Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Kloki.arm7.elf

Overview

General Information

Sample name:Kloki.arm7.elf
Analysis ID:1590970
MD5:a067e5cb4a56908848598d0123853fee
SHA1:3f8eeb9f34581ea06fcc4c1b4a87f6c42c181bb0
SHA256:e3dabac03107e604decfe855df5ea922e44fad1bf55382472a3ab9d949ebcca7
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1590970
Start date and time:2025-01-14 16:51:01 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 48s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.arm7.elf
Detection:MAL
Classification:mal52.spre.linELF@0/0@1/0
Command:/tmp/Kloki.arm7.elf
PID:6239
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:
  • system is lnxubuntu20
  • sh (PID: 6266, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
  • sh (PID: 6270, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 6270, Parent: 1477, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • sh (PID: 6272, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • sh (PID: 6273, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gdm3 New Fork (PID: 6274, Parent: 1320)
  • Default (PID: 6274, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6276, Parent: 1320)
  • Default (PID: 6276, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • cleanup
No yara matches
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-14T16:51:52.361612+010025000342Misc Attack83.222.191.9013566192.168.2.2342736TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Kloki.arm7.elfVirustotal: Detection: 17%Perma Link
Source: Kloki.arm7.elfReversingLabs: Detection: 18%
Source: global trafficTCP traffic: 192.168.2.23:38168 -> 83.222.110.78:13566
Source: global trafficTCP traffic: 192.168.2.23:34448 -> 83.222.123.54:13566
Source: global trafficTCP traffic: 192.168.2.23:45342 -> 83.222.143.100:13566
Source: global trafficTCP traffic: 192.168.2.23:40514 -> 83.222.93.23:13566
Source: global trafficTCP traffic: 192.168.2.23:43788 -> 83.222.193.24:13566
Source: global trafficTCP traffic: 192.168.2.23:35218 -> 83.222.168.123:13566
Source: global trafficTCP traffic: 192.168.2.23:42224 -> 83.222.158.114:13566
Source: global trafficTCP traffic: 192.168.2.23:53476 -> 83.222.82.195:13566
Source: global trafficTCP traffic: 192.168.2.23:58174 -> 83.222.99.233:13566
Source: global trafficTCP traffic: 192.168.2.23:41838 -> 83.222.57.125:13566
Source: global trafficTCP traffic: 192.168.2.23:54264 -> 83.222.210.231:13566
Source: global trafficTCP traffic: 192.168.2.23:60552 -> 83.222.29.46:13566
Source: global trafficTCP traffic: 192.168.2.23:55318 -> 83.222.195.62:13566
Source: global trafficTCP traffic: 192.168.2.23:55760 -> 83.222.153.36:13566
Source: global trafficTCP traffic: 192.168.2.23:39036 -> 83.222.208.169:13566
Source: global trafficTCP traffic: 192.168.2.23:44596 -> 83.222.212.63:13566
Source: global trafficTCP traffic: 192.168.2.23:57550 -> 83.222.247.79:13566
Source: global trafficTCP traffic: 192.168.2.23:58866 -> 83.222.117.134:13566
Source: global trafficTCP traffic: 192.168.2.23:52500 -> 83.222.179.211:13566
Source: global trafficTCP traffic: 192.168.2.23:37166 -> 83.222.158.116:13566
Source: global trafficTCP traffic: 192.168.2.23:35478 -> 83.222.235.70:13566
Source: global trafficTCP traffic: 192.168.2.23:57438 -> 83.222.239.137:13566
Source: global trafficTCP traffic: 192.168.2.23:44676 -> 83.222.184.65:13566
Source: global trafficTCP traffic: 192.168.2.23:34574 -> 83.222.77.27:13566
Source: global trafficTCP traffic: 192.168.2.23:38114 -> 83.222.43.134:13566
Source: global trafficTCP traffic: 192.168.2.23:34546 -> 83.222.153.253:13566
Source: global trafficTCP traffic: 192.168.2.23:38314 -> 83.222.109.182:13566
Source: global trafficTCP traffic: 192.168.2.23:33776 -> 83.222.43.48:13566
Source: global trafficTCP traffic: 192.168.2.23:57946 -> 83.222.244.196:13566
Source: global trafficTCP traffic: 192.168.2.23:42908 -> 83.222.84.197:13566
Source: global trafficTCP traffic: 192.168.2.23:53258 -> 83.222.109.41:13566
Source: global trafficTCP traffic: 192.168.2.23:48090 -> 83.222.4.101:13566
Source: global trafficTCP traffic: 192.168.2.23:54626 -> 83.222.120.121:13566
Source: global trafficTCP traffic: 192.168.2.23:48900 -> 83.222.235.44:13566
Source: global trafficTCP traffic: 192.168.2.23:45300 -> 83.222.76.137:13566
Source: global trafficTCP traffic: 192.168.2.23:41506 -> 83.222.160.55:13566
Source: global trafficTCP traffic: 192.168.2.23:40664 -> 83.222.208.144:13566
Source: global trafficTCP traffic: 192.168.2.23:56610 -> 83.222.193.136:13566
Source: global trafficTCP traffic: 192.168.2.23:44244 -> 83.222.209.14:13566
Source: global trafficTCP traffic: 192.168.2.23:42950 -> 83.222.164.252:13566
Source: global trafficTCP traffic: 192.168.2.23:50000 -> 83.222.148.61:13566
Source: global trafficTCP traffic: 192.168.2.23:33858 -> 83.222.249.1:13566
Source: global trafficTCP traffic: 192.168.2.23:48684 -> 83.222.243.37:13566
Source: global trafficTCP traffic: 192.168.2.23:59454 -> 83.222.50.231:13566
Source: global trafficTCP traffic: 192.168.2.23:59306 -> 83.222.233.134:13566
Source: global trafficTCP traffic: 192.168.2.23:37804 -> 83.222.172.87:13566
Source: global trafficTCP traffic: 192.168.2.23:59352 -> 83.222.175.176:13566
Source: global trafficTCP traffic: 192.168.2.23:53862 -> 83.222.188.40:13566
Source: global trafficTCP traffic: 192.168.2.23:33654 -> 83.222.42.167:13566
Source: global trafficTCP traffic: 192.168.2.23:39630 -> 83.222.84.118:13566
Source: global trafficTCP traffic: 192.168.2.23:44562 -> 83.222.49.244:13566
Source: global trafficTCP traffic: 192.168.2.23:42402 -> 83.222.174.1:13566
Source: global trafficTCP traffic: 192.168.2.23:38598 -> 83.222.132.111:13566
Source: global trafficTCP traffic: 192.168.2.23:42558 -> 83.222.137.86:13566
Source: global trafficTCP traffic: 192.168.2.23:47138 -> 83.222.125.45:13566
Source: global trafficTCP traffic: 192.168.2.23:54288 -> 83.222.82.17:13566
Source: global trafficTCP traffic: 192.168.2.23:46864 -> 83.222.106.76:13566
Source: global trafficTCP traffic: 192.168.2.23:46228 -> 83.222.18.93:13566
Source: global trafficTCP traffic: 192.168.2.23:41150 -> 83.222.113.68:13566
Source: global trafficTCP traffic: 192.168.2.23:34208 -> 83.222.69.90:13566
Source: global trafficTCP traffic: 192.168.2.23:50266 -> 83.222.203.241:13566
Source: global trafficTCP traffic: 192.168.2.23:43844 -> 83.222.177.122:13566
Source: global trafficTCP traffic: 192.168.2.23:57754 -> 83.222.162.109:13566
Source: global trafficTCP traffic: 192.168.2.23:49470 -> 83.222.162.204:13566
Source: global trafficTCP traffic: 192.168.2.23:51506 -> 83.222.21.246:13566
Source: global trafficTCP traffic: 192.168.2.23:47696 -> 83.222.66.70:13566
Source: global trafficTCP traffic: 192.168.2.23:48632 -> 83.222.235.240:13566
Source: global trafficTCP traffic: 192.168.2.23:54692 -> 83.222.71.111:13566
Source: global trafficTCP traffic: 192.168.2.23:37494 -> 83.222.95.208:13566
Source: global trafficTCP traffic: 192.168.2.23:42100 -> 83.222.197.220:13566
Source: global trafficTCP traffic: 192.168.2.23:42570 -> 83.222.254.24:13566
Source: global trafficTCP traffic: 192.168.2.23:37224 -> 83.222.237.104:13566
Source: global trafficTCP traffic: 192.168.2.23:58196 -> 83.222.100.0:13566
Source: global trafficTCP traffic: 192.168.2.23:54594 -> 83.222.198.213:13566
Source: global trafficTCP traffic: 192.168.2.23:37350 -> 83.222.68.11:13566
Source: global trafficTCP traffic: 192.168.2.23:56110 -> 83.222.47.15:13566
Source: global trafficTCP traffic: 192.168.2.23:59512 -> 83.222.252.225:13566
Source: global trafficTCP traffic: 192.168.2.23:36802 -> 83.222.138.158:13566
Source: global trafficTCP traffic: 192.168.2.23:36554 -> 83.222.78.44:13566
Source: global trafficTCP traffic: 192.168.2.23:44682 -> 83.222.106.99:13566
Source: global trafficTCP traffic: 192.168.2.23:35860 -> 83.222.35.173:13566
Source: global trafficTCP traffic: 192.168.2.23:58884 -> 83.222.169.14:13566
Source: global trafficTCP traffic: 192.168.2.23:33992 -> 83.222.157.240:13566
Source: global trafficTCP traffic: 192.168.2.23:49278 -> 83.222.125.253:13566
Source: global trafficTCP traffic: 192.168.2.23:48322 -> 83.222.193.67:13566
Source: global trafficTCP traffic: 192.168.2.23:48104 -> 83.222.217.191:13566
Source: global trafficTCP traffic: 192.168.2.23:53686 -> 83.222.91.199:13566
Source: global trafficTCP traffic: 192.168.2.23:37198 -> 83.222.39.191:13566
Source: global trafficTCP traffic: 192.168.2.23:53964 -> 83.222.199.237:13566
Source: global trafficTCP traffic: 192.168.2.23:60746 -> 83.222.148.11:13566
Source: global trafficTCP traffic: 192.168.2.23:33470 -> 83.222.248.195:13566
Source: global trafficTCP traffic: 192.168.2.23:58574 -> 83.222.27.245:13566
Source: global trafficTCP traffic: 192.168.2.23:59750 -> 83.222.164.165:13566
Source: global trafficTCP traffic: 192.168.2.23:34706 -> 83.222.147.243:13566
Source: global trafficTCP traffic: 192.168.2.23:39926 -> 83.222.209.254:13566
Source: global trafficTCP traffic: 192.168.2.23:34834 -> 83.222.86.244:13566
Source: global trafficTCP traffic: 192.168.2.23:42736 -> 83.222.191.90:13566
Source: /tmp/Kloki.arm7.elf (PID: 6239)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.23:42736
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.123.54
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.123.54
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.123.54
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.100
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.123.54
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.100
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.100
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.143.100
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.93.23
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.93.23
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.93.23
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.93.23
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.193.24
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.193.24
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.168.123
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.168.123
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.158.114
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.158.114
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.82.195
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.82.195
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.99.233
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.99.233
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.57.125
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.57.125
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.29.46
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.29.46
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.29.46
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.29.46
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.195.62
