	192.168.2.23	0xf071	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:22.706322908 CET	8.8.8.8	192.168.2.23	0x3118	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:24.376621962 CET	8.8.8.8	192.168.2.23	0x8d56	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:26.034706116 CET	8.8.8.8	192.168.2.23	0x14bf	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:27.702472925 CET	8.8.8.8	192.168.2.23	0x539c	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:29.344540119 CET	8.8.8.8	192.168.2.23	0x8079	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:30.984201908 CET	8.8.8.8	192.168.2.23	0xe1be	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:32.646220922 CET	8.8.8.8	192.168.2.23	0xf325	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:34.415095091 CET	8.8.8.8	192.168.2.23	0xbb4e	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:36.082252979 CET	8.8.8.8	192.168.2.23	0xcc16	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:37.738065004 CET	8.8.8.8	192.168.2.23	0x172d	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:39.409677982 CET	8.8.8.8	192.168.2.23	0x8275	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:41.065495014 CET	8.8.8.8	192.168.2.23	0x2635	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:42.723799944 CET	8.8.8.8	192.168.2.23	0x24d2	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:44.374564886 CET	8.8.8.8	192.168.2.23	0x38ed	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:46.063301086 CET	8.8.8.8	192.168.2.23	0xfa80	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:47.702836037 CET	8.8.8.8	192.168.2.23	0x944a	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:49.360256910 CET	8.8.8.8	192.168.2.23	0x3f5	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:51.033071041 CET	8.8.8.8	192.168.2.23	0x19b4	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:52.856327057 CET	8.8.8.8	192.168.2.23	0x7ccc	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:54.532468081 CET	8.8.8.8	192.168.2.23	0xc86a	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:56.172739983 CET	8.8.8.8	192.168.2.23	0x30f6	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:57.831084013 CET	8.8.8.8	192.168.2.23	0x1c99	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:47:59.484755039 CET	8.8.8.8	192.168.2.23	0xf696	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:01.156239033 CET	8.8.8.8	192.168.2.23	0x4a38	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:02.815401077 CET	8.8.8.8	192.168.2.23	0x77d1	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:04.472337008 CET	8.8.8.8	192.168.2.23	0x4715	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:06.143820047 CET	8.8.8.8	192.168.2.23	0x9947	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:07.815032005 CET	8.8.8.8	192.168.2.23	0x794b	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:09.482031107 CET	8.8.8.8	192.168.2.23	0xd6ca	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:11.144340038 CET	8.8.8.8	192.168.2.23	0xfa19	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:12.798790932 CET	8.8.8.8	192.168.2.23	0xe1f4	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:14.457346916 CET	8.8.8.8	192.168.2.23	0xefbf	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:16.141693115 CET	8.8.8.8	192.168.2.23	0xfdfc	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:17.802181959 CET	8.8.8.8	192.168.2.23	0xef0c	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:19.482361078 CET	8.8.8.8	192.168.2.23	0x103a	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:21.126025915 CET	8.8.8.8	192.168.2.23	0x620b	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:22.803611994 CET	8.8.8.8	192.168.2.23	0x9e28	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false
Jan 11, 2025 14:48:24.482784033 CET	8.8.8.8	192.168.2.23	0xce8a	No error (0)	update.byeux.com	107.189.4.201	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: spc.elf PID: 6265, Parent PID: 6189

General

Start time (UTC):	13:46:19
Start date (UTC):	11/01/2025
Path:	/tmp/spc.elf
Arguments:	/tmp/spc.elf
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: spc.elf PID: 6267, Parent PID: 6265

General

Start time (UTC):	13:46:19
Start date (UTC):	11/01/2025
Path:	/tmp/spc.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: spc.elf PID: 6269, Parent PID: 6267

General

Start time (UTC):	13:46:19
Start date (UTC):	11/01/2025
Path:	/tmp/spc.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: spc.elf PID: 6270, Parent PID: 6267

General

Start time (UTC):	13:46:19
Start date (UTC):	11/01/2025
Path:	/tmp/spc.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: spc.elf PID: 6273, Parent PID: 6270

General

Start time (UTC):	13:46:19
Start date (UTC):	11/01/2025
Path:	/tmp/spc.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: dash PID: 6280, Parent PID: 4331

General

Start time (UTC):	13:46:29
Start date (UTC):	11/01/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6280, Parent PID: 4331

General

Start time (UTC):	13:46:29
Start date (UTC):	11/01/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.lmaZ6NiHPq /tmp/tmp.Hdcvw0I1J0 /tmp/tmp.EKhH8LMmJS
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6281, Parent PID: 4331

General

Start time (UTC):	13:46:30
Start date (UTC):	11/01/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6281, Parent PID: 4331

General

Start time (UTC):	13:46:30
Start date (UTC):	11/01/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.lmaZ6NiHPq /tmp/tmp.Hdcvw0I1J0 /tmp/tmp.EKhH8LMmJS
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report spc.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: spc.elf PID: 6265, Parent PID: 6189

General

Chronological Activities

Analysis Process: spc.elf PID: 6267, Parent PID: 6265

General

Chronological Activities

Analysis Process: spc.elf PID: 6269, Parent PID: 6267

General

Chronological Activities

Analysis Process: spc.elf PID: 6270, Parent PID: 6267

General

Chronological Activities

Analysis Process: spc.elf PID: 6273, Parent PID: 6270

General

Chronological Activities

Analysis Process: dash PID: 6280, Parent PID: 4331

Linux Analysis Report
spc.elf