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.153.36
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.195.62
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.153.36
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.208.169
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.208.169
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.212.63
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.212.63
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.247.79
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.117.134
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.247.79
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.179.211
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.117.134
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.179.211
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.158.116
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.158.116
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.235.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.235.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.235.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.235.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.239.137
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1532, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 2302, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 6223, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 6266, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 6274, result: successfulJump to behavior
Source: LOAD without section mappingsProgram segment: 0x8000
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1532, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 2302, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 6223, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 6266, result: successfulJump to behavior
Source: /tmp/Kloki.arm7.elf (PID: 6245)SIGKILL sent: pid: 6274, result: successfulJump to behavior
Source: classification engineClassification label: mal52.spre.linELF@0/0@1/0
Source: Kloki.arm7.elfSubmission file: segment LOAD with 7.8893 entropy (max. 8.0)
Source: Kloki.arm7.elfSubmission file: segment LOAD with 7.9715 entropy (max. 8.0)
Source: /tmp/Kloki.arm7.elf (PID: 6239)Queries kernel information via 'uname': Jump to behavior
Source: Kloki.arm7.elf, 6239.1.000055d7f5cc8000.000055d7f5e19000.rw-.sdmp, Kloki.arm7.elf, 6243.1.000055d7f5cc8000.000055d7f5e19000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: Kloki.arm7.elf, 6239.1.000055d7f5cc8000.000055d7f5e19000.rw-.sdmp, Kloki.arm7.elf, 6243.1.000055d7f5cc8000.000055d7f5e19000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: Kloki.arm7.elf, 6239.1.00007ffd40ce2000.00007ffd40d03000.rw-.sdmp, Kloki.arm7.elf, 6243.1.00007ffd40ce2000.00007ffd40d03000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: Kloki.arm7.elf, 6239.1.00007ffd40ce2000.00007ffd40d03000.rw-.sdmp, Kloki.arm7.elf, 6243.1.00007ffd40ce2000.00007ffd40d03000.rw-.sdmpBinary or memory string: 5x86_64/usr/bin/qemu-arm/tmp/Kloki.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.arm7.elf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol
Traffic DuplicationData Destruction
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1590970 Sample: Kloki.arm7.elf Startdate: 14/01/2025 Architecture: LINUX Score: 52 23 83.222.162.109, 13566, 57754 WAVENETLB Bulgaria 2->23 25 83.222.162.204, 13566, 49470 WAVENETLB Bulgaria 2->25 27 98 other IPs or domains 2->27 31 Multi AV Scanner detection for submitted file 2->31 8 Kloki.arm7.elf 2->8         started        10 gnome-session-binary sh gsd-sharing 2->10         started        12 gnome-session-binary sh 2->12         started        14 4 other processes 2->14 signatures3 process4 process5 16 Kloki.arm7.elf 8->16         started        process6 18 Kloki.arm7.elf 16->18         started        21 Kloki.arm7.elf 16->21         started        signatures7 29 Sample tries to kill multiple processes (SIGKILL) 18->29
SourceDetectionScannerLabelLink
Kloki.arm7.elf17%VirustotalBrowse
Kloki.arm7.elf18%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    83.222.147.243
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.76.137
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.164.165
    unknownBulgaria
    31037WAVENETLBfalse
    83.222.169.14
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.106.76
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.29.46
    unknownRussian Federation
    25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.143.100
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.193.136
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.109.182
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.21.246
    unknownRussian Federation
    25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.157.240
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.68.11
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    91.189.91.43
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse
    91.189.91.42
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse
    83.222.99.233
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.203.241
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.47.15
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.138.158
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.18.93
    unknownRussian Federation
    25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.235.70
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.137.86
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.158.116
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.172.87
    unknownBulgaria
    49040KIG-UNISAT-TVBGfalse
    83.222.148.11
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.86.244
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.233.134
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.43.48
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.158.114
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.106.99
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.132.111
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.177.122
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.179.211
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.249.1
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.95.208
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.184.65
    unknownBulgaria
    43561NET1-ASBGfalse
    83.222.113.68
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.110.78
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.4.101
    unknownRussian Federation
    25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.209.254
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.212.63
    unknownRussian Federation
    25159SONICDUO-ASRUfalse
    83.222.42.167
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.193.24
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.125.45
    unknownRussian Federation
    47328TRI-ASTrueRecordsIncESfalse
    83.222.198.213
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.43.134
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.191.90
    secure-network-rebirthltd.ruBulgaria
    43561NET1-ASBGfalse
    83.222.77.27
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.100.0
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.69.90
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.208.169
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.123.54
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.195.62
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.235.240
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.235.44
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.239.137
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.175.176
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.217.191
    unknownRussian Federation
    25159SONICDUO-ASRUfalse
    83.222.71.111
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.117.134
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.162.109
    unknownBulgaria
    31037WAVENETLBfalse
    83.222.39.191
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.153.36
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.208.144
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.199.237
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.210.231
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.164.252
    unknownBulgaria
    31037WAVENETLBfalse
    83.222.35.173
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.49.244
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.209.14
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.84.118
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.254.24
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.153.253
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.168.123
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.91.199
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.93.23
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.109.41
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.237.104
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.50.231
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.248.195
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.84.197
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.174.1
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.193.67
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.125.253
    unknownRussian Federation
    47328TRI-ASTrueRecordsIncESfalse
    83.222.244.196
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.66.70
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.162.204
    unknownBulgaria
    31037WAVENETLBfalse
    83.222.188.40
    unknownBulgaria
    43561NET1-ASBGfalse
    83.222.148.61
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.243.37
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    109.202.202.202
    unknownSwitzerland
    13030INIT7CHfalse
    83.222.78.44
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.197.220
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.82.195
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.82.17
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.160.55
    unknownBulgaria
    49040KIG-UNISAT-TVBGfalse
    83.222.57.125
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.247.79
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.252.225
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.27.245
    unknownRussian Federation
    25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.120.121
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    91.189.91.43debug.dbg.elfGet hashmaliciousMirai, MoobotBrowse
      m-p.s-l.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
        x-3.2-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
          rebirth.i686.elfGet hashmaliciousGafgytBrowse
            arm6.elfGet hashmaliciousMirai, MoobotBrowse
              meth12.elfGet hashmaliciousMiraiBrowse
                rebirth.ppc.elfGet hashmaliciousGafgytBrowse
                  x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                    p-p.c-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                      rebirth.arm5.elfGet hashmaliciousGafgytBrowse
                        91.189.91.42debug.dbg.elfGet hashmaliciousMirai, MoobotBrowse
                          m-p.s-l.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                            x-3.2-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                              rebirth.i686.elfGet hashmaliciousGafgytBrowse
                                arm6.elfGet hashmaliciousMirai, MoobotBrowse
                                  meth12.elfGet hashmaliciousMiraiBrowse
                                    rebirth.ppc.elfGet hashmaliciousGafgytBrowse
                                      x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                        p-p.c-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          rebirth.arm5.elfGet hashmaliciousGafgytBrowse
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            secure-network-rebirthltd.ruKloki.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            Kloki.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            Kloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.191.90
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            MASTERHOST-ASMoscowRussiaRUrACq8Eaix6.exeGet hashmaliciousFormBookBrowse
                                            • 90.156.201.74
                                            frosty.x86.elfGet hashmaliciousMiraiBrowse
                                            • 90.156.234.102
                                            Kloki.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.6.30
                                            Kloki.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.18.36
                                            Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.30.186
                                            Kloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.26.170
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.4.239
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.13.30
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.6.146
                                            https://klickskydd.skolverket.org/?url=https%3A%2F%2Fwww.gazeta.ru%2Fpolitics%2Fnews%2F2024%2F12%2F22%2F24684722.shtml&id=71de&rcpt=upplysningstjansten@skolverket.se&tss=1735469857&msgid=b53e7603-c5d3-11ef-8a2e-0050569b0508&html=1&h=ded85c63Get hashmaliciousHTMLPhisherBrowse
                                            • 87.242.127.163
                                            SENSELAN-ASsenseLANGmbHCHKloki.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.139.136
                                            Kloki.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.151.246
                                            Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.137.76
                                            Kloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.146.5
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.154.225
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.153.55
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.147.13
                                            firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                            • 192.162.28.56
                                            firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                                            • 192.162.28.56
                                            LFZoA1P7TrGet hashmaliciousUnknownBrowse
                                            • 83.222.133.170
                                            GCN-ASGCNAD-SofiaBulgariaBGKloki.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.181.243
                                            Kloki.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.169.127
                                            Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.179.249
                                            Kloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.181.63
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.173.21
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.181.68
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.166.36
                                            IMG001.exeGet hashmaliciousXmrigBrowse
                                            • 212.70.158.89
                                            ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUKloki.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.70.81
                                            Kloki.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.83.69
                                            Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.87.13
                                            Kloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.68.210
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.73.212
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.89.90
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.64.159
                                            skid.x86.elfGet hashmaliciousMoobotBrowse
                                            • 83.222.64.191
                                            XfUkJyh9A3.elfGet hashmaliciousMiraiBrowse
                                            • 37.209.228.199
                                            nSQgTX0uEc.dllGet hashmaliciousWannacryBrowse
                                            • 213.141.249.89
                                            MNOGOBYTE-ASMoscowRussiaRUKloki.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.107.74
                                            Kloki.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.111.94
                                            Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.116.93
                                            Kloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.101.212
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.110.86
                                            Kloki.spc.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.112.137
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.121.44
                                            Hilix.m68k.elfGet hashmaliciousMiraiBrowse
                                            • 45.87.110.254
                                            arm6.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.115.109
                                            https://santa-secret.ru/api/verify?a=NjgyODEwNCw1bWluOHE2MHpuX3J1LC9hY2NvdW50L2JveGVzLHZsYWRpbWlyLmdsdXNoZW5rb0Bob2NobGFuZC5ydSwyNDE0MTYzMg==Get hashmaliciousUnknownBrowse
                                            • 83.222.104.70
                                            WAVENETLBKloki.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.162.124
                                            Kloki.x86.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.164.65
                                            Kloki.arm4.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.164.170
                                            Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 83.222.162.209
                                            No context
                                            No context
                                            No created / dropped files found
                                            File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
                                            Entropy (8bit):7.98282589919332
                                            TrID:
                                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                            File name:Kloki.arm7.elf
                                            File size:58'472 bytes
                                            MD5:a067e5cb4a56908848598d0123853fee
                                            SHA1:3f8eeb9f34581ea06fcc4c1b4a87f6c42c181bb0
                                            SHA256:e3dabac03107e604decfe855df5ea922e44fad1bf55382472a3ab9d949ebcca7
                                            SHA512:1baa296d8fa65f4a67773e0afac468cfcca19f7fc25b9dcf5b159cb9c7ed7c3ba8cf8acbe335d169f17ae9dc27f9c1ae9452c687b583f88ef4df95ca53f6887f
                                            SSDEEP:1536:x9EaxER9c8SQe4vY6nKSNEFCPN5k4X8nKBan7xNd:jVW/cyT9PN557a7xNd
                                            TLSH:40430213824921A7ED25CD3B831B8A51BB2BEE7650F0B0351468D9BE76F7014F73798A
                                            File Content Preview:.ELF..............(.........4...........4. ...(.....................................................................Q.td..............................t.sfga........-K..-K......j..........?.E.h;....#..$...o...-..8..Au...0.*.>..2.%}!.#y....@.WA..U.`..p./.B.

                                            ELF header

                                            Class:ELF32
                                            Data:2's complement, little endian
                                            Version:1 (current)
                                            Machine:ARM
                                            Version Number:0x1
                                            Type:EXEC (Executable file)
                                            OS/ABI:UNIX - Linux
                                            ABI Version:0
                                            Entry Point Address:0x38efc
                                            Flags:0x4000002
                                            ELF Header Size:52
                                            Program Header Offset:52
                                            Program Header Size:32
                                            Number of Program Headers:3
                                            Section Header Offset:0
                                            Section Header Size:40
                                            Number of Section Headers:0
                                            Header String Table Index:0
                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                            LOAD0x00x80000x80000x10000x21cf47.88930x6RW 0x8000
                                            LOAD0x00x300000x300000xa0eb0xa0eb7.97150x5R E0x8000
                                            GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2025-01-14T16:51:52.361612+01002500034ET COMPROMISED Known Compromised or Hostile Host Traffic group 18283.222.191.9013566192.168.2.2342736TCP
                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 14, 2025 16:51:49.727725029 CET43928443192.168.2.2391.189.91.42
                                            Jan 14, 2025 16:51:51.212511063 CET3816813566192.168.2.2383.222.110.78
                                            Jan 14, 2025 16:51:51.217494965 CET135663816883.222.110.78192.168.2.23
                                            Jan 14, 2025 16:51:51.217559099 CET3816813566192.168.2.2383.222.110.78
                                            Jan 14, 2025 16:51:51.248151064 CET3816813566192.168.2.2383.222.110.78
                                            Jan 14, 2025 16:51:51.253057957 CET135663816883.222.110.78192.168.2.23
                                            Jan 14, 2025 16:51:51.253143072 CET3816813566192.168.2.2383.222.110.78
                                            Jan 14, 2025 16:51:51.274496078 CET3444813566192.168.2.2383.222.123.54
                                            Jan 14, 2025 16:51:51.279376984 CET135663444883.222.123.54192.168.2.23
                                            Jan 14, 2025 16:51:51.279469013 CET3444813566192.168.2.2383.222.123.54
                                            Jan 14, 2025 16:51:51.281136990 CET3444813566192.168.2.2383.222.123.54
                                            Jan 14, 2025 16:51:51.283683062 CET4534213566192.168.2.2383.222.143.100
                                            Jan 14, 2025 16:51:51.287537098 CET135663444883.222.123.54192.168.2.23
                                            Jan 14, 2025 16:51:51.287586927 CET3444813566192.168.2.2383.222.123.54
                                            Jan 14, 2025 16:51:51.289155006 CET135664534283.222.143.100192.168.2.23
                                            Jan 14, 2025 16:51:51.289206982 CET4534213566192.168.2.2383.222.143.100
                                            Jan 14, 2025 16:51:51.291589022 CET4534213566192.168.2.2383.222.143.100
                                            Jan 14, 2025 16:51:51.296947956 CET135664534283.222.143.100192.168.2.23
                                            Jan 14, 2025 16:51:51.297018051 CET4534213566192.168.2.2383.222.143.100
                                            Jan 14, 2025 16:51:51.300204039 CET4051413566192.168.2.2383.222.93.23
                                            Jan 14, 2025 16:51:51.305268049 CET135664051483.222.93.23192.168.2.23
                                            Jan 14, 2025 16:51:51.305326939 CET4051413566192.168.2.2383.222.93.23
                                            Jan 14, 2025 16:51:51.319466114 CET4051413566192.168.2.2383.222.93.23
                                            Jan 14, 2025 16:51:51.324315071 CET135664051483.222.93.23192.168.2.23
                                            Jan 14, 2025 16:51:51.324393988 CET4051413566192.168.2.2383.222.93.23
                                            Jan 14, 2025 16:51:51.327863932 CET4378813566192.168.2.2383.222.193.24
                                            Jan 14, 2025 16:51:51.332701921 CET135664378883.222.193.24192.168.2.23
                                            Jan 14, 2025 16:51:51.332776070 CET4378813566192.168.2.2383.222.193.24
                                            Jan 14, 2025 16:51:51.340574980 CET3521813566192.168.2.2383.222.168.123
                                            Jan 14, 2025 16:51:51.345411062 CET135663521883.222.168.123192.168.2.23
                                            Jan 14, 2025 16:51:51.345479965 CET3521813566192.168.2.2383.222.168.123
                                            Jan 14, 2025 16:51:51.345701933 CET4222413566192.168.2.2383.222.158.114
                                            Jan 14, 2025 16:51:51.350568056 CET135664222483.222.158.114192.168.2.23
                                            Jan 14, 2025 16:51:51.350627899 CET4222413566192.168.2.2383.222.158.114
                                            Jan 14, 2025 16:51:51.352190018 CET5347613566192.168.2.2383.222.82.195
                                            Jan 14, 2025 16:51:51.357021093 CET135665347683.222.82.195192.168.2.23
                                            Jan 14, 2025 16:51:51.357093096 CET5347613566192.168.2.2383.222.82.195
                                            Jan 14, 2025 16:51:51.357158899 CET5817413566192.168.2.2383.222.99.233
                                            Jan 14, 2025 16:51:51.361967087 CET135665817483.222.99.233192.168.2.23
                                            Jan 14, 2025 16:51:51.362032890 CET5817413566192.168.2.2383.222.99.233
                                            Jan 14, 2025 16:51:51.365776062 CET4183813566192.168.2.2383.222.57.125
                                            Jan 14, 2025 16:51:51.370604038 CET135664183883.222.57.125192.168.2.23
                                            Jan 14, 2025 16:51:51.370652914 CET4183813566192.168.2.2383.222.57.125
                                            Jan 14, 2025 16:51:51.372741938 CET5426413566192.168.2.2383.222.210.231
                                            Jan 14, 2025 16:51:51.377480984 CET135665426483.222.210.231192.168.2.23
                                            Jan 14, 2025 16:51:51.377537012 CET5426413566192.168.2.2383.222.210.231
                                            Jan 14, 2025 16:51:51.382636070 CET5426413566192.168.2.2383.222.210.231
                                            Jan 14, 2025 16:51:51.388818026 CET135665426483.222.210.231192.168.2.23
                                            Jan 14, 2025 16:51:51.388874054 CET5426413566192.168.2.2383.222.210.231
                                            Jan 14, 2025 16:51:51.390080929 CET6055213566192.168.2.2383.222.29.46
                                            Jan 14, 2025 16:51:51.394905090 CET135666055283.222.29.46192.168.2.23
                                            Jan 14, 2025 16:51:51.394984961 CET6055213566192.168.2.2383.222.29.46
                                            Jan 14, 2025 16:51:51.396229029 CET6055213566192.168.2.2383.222.29.46
                                            Jan 14, 2025 16:51:51.401015043 CET135666055283.222.29.46192.168.2.23
                                            Jan 14, 2025 16:51:51.401077986 CET6055213566192.168.2.2383.222.29.46
                                            Jan 14, 2025 16:51:51.401612997 CET5531813566192.168.2.2383.222.195.62
                                            Jan 14, 2025 16:51:51.405186892 CET5576013566192.168.2.2383.222.153.36
                                            Jan 14, 2025 16:51:51.406388044 CET135665531883.222.195.62192.168.2.23
                                            Jan 14, 2025 16:51:51.406462908 CET5531813566192.168.2.2383.222.195.62
                                            Jan 14, 2025 16:51:51.410017967 CET135665576083.222.153.36192.168.2.23
                                            Jan 14, 2025 16:51:51.410079002 CET5576013566192.168.2.2383.222.153.36
                                            Jan 14, 2025 16:51:51.414887905 CET3903613566192.168.2.2383.222.208.169
                                            Jan 14, 2025 16:51:51.419733047 CET135663903683.222.208.169192.168.2.23
                                            Jan 14, 2025 16:51:51.419804096 CET3903613566192.168.2.2383.222.208.169
                                            Jan 14, 2025 16:51:51.424870014 CET4459613566192.168.2.2383.222.212.63
                                            Jan 14, 2025 16:51:51.429703951 CET135664459683.222.212.63192.168.2.23
                                            Jan 14, 2025 16:51:51.429766893 CET4459613566192.168.2.2383.222.212.63
                                            Jan 14, 2025 16:51:51.431394100 CET5755013566192.168.2.2383.222.247.79
                                            Jan 14, 2025 16:51:51.434907913 CET5886613566192.168.2.2383.222.117.134
                                            Jan 14, 2025 16:51:51.436232090 CET135665755083.222.247.79192.168.2.23
                                            Jan 14, 2025 16:51:51.436311007 CET5755013566192.168.2.2383.222.247.79
                                            Jan 14, 2025 16:51:51.439117908 CET5250013566192.168.2.2383.222.179.211
                                            Jan 14, 2025 16:51:51.439737082 CET135665886683.222.117.134192.168.2.23
                                            Jan 14, 2025 16:51:51.439800024 CET5886613566192.168.2.2383.222.117.134
                                            Jan 14, 2025 16:51:51.443945885 CET135665250083.222.179.211192.168.2.23
                                            Jan 14, 2025 16:51:51.444011927 CET5250013566192.168.2.2383.222.179.211
                                            Jan 14, 2025 16:51:51.450067997 CET3716613566192.168.2.2383.222.158.116
                                            Jan 14, 2025 16:51:51.454850912 CET135663716683.222.158.116192.168.2.23
                                            Jan 14, 2025 16:51:51.454919100 CET3716613566192.168.2.2383.222.158.116
                                            Jan 14, 2025 16:51:51.457269907 CET3547813566192.168.2.2383.222.235.70
                                            Jan 14, 2025 16:51:51.462110043 CET135663547883.222.235.70192.168.2.23
                                            Jan 14, 2025 16:51:51.462702990 CET3547813566192.168.2.2383.222.235.70
                                            Jan 14, 2025 16:51:51.464853048 CET3547813566192.168.2.2383.222.235.70
                                            Jan 14, 2025 16:51:51.469862938 CET135663547883.222.235.70192.168.2.23
                                            Jan 14, 2025 16:51:51.469906092 CET3547813566192.168.2.2383.222.235.70
                                            Jan 14, 2025 16:51:51.485224009 CET5743813566192.168.2.2383.222.239.137
                                            Jan 14, 2025 16:51:51.490076065 CET135665743883.222.239.137192.168.2.23
                                            Jan 14, 2025 16:51:51.490137100 CET5743813566192.168.2.2383.222.239.137
                                            Jan 14, 2025 16:51:51.491216898 CET5743813566192.168.2.2383.222.239.137
                                            Jan 14, 2025 16:51:51.494415998 CET4467613566192.168.2.2383.222.184.65
                                            Jan 14, 2025 16:51:51.496064901 CET135665743883.222.239.137192.168.2.23
                                            Jan 14, 2025 16:51:51.496129036 CET5743813566192.168.2.2383.222.239.137
                                            Jan 14, 2025 16:51:51.499185085 CET135664467683.222.184.65192.168.2.23
                                            Jan 14, 2025 16:51:51.499248028 CET4467613566192.168.2.2383.222.184.65
                                            Jan 14, 2025 16:51:51.502008915 CET3457413566192.168.2.2383.222.77.27
                                            Jan 14, 2025 16:51:51.506917953 CET135663457483.222.77.27192.168.2.23
                                            Jan 14, 2025 16:51:51.506994963 CET3457413566192.168.2.2383.222.77.27
                                            Jan 14, 2025 16:51:51.507855892 CET3457413566192.168.2.2383.222.77.27
                                            Jan 14, 2025 16:51:51.511550903 CET3811413566192.168.2.2383.222.43.134
                                            Jan 14, 2025 16:51:51.512654066 CET135663457483.222.77.27192.168.2.23
                                            Jan 14, 2025 16:51:51.512701988 CET3457413566192.168.2.2383.222.77.27
                                            Jan 14, 2025 16:51:51.516412020 CET135663811483.222.43.134192.168.2.23
                                            Jan 14, 2025 16:51:51.516474962 CET3811413566192.168.2.2383.222.43.134
                                            Jan 14, 2025 16:51:51.519454002 CET3454613566192.168.2.2383.222.153.253
                                            Jan 14, 2025 16:51:51.524281025 CET135663454683.222.153.253192.168.2.23
                                            Jan 14, 2025 16:51:51.524319887 CET3454613566192.168.2.2383.222.153.253
                                            Jan 14, 2025 16:51:51.526181936 CET3831413566192.168.2.2383.222.109.182
                                            Jan 14, 2025 16:51:51.530996084 CET135663831483.222.109.182192.168.2.23
                                            Jan 14, 2025 16:51:51.531049967 CET3831413566192.168.2.2383.222.109.182
                                            Jan 14, 2025 16:51:51.534347057 CET3831413566192.168.2.2383.222.109.182
                                            Jan 14, 2025 16:51:51.538408995 CET3377613566192.168.2.2383.222.43.48
                                            Jan 14, 2025 16:51:51.541997910 CET135663831483.222.109.182192.168.2.23
                                            Jan 14, 2025 16:51:51.542463064 CET135663831483.222.109.182192.168.2.23
                                            Jan 14, 2025 16:51:51.542515993 CET3831413566192.168.2.2383.222.109.182
                                            Jan 14, 2025 16:51:51.543207884 CET135663377683.222.43.48192.168.2.23
                                            Jan 14, 2025 16:51:51.543256998 CET3377613566192.168.2.2383.222.43.48
                                            Jan 14, 2025 16:51:51.550940990 CET3377613566192.168.2.2383.222.43.48
                                            Jan 14, 2025 16:51:51.556058884 CET135663377683.222.43.48192.168.2.23
                                            Jan 14, 2025 16:51:51.556107998 CET3377613566192.168.2.2383.222.43.48
                                            Jan 14, 2025 16:51:51.566675901 CET5794613566192.168.2.2383.222.244.196
                                            Jan 14, 2025 16:51:51.571477890 CET135665794683.222.244.196192.168.2.23
                                            Jan 14, 2025 16:51:51.571738958 CET5794613566192.168.2.2383.222.244.196
                                            Jan 14, 2025 16:51:51.574666977 CET5794613566192.168.2.2383.222.244.196
                                            Jan 14, 2025 16:51:51.579983950 CET135665794683.222.244.196192.168.2.23
                                            Jan 14, 2025 16:51:51.580307961 CET5794613566192.168.2.2383.222.244.196
                                            Jan 14, 2025 16:51:51.602816105 CET4290813566192.168.2.2383.222.84.197
                                            Jan 14, 2025 16:51:51.607590914 CET135664290883.222.84.197192.168.2.23
                                            Jan 14, 2025 16:51:51.607645988 CET4290813566192.168.2.2383.222.84.197
                                            Jan 14, 2025 16:51:51.686847925 CET4290813566192.168.2.2383.222.84.197
                                            Jan 14, 2025 16:51:51.691692114 CET135664290883.222.84.197192.168.2.23
                                            Jan 14, 2025 16:51:51.691742897 CET4290813566192.168.2.2383.222.84.197
                                            Jan 14, 2025 16:51:51.704444885 CET5325813566192.168.2.2383.222.109.41
                                            Jan 14, 2025 16:51:51.709357023 CET135665325883.222.109.41192.168.2.23
                                            Jan 14, 2025 16:51:51.710448027 CET5325813566192.168.2.2383.222.109.41
                                            Jan 14, 2025 16:51:51.714143038 CET5325813566192.168.2.2383.222.109.41
                                            Jan 14, 2025 16:51:51.718950033 CET135665325883.222.109.41192.168.2.23
                                            Jan 14, 2025 16:51:51.719321012 CET5325813566192.168.2.2383.222.109.41
                                            Jan 14, 2025 16:51:51.720573902 CET4809013566192.168.2.2383.222.4.101
                                            Jan 14, 2025 16:51:51.725336075 CET135664809083.222.4.101192.168.2.23
                                            Jan 14, 2025 16:51:51.725400925 CET4809013566192.168.2.2383.222.4.101
                                            Jan 14, 2025 16:51:51.733805895 CET4809013566192.168.2.2383.222.4.101
                                            Jan 14, 2025 16:51:51.738729954 CET135664809083.222.4.101192.168.2.23
                                            Jan 14, 2025 16:51:51.738835096 CET4809013566192.168.2.2383.222.4.101
                                            Jan 14, 2025 16:51:51.740761995 CET5462613566192.168.2.2383.222.120.121
                                            Jan 14, 2025 16:51:51.745538950 CET135665462683.222.120.121192.168.2.23
                                            Jan 14, 2025 16:51:51.745595932 CET5462613566192.168.2.2383.222.120.121
                                            Jan 14, 2025 16:51:51.746757984 CET5462613566192.168.2.2383.222.120.121
                                            Jan 14, 2025 16:51:51.750698090 CET4890013566192.168.2.2383.222.235.44
                                            Jan 14, 2025 16:51:51.751597881 CET135665462683.222.120.121192.168.2.23
                                            Jan 14, 2025 16:51:51.751647949 CET5462613566192.168.2.2383.222.120.121
                                            Jan 14, 2025 16:51:51.755662918 CET135664890083.222.235.44192.168.2.23
                                            Jan 14, 2025 16:51:51.755716085 CET4890013566192.168.2.2383.222.235.44
                                            Jan 14, 2025 16:51:51.758367062 CET4530013566192.168.2.2383.222.76.137
                                            Jan 14, 2025 16:51:51.763181925 CET135664530083.222.76.137192.168.2.23
                                            Jan 14, 2025 16:51:51.763250113 CET4530013566192.168.2.2383.222.76.137
                                            Jan 14, 2025 16:51:51.763407946 CET4530013566192.168.2.2383.222.76.137
                                            Jan 14, 2025 16:51:51.768279076 CET135664530083.222.76.137192.168.2.23
                                            Jan 14, 2025 16:51:51.768341064 CET4530013566192.168.2.2383.222.76.137
                                            Jan 14, 2025 16:51:51.770118952 CET4150613566192.168.2.2383.222.160.55
                                            Jan 14, 2025 16:51:51.774914026 CET135664150683.222.160.55192.168.2.23
                                            Jan 14, 2025 16:51:51.774986982 CET4150613566192.168.2.2383.222.160.55
                                            Jan 14, 2025 16:51:51.778247118 CET4150613566192.168.2.2383.222.160.55
                                            Jan 14, 2025 16:51:51.783154964 CET4066413566192.168.2.2383.222.208.144
                                            Jan 14, 2025 16:51:51.783175945 CET135664150683.222.160.55192.168.2.23
                                            Jan 14, 2025 16:51:51.783235073 CET4150613566192.168.2.2383.222.160.55
                                            Jan 14, 2025 16:51:51.787993908 CET135664066483.222.208.144192.168.2.23
                                            Jan 14, 2025 16:51:51.788045883 CET4066413566192.168.2.2383.222.208.144
                                            Jan 14, 2025 16:51:51.789022923 CET4066413566192.168.2.2383.222.208.144
                                            Jan 14, 2025 16:51:51.791066885 CET5661013566192.168.2.2383.222.193.136
                                            Jan 14, 2025 16:51:51.793832064 CET135664066483.222.208.144192.168.2.23
                                            Jan 14, 2025 16:51:51.793875933 CET4066413566192.168.2.2383.222.208.144
                                            Jan 14, 2025 16:51:51.795851946 CET135665661083.222.193.136192.168.2.23
                                            Jan 14, 2025 16:51:51.795934916 CET5661013566192.168.2.2383.222.193.136
                                            Jan 14, 2025 16:51:51.797195911 CET4424413566192.168.2.2383.222.209.14
                                            Jan 14, 2025 16:51:51.802016973 CET135664424483.222.209.14192.168.2.23
                                            Jan 14, 2025 16:51:51.802093029 CET4424413566192.168.2.2383.222.209.14
                                            Jan 14, 2025 16:51:51.803013086 CET4295013566192.168.2.2383.222.164.252
                                            Jan 14, 2025 16:51:51.807849884 CET135664295083.222.164.252192.168.2.23
                                            Jan 14, 2025 16:51:51.807929039 CET4295013566192.168.2.2383.222.164.252
                                            Jan 14, 2025 16:51:51.810548067 CET5000013566192.168.2.2383.222.148.61
                                            Jan 14, 2025 16:51:51.815341949 CET135665000083.222.148.61192.168.2.23
                                            Jan 14, 2025 16:51:51.815393925 CET5000013566192.168.2.2383.222.148.61
                                            Jan 14, 2025 16:51:51.818135023 CET3385813566192.168.2.2383.222.249.1
                                            Jan 14, 2025 16:51:51.822981119 CET135663385883.222.249.1192.168.2.23
                                            Jan 14, 2025 16:51:51.823035002 CET3385813566192.168.2.2383.222.249.1
                                            Jan 14, 2025 16:51:51.823610067 CET4868413566192.168.2.2383.222.243.37
                                            Jan 14, 2025 16:51:51.829138994 CET135664868483.222.243.37192.168.2.23
                                            Jan 14, 2025 16:51:51.829220057 CET4868413566192.168.2.2383.222.243.37
                                            Jan 14, 2025 16:51:51.830027103 CET4868413566192.168.2.2383.222.243.37
                                            Jan 14, 2025 16:51:51.834002018 CET5945413566192.168.2.2383.222.50.231
                                            Jan 14, 2025 16:51:51.835340023 CET135664868483.222.243.37192.168.2.23
                                            Jan 14, 2025 16:51:51.835418940 CET4868413566192.168.2.2383.222.243.37
                                            Jan 14, 2025 16:51:51.838815928 CET135665945483.222.50.231192.168.2.23
                                            Jan 14, 2025 16:51:51.838877916 CET5945413566192.168.2.2383.222.50.231
                                            Jan 14, 2025 16:51:51.840281010 CET5930613566192.168.2.2383.222.233.134
                                            Jan 14, 2025 16:51:51.845161915 CET135665930683.222.233.134192.168.2.23
                                            Jan 14, 2025 16:51:51.845218897 CET5930613566192.168.2.2383.222.233.134
                                            Jan 14, 2025 16:51:51.847150087 CET3780413566192.168.2.2383.222.172.87
                                            Jan 14, 2025 16:51:51.851941109 CET135663780483.222.172.87192.168.2.23
                                            Jan 14, 2025 16:51:51.852045059 CET3780413566192.168.2.2383.222.172.87
                                            Jan 14, 2025 16:51:51.853210926 CET5935213566192.168.2.2383.222.175.176
                                            Jan 14, 2025 16:51:51.858072996 CET135665935283.222.175.176192.168.2.23
                                            Jan 14, 2025 16:51:51.858127117 CET5935213566192.168.2.2383.222.175.176
                                            Jan 14, 2025 16:51:51.858767033 CET5935213566192.168.2.2383.222.175.176
                                            Jan 14, 2025 16:51:51.863555908 CET135665935283.222.175.176192.168.2.23
                                            Jan 14, 2025 16:51:51.863605022 CET5935213566192.168.2.2383.222.175.176
                                            Jan 14, 2025 16:51:51.866203070 CET5386213566192.168.2.2383.222.188.40
                                            Jan 14, 2025 16:51:51.871099949 CET135665386283.222.188.40192.168.2.23
                                            Jan 14, 2025 16:51:51.871155977 CET5386213566192.168.2.2383.222.188.40
                                            Jan 14, 2025 16:51:51.873657942 CET3365413566192.168.2.2383.222.42.167
                                            Jan 14, 2025 16:51:51.878592968 CET135663365483.222.42.167192.168.2.23
                                            Jan 14, 2025 16:51:51.878664970 CET3365413566192.168.2.2383.222.42.167
                                            Jan 14, 2025 16:51:51.882781029 CET3365413566192.168.2.2383.222.42.167
                                            Jan 14, 2025 16:51:51.887636900 CET135663365483.222.42.167192.168.2.23
                                            Jan 14, 2025 16:51:51.887681007 CET3365413566192.168.2.2383.222.42.167
                                            Jan 14, 2025 16:51:51.890947104 CET3963013566192.168.2.2383.222.84.118
                                            Jan 14, 2025 16:51:51.895783901 CET135663963083.222.84.118192.168.2.23
                                            Jan 14, 2025 16:51:51.896157980 CET3963013566192.168.2.2383.222.84.118
                                            Jan 14, 2025 16:51:51.898619890 CET3963013566192.168.2.2383.222.84.118
                                            Jan 14, 2025 16:51:51.902288914 CET4456213566192.168.2.2383.222.49.244
                                            Jan 14, 2025 16:51:51.903568983 CET135663963083.222.84.118192.168.2.23
                                            Jan 14, 2025 16:51:51.903623104 CET3963013566192.168.2.2383.222.84.118
                                            Jan 14, 2025 16:51:51.907114983 CET135664456283.222.49.244192.168.2.23
                                            Jan 14, 2025 16:51:51.907166958 CET4456213566192.168.2.2383.222.49.244
                                            Jan 14, 2025 16:51:51.909224033 CET4240213566192.168.2.2383.222.174.1
                                            Jan 14, 2025 16:51:51.913996935 CET135664240283.222.174.1192.168.2.23
                                            Jan 14, 2025 16:51:51.914061069 CET4240213566192.168.2.2383.222.174.1
                                            Jan 14, 2025 16:51:51.919421911 CET4240213566192.168.2.2383.222.174.1
                                            Jan 14, 2025 16:51:51.923118114 CET3859813566192.168.2.2383.222.132.111
                                            Jan 14, 2025 16:51:51.924259901 CET135664240283.222.174.1192.168.2.23
                                            Jan 14, 2025 16:51:51.924313068 CET4240213566192.168.2.2383.222.174.1
                                            Jan 14, 2025 16:51:51.927908897 CET135663859883.222.132.111192.168.2.23
                                            Jan 14, 2025 16:51:51.927966118 CET3859813566192.168.2.2383.222.132.111
                                            Jan 14, 2025 16:51:51.937472105 CET3859813566192.168.2.2383.222.132.111
                                            Jan 14, 2025 16:51:51.942296028 CET135663859883.222.132.111192.168.2.23
                                            Jan 14, 2025 16:51:51.942351103 CET3859813566192.168.2.2383.222.132.111
                                            Jan 14, 2025 16:51:51.949480057 CET4255813566192.168.2.2383.222.137.86
                                            Jan 14, 2025 16:51:51.953186035 CET4713813566192.168.2.2383.222.125.45
                                            Jan 14, 2025 16:51:51.954345942 CET135664255883.222.137.86192.168.2.23
                                            Jan 14, 2025 16:51:51.954411983 CET4255813566192.168.2.2383.222.137.86
                                            Jan 14, 2025 16:51:51.958025932 CET135664713883.222.125.45192.168.2.23
                                            Jan 14, 2025 16:51:51.958077908 CET4713813566192.168.2.2383.222.125.45
                                            Jan 14, 2025 16:51:51.959973097 CET4713813566192.168.2.2383.222.125.45
                                            Jan 14, 2025 16:51:51.964852095 CET135664713883.222.125.45192.168.2.23
                                            Jan 14, 2025 16:51:51.964895010 CET4713813566192.168.2.2383.222.125.45
                                            Jan 14, 2025 16:51:51.969007015 CET5428813566192.168.2.2383.222.82.17
                                            Jan 14, 2025 16:51:51.973773956 CET135665428883.222.82.17192.168.2.23
                                            Jan 14, 2025 16:51:51.973829031 CET5428813566192.168.2.2383.222.82.17
                                            Jan 14, 2025 16:51:51.980082035 CET5428813566192.168.2.2383.222.82.17
                                            Jan 14, 2025 16:51:51.982799053 CET4686413566192.168.2.2383.222.106.76
                                            Jan 14, 2025 16:51:51.985996962 CET135665428883.222.82.17192.168.2.23
                                            Jan 14, 2025 16:51:51.987242937 CET135665428883.222.82.17192.168.2.23
                                            Jan 14, 2025 16:51:51.987360954 CET5428813566192.168.2.2383.222.82.17
                                            Jan 14, 2025 16:51:51.987606049 CET135664686483.222.106.76192.168.2.23
                                            Jan 14, 2025 16:51:51.987648964 CET4686413566192.168.2.2383.222.106.76
                                            Jan 14, 2025 16:51:51.989900112 CET4686413566192.168.2.2383.222.106.76
                                            Jan 14, 2025 16:51:51.994721889 CET135664686483.222.106.76192.168.2.23
                                            Jan 14, 2025 16:51:51.994771004 CET4622813566192.168.2.2383.222.18.93
                                            Jan 14, 2025 16:51:51.994790077 CET4686413566192.168.2.2383.222.106.76
                                            Jan 14, 2025 16:51:51.999610901 CET135664622883.222.18.93192.168.2.23
                                            Jan 14, 2025 16:51:51.999665022 CET4622813566192.168.2.2383.222.18.93
                                            Jan 14, 2025 16:51:52.013032913 CET4622813566192.168.2.2383.222.18.93
                                            Jan 14, 2025 16:51:52.017860889 CET135664622883.222.18.93192.168.2.23
                                            Jan 14, 2025 16:51:52.017908096 CET4622813566192.168.2.2383.222.18.93
                                            Jan 14, 2025 16:51:52.018580914 CET4115013566192.168.2.2383.222.113.68
                                            Jan 14, 2025 16:51:52.023438931 CET135664115083.222.113.68192.168.2.23
                                            Jan 14, 2025 16:51:52.023485899 CET4115013566192.168.2.2383.222.113.68
                                            Jan 14, 2025 16:51:52.031430006 CET4115013566192.168.2.2383.222.113.68
                                            Jan 14, 2025 16:51:52.036274910 CET135664115083.222.113.68192.168.2.23
                                            Jan 14, 2025 16:51:52.036324978 CET4115013566192.168.2.2383.222.113.68
                                            Jan 14, 2025 16:51:52.038033009 CET3420813566192.168.2.2383.222.69.90
                                            Jan 14, 2025 16:51:52.042862892 CET135663420883.222.69.90192.168.2.23
                                            Jan 14, 2025 16:51:52.042913914 CET3420813566192.168.2.2383.222.69.90
                                            Jan 14, 2025 16:51:52.070642948 CET3420813566192.168.2.2383.222.69.90
                                            Jan 14, 2025 16:51:52.075077057 CET5026613566192.168.2.2383.222.203.241
                                            Jan 14, 2025 16:51:52.078967094 CET135663420883.222.69.90192.168.2.23
                                            Jan 14, 2025 16:51:52.079022884 CET3420813566192.168.2.2383.222.69.90
                                            Jan 14, 2025 16:51:52.080977917 CET135665026683.222.203.241192.168.2.23
                                            Jan 14, 2025 16:51:52.082591057 CET5026613566192.168.2.2383.222.203.241
                                            Jan 14, 2025 16:51:52.083342075 CET5026613566192.168.2.2383.222.203.241
                                            Jan 14, 2025 16:51:52.089987040 CET135665026683.222.203.241192.168.2.23
                                            Jan 14, 2025 16:51:52.091365099 CET135665026683.222.203.241192.168.2.23
                                            Jan 14, 2025 16:51:52.092183113 CET5026613566192.168.2.2383.222.203.241
                                            Jan 14, 2025 16:51:52.094773054 CET4384413566192.168.2.2383.222.177.122
                                            Jan 14, 2025 16:51:52.099565029 CET135664384483.222.177.122192.168.2.23
                                            Jan 14, 2025 16:51:52.099606037 CET4384413566192.168.2.2383.222.177.122
                                            Jan 14, 2025 16:51:52.102699995 CET4384413566192.168.2.2383.222.177.122
                                            Jan 14, 2025 16:51:52.107568026 CET135664384483.222.177.122192.168.2.23
                                            Jan 14, 2025 16:51:52.107610941 CET4384413566192.168.2.2383.222.177.122
                                            Jan 14, 2025 16:51:52.110146046 CET5775413566192.168.2.2383.222.162.109
                                            Jan 14, 2025 16:51:52.114995003 CET135665775483.222.162.109192.168.2.23
                                            Jan 14, 2025 16:51:52.115091085 CET5775413566192.168.2.2383.222.162.109
                                            Jan 14, 2025 16:51:52.118525028 CET5775413566192.168.2.2383.222.162.109
                                            Jan 14, 2025 16:51:52.122812033 CET4947013566192.168.2.2383.222.162.204
                                            Jan 14, 2025 16:51:52.123325109 CET135665775483.222.162.109192.168.2.23
                                            Jan 14, 2025 16:51:52.126661062 CET5775413566192.168.2.2383.222.162.109
                                            Jan 14, 2025 16:51:52.127643108 CET135664947083.222.162.204192.168.2.23
                                            Jan 14, 2025 16:51:52.127695084 CET4947013566192.168.2.2383.222.162.204
                                            Jan 14, 2025 16:51:52.140559912 CET4947013566192.168.2.2383.222.162.204
                                            Jan 14, 2025 16:51:52.147648096 CET5150613566192.168.2.2383.222.21.246
                                            Jan 14, 2025 16:51:52.147820950 CET135664947083.222.162.204192.168.2.23
                                            Jan 14, 2025 16:51:52.147872925 CET4947013566192.168.2.2383.222.162.204
                                            Jan 14, 2025 16:51:52.151499033 CET4769613566192.168.2.2383.222.66.70
                                            Jan 14, 2025 16:51:52.152518988 CET135665150683.222.21.246192.168.2.23
                                            Jan 14, 2025 16:51:52.152570009 CET5150613566192.168.2.2383.222.21.246
                                            Jan 14, 2025 16:51:52.156287909 CET135664769683.222.66.70192.168.2.23
                                            Jan 14, 2025 16:51:52.156338930 CET4769613566192.168.2.2383.222.66.70
                                            Jan 14, 2025 16:51:52.171716928 CET4769613566192.168.2.2383.222.66.70
                                            Jan 14, 2025 16:51:52.177752018 CET4863213566192.168.2.2383.222.235.240
                                            Jan 14, 2025 16:51:52.179563046 CET135664769683.222.66.70192.168.2.23
                                            Jan 14, 2025 16:51:52.179616928 CET4769613566192.168.2.2383.222.66.70
                                            Jan 14, 2025 16:51:52.182512999 CET135664863283.222.235.240192.168.2.23
                                            Jan 14, 2025 16:51:52.182581902 CET4863213566192.168.2.2383.222.235.240
                                            Jan 14, 2025 16:51:52.218842983 CET4863213566192.168.2.2383.222.235.240
                                            Jan 14, 2025 16:51:52.223718882 CET135664863283.222.235.240192.168.2.23
                                            Jan 14, 2025 16:51:52.223793030 CET4863213566192.168.2.2383.222.235.240
                                            Jan 14, 2025 16:51:52.233282089 CET5469213566192.168.2.2383.222.71.111
                                            Jan 14, 2025 16:51:52.237226963 CET3749413566192.168.2.2383.222.95.208
                                            Jan 14, 2025 16:51:52.238122940 CET135665469283.222.71.111192.168.2.23
                                            Jan 14, 2025 16:51:52.238176107 CET5469213566192.168.2.2383.222.71.111
                                            Jan 14, 2025 16:51:52.241533041 CET4210013566192.168.2.2383.222.197.220
                                            Jan 14, 2025 16:51:52.242012024 CET135663749483.222.95.208192.168.2.23
                                            Jan 14, 2025 16:51:52.242055893 CET3749413566192.168.2.2383.222.95.208
                                            Jan 14, 2025 16:51:52.245074034 CET4257013566192.168.2.2383.222.254.24
                                            Jan 14, 2025 16:51:52.246397018 CET135664210083.222.197.220192.168.2.23
                                            Jan 14, 2025 16:51:52.246469975 CET4210013566192.168.2.2383.222.197.220
                                            Jan 14, 2025 16:51:52.249969959 CET135664257083.222.254.24192.168.2.23
                                            Jan 14, 2025 16:51:52.250037909 CET4257013566192.168.2.2383.222.254.24
                                            Jan 14, 2025 16:51:52.251480103 CET3722413566192.168.2.2383.222.237.104
                                            Jan 14, 2025 16:51:52.256308079 CET135663722483.222.237.104192.168.2.23
                                            Jan 14, 2025 16:51:52.256366968 CET3722413566192.168.2.2383.222.237.104
                                            Jan 14, 2025 16:51:52.257217884 CET3722413566192.168.2.2383.222.237.104
                                            Jan 14, 2025 16:51:52.260520935 CET5819613566192.168.2.2383.222.100.0
                                            Jan 14, 2025 16:51:52.262044907 CET135663722483.222.237.104192.168.2.23
                                            Jan 14, 2025 16:51:52.262079000 CET3722413566192.168.2.2383.222.237.104
                                            Jan 14, 2025 16:51:52.264736891 CET5459413566192.168.2.2383.222.198.213
                                            Jan 14, 2025 16:51:52.265304089 CET135665819683.222.100.0192.168.2.23
                                            Jan 14, 2025 16:51:52.265352011 CET5819613566192.168.2.2383.222.100.0
                                            Jan 14, 2025 16:51:52.267570019 CET3735013566192.168.2.2383.222.68.11
                                            Jan 14, 2025 16:51:52.269573927 CET135665459483.222.198.213192.168.2.23
                                            Jan 14, 2025 16:51:52.269650936 CET5459413566192.168.2.2383.222.198.213
                                            Jan 14, 2025 16:51:52.270447969 CET5611013566192.168.2.2383.222.47.15
                                            Jan 14, 2025 16:51:52.272358894 CET135663735083.222.68.11192.168.2.23
                                            Jan 14, 2025 16:51:52.272413015 CET3735013566192.168.2.2383.222.68.11
                                            Jan 14, 2025 16:51:52.274667978 CET5951213566192.168.2.2383.222.252.225
                                            Jan 14, 2025 16:51:52.275373936 CET135665611083.222.47.15192.168.2.23
                                            Jan 14, 2025 16:51:52.275485039 CET5611013566192.168.2.2383.222.47.15
                                            Jan 14, 2025 16:51:52.277292013 CET3680213566192.168.2.2383.222.138.158
                                            Jan 14, 2025 16:51:52.279532909 CET135665951283.222.252.225192.168.2.23
                                            Jan 14, 2025 16:51:52.279587984 CET5951213566192.168.2.2383.222.252.225
                                            Jan 14, 2025 16:51:52.280343056 CET3655413566192.168.2.2383.222.78.44
                                            Jan 14, 2025 16:51:52.282120943 CET135663680283.222.138.158192.168.2.23
                                            Jan 14, 2025 16:51:52.282356024 CET3680213566192.168.2.2383.222.138.158
                                            Jan 14, 2025 16:51:52.285182953 CET135663655483.222.78.44192.168.2.23
                                            Jan 14, 2025 16:51:52.285223007 CET4468213566192.168.2.2383.222.106.99
                                            Jan 14, 2025 16:51:52.285248041 CET3655413566192.168.2.2383.222.78.44
                                            Jan 14, 2025 16:51:52.290018082 CET135664468283.222.106.99192.168.2.23
                                            Jan 14, 2025 16:51:52.290083885 CET4468213566192.168.2.2383.222.106.99
                                            Jan 14, 2025 16:51:52.290108919 CET4468213566192.168.2.2383.222.106.99
                                            Jan 14, 2025 16:51:52.292593002 CET3586013566192.168.2.2383.222.35.173
                                            Jan 14, 2025 16:51:52.295284986 CET135664468283.222.106.99192.168.2.23
                                            Jan 14, 2025 16:51:52.295362949 CET4468213566192.168.2.2383.222.106.99
                                            Jan 14, 2025 16:51:52.297202110 CET5888413566192.168.2.2383.222.169.14
                                            Jan 14, 2025 16:51:52.297430038 CET135663586083.222.35.173192.168.2.23
                                            Jan 14, 2025 16:51:52.297488928 CET3586013566192.168.2.2383.222.35.173
                                            Jan 14, 2025 16:51:52.301106930 CET3399213566192.168.2.2383.222.157.240
                                            Jan 14, 2025 16:51:52.301994085 CET135665888483.222.169.14192.168.2.23
                                            Jan 14, 2025 16:51:52.302050114 CET5888413566192.168.2.2383.222.169.14
                                            Jan 14, 2025 16:51:52.306121111 CET4927813566192.168.2.2383.222.125.253
                                            Jan 14, 2025 16:51:52.307177067 CET135663399283.222.157.240192.168.2.23
                                            Jan 14, 2025 16:51:52.307239056 CET3399213566192.168.2.2383.222.157.240
                                            Jan 14, 2025 16:51:52.310578108 CET4832213566192.168.2.2383.222.193.67
                                            Jan 14, 2025 16:51:52.313312054 CET135664927883.222.125.253192.168.2.23
                                            Jan 14, 2025 16:51:52.313390970 CET4927813566192.168.2.2383.222.125.253
                                            Jan 14, 2025 16:51:52.313885927 CET4810413566192.168.2.2383.222.217.191
                                            Jan 14, 2025 16:51:52.316658020 CET135664832283.222.193.67192.168.2.23
                                            Jan 14, 2025 16:51:52.316719055 CET4832213566192.168.2.2383.222.193.67
                                            Jan 14, 2025 16:51:52.317133904 CET5368613566192.168.2.2383.222.91.199
                                            Jan 14, 2025 16:51:52.319725037 CET3719813566192.168.2.2383.222.39.191
                                            Jan 14, 2025 16:51:52.319824934 CET135664810483.222.217.191192.168.2.23
                                            Jan 14, 2025 16:51:52.319871902 CET4810413566192.168.2.2383.222.217.191
                                            Jan 14, 2025 16:51:52.322386026 CET5396413566192.168.2.2383.222.199.237
                                            Jan 14, 2025 16:51:52.323082924 CET135665368683.222.91.199192.168.2.23
                                            Jan 14, 2025 16:51:52.323144913 CET5368613566192.168.2.2383.222.91.199
                                            Jan 14, 2025 16:51:52.325387955 CET6074613566192.168.2.2383.222.148.11
                                            Jan 14, 2025 16:51:52.325723886 CET135663719883.222.39.191192.168.2.23
                                            Jan 14, 2025 16:51:52.325772047 CET3719813566192.168.2.2383.222.39.191
                                            Jan 14, 2025 16:51:52.328433037 CET135665396483.222.199.237192.168.2.23
                                            Jan 14, 2025 16:51:52.328471899 CET5396413566192.168.2.2383.222.199.237
                                            Jan 14, 2025 16:51:52.328505039 CET3347013566192.168.2.2383.222.248.195
                                            Jan 14, 2025 16:51:52.330883980 CET5857413566192.168.2.2383.222.27.245
                                            Jan 14, 2025 16:51:52.331286907 CET135666074683.222.148.11192.168.2.23
                                            Jan 14, 2025 16:51:52.331334114 CET6074613566192.168.2.2383.222.148.11
                                            Jan 14, 2025 16:51:52.333743095 CET5975013566192.168.2.2383.222.164.165
                                            Jan 14, 2025 16:51:52.334450960 CET135663347083.222.248.195192.168.2.23
                                            Jan 14, 2025 16:51:52.334501982 CET3347013566192.168.2.2383.222.248.195
                                            Jan 14, 2025 16:51:52.336869001 CET3470613566192.168.2.2383.222.147.243
                                            Jan 14, 2025 16:51:52.337255955 CET135665857483.222.27.245192.168.2.23
                                            Jan 14, 2025 16:51:52.337413073 CET5857413566192.168.2.2383.222.27.245
                                            Jan 14, 2025 16:51:52.338987112 CET3992613566192.168.2.2383.222.209.254
                                            Jan 14, 2025 16:51:52.339790106 CET135665975083.222.164.165192.168.2.23
                                            Jan 14, 2025 16:51:52.339829922 CET5975013566192.168.2.2383.222.164.165
                                            Jan 14, 2025 16:51:52.341495037 CET3483413566192.168.2.2383.222.86.244
                                            Jan 14, 2025 16:51:52.342869043 CET135663470683.222.147.243192.168.2.23
                                            Jan 14, 2025 16:51:52.342911959 CET3470613566192.168.2.2383.222.147.243
                                            Jan 14, 2025 16:51:52.345119953 CET135663992683.222.209.254192.168.2.23
                                            Jan 14, 2025 16:51:52.345174074 CET3992613566192.168.2.2383.222.209.254
                                            Jan 14, 2025 16:51:52.346338987 CET135663483483.222.86.244192.168.2.23
                                            Jan 14, 2025 16:51:52.346370935 CET3483413566192.168.2.2383.222.86.244
                                            Jan 14, 2025 16:51:52.356741905 CET4273613566192.168.2.2383.222.191.90
                                            Jan 14, 2025 16:51:52.361612082 CET135664273683.222.191.90192.168.2.23
                                            Jan 14, 2025 16:51:52.361660004 CET4273613566192.168.2.2383.222.191.90
                                            Jan 14, 2025 16:51:52.363466978 CET4273613566192.168.2.2383.222.191.90
                                            Jan 14, 2025 16:51:52.369594097 CET135664273683.222.191.90192.168.2.23
                                            Jan 14, 2025 16:51:52.369637966 CET4273613566192.168.2.2383.222.191.90
                                            Jan 14, 2025 16:51:52.375792980 CET135664273683.222.191.90192.168.2.23
                                            Jan 14, 2025 16:51:55.358725071 CET42836443192.168.2.2391.189.91.43
                                            Jan 14, 2025 16:51:56.382589102 CET4251680192.168.2.23109.202.202.202
                                            Jan 14, 2025 16:52:02.369895935 CET4273613566192.168.2.2383.222.191.90
                                            Jan 14, 2025 16:52:02.374720097 CET135664273683.222.191.90192.168.2.23
                                            Jan 14, 2025 16:52:02.577250004 CET135664273683.222.191.90192.168.2.23
                                            Jan 14, 2025 16:52:02.577378035 CET4273613566192.168.2.2383.222.191.90
                                            Jan 14, 2025 16:52:02.957299948 CET135664273683.222.191.90192.168.2.23
                                            Jan 14, 2025 16:52:02.957416058 CET4273613566192.168.2.2383.222.191.90
                                            Jan 14, 2025 16:52:10.204766035 CET43928443192.168.2.2391.189.91.42
                                            Jan 14, 2025 16:52:22.490991116 CET42836443192.168.2.2391.189.91.43
                                            Jan 14, 2025 16:52:26.586585999 CET4251680192.168.2.23109.202.202.202
                                            Jan 14, 2025 16:52:51.159110069 CET43928443192.168.2.2391.189.91.42
                                            Jan 14, 2025 16:53:03.003540993 CET4273613566192.168.2.2383.222.191.90
                                            Jan 14, 2025 16:53:03.010493040 CET135664273683.222.191.90192.168.2.23
                                            Jan 14, 2025 16:53:03.217102051 CET135664273683.222.191.90192.168.2.23
                                            Jan 14, 2025 16:53:03.217223883 CET4273613566192.168.2.2383.222.191.90
                                            Jan 14, 2025 16:53:03.958060026 CET135664273683.222.191.90192.168.2.23
                                            Jan 14, 2025 16:53:03.958157063 CET4273613566192.168.2.2383.222.191.90
                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 14, 2025 16:51:52.345551968 CET5352753192.168.2.238.8.8.8
                                            Jan 14, 2025 16:51:52.355050087 CET53535278.8.8.8192.168.2.23
                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Jan 14, 2025 16:51:52.345551968 CET192.168.2.238.8.8.80xb5b5Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Jan 14, 2025 16:51:52.355050087 CET8.8.8.8192.168.2.230xb5b5No error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

                                            System Behavior

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/tmp/Kloki.arm7.elf
                                            Arguments:/tmp/Kloki.arm7.elf
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/tmp/Kloki.arm7.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/tmp/Kloki.arm7.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/tmp/Kloki.arm7.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/usr/libexec/gnome-session-binary
                                            Arguments:-
                                            File size:334664 bytes
                                            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/bin/sh
                                            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/usr/libexec/gnome-session-binary
                                            Arguments:-
                                            File size:334664 bytes
                                            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/bin/sh
                                            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Start time (UTC):15:51:51
                                            Start date (UTC):14/01/2025
                                            Path:/usr/libexec/gsd-sharing
                                            Arguments:/usr/libexec/gsd-sharing
                                            File size:35424 bytes
                                            MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/usr/libexec/gnome-session-binary
                                            Arguments:-
                                            File size:334664 bytes
                                            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                            Start time (UTC):15:51:50
                                            Start date (UTC):14/01/2025
                                            Path:/bin/sh
                                            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Start time (UTC):15:51:51
                                            Start date (UTC):14/01/2025
                                            Path:/usr/libexec/gnome-session-binary
                                            Arguments:-
                                            File size:334664 bytes
                                            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                            Start time (UTC):15:51:51
                                            Start date (UTC):14/01/2025
                                            Path:/bin/sh
                                            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Start time (UTC):15:51:51
                                            Start date (UTC):14/01/2025
                                            Path:/usr/sbin/gdm3
                                            Arguments:-
                                            File size:453296 bytes
                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                            Start time (UTC):15:51:51
                                            Start date (UTC):14/01/2025
                                            Path:/etc/gdm3/PrimeOff/Default
                                            Arguments:/etc/gdm3/PrimeOff/Default
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Start time (UTC):15:51:51
                                            Start date (UTC):14/01/2025
                                            Path:/usr/sbin/gdm3
                                            Arguments:-
                                            File size:453296 bytes
                                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                            Start time (UTC):15:51:51
                                            Start date (UTC):14/01/2025
                                            Path:/etc/gdm3/PrimeOff/Default
                                            Arguments:/etc/gdm3/PrimeOff/Default
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c