Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Kloki.m68k.elf

Overview

General Information

Sample name:Kloki.m68k.elf
Analysis ID:1591042
MD5:944b6d159ab3e092bd836ab50ace5726
SHA1:14c0788721e4ab73da1eff990a53d5110379af60
SHA256:58e3cfde1874c8b530ff43057d1eeb2e5daa7aa25b75682c6e09bf3b5921b27c
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1591042
Start date and time:2025-01-14 17:13:36 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 38s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.m68k.elf
Detection:MAL
Classification:mal52.spre.linELF@0/0@1/0

Runtime Messages

Command:/tmp/Kloki.m68k.elf
PID:5432
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh (PID: 5440, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • sh (PID: 5463, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 5463, Parent: 1, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • sh (PID: 5464, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 5464, Parent: 1, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • gdm3 New Fork (PID: 5465, Parent: 1400)
  • Default (PID: 5465, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5467, Parent: 1400)
  • Default (PID: 5467, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5478, Parent: 1)
  • systemd-user-runtime-dir (PID: 5478, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-14T17:14:21.553369+010025000342Misc Attack83.222.191.9013566192.168.2.1342768TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Kloki.m68k.elfVirustotal: Detection: 19%Perma Link
Source: Kloki.m68k.elfReversingLabs: Detection: 26%
Source: Kloki.m68k.elfString: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillallechowgetcurlpsbusyboxiptablesrebootinitinit 6catgrepbash
Source: global trafficTCP traffic: 192.168.2.13:60708 -> 83.222.131.245:13566
Source: global trafficTCP traffic: 192.168.2.13:57786 -> 83.222.106.96:13566
Source: global trafficTCP traffic: 192.168.2.13:39572 -> 83.222.77.184:13566
Source: global trafficTCP traffic: 192.168.2.13:36224 -> 83.222.138.149:13566
Source: global trafficTCP traffic: 192.168.2.13:43684 -> 83.222.108.38:13566
Source: global trafficTCP traffic: 192.168.2.13:49270 -> 83.222.121.112:13566
Source: global trafficTCP traffic: 192.168.2.13:34496 -> 83.222.130.253:13566
Source: global trafficTCP traffic: 192.168.2.13:34940 -> 83.222.225.141:13566
Source: global trafficTCP traffic: 192.168.2.13:50490 -> 83.222.101.63:13566
Source: global trafficTCP traffic: 192.168.2.13:40992 -> 83.222.124.101:13566
Source: global trafficTCP traffic: 192.168.2.13:56112 -> 83.222.166.87:13566
Source: global trafficTCP traffic: 192.168.2.13:36092 -> 83.222.117.41:13566
Source: global trafficTCP traffic: 192.168.2.13:45944 -> 83.222.17.70:13566
Source: global trafficTCP traffic: 192.168.2.13:54352 -> 83.222.69.49:13566
Source: global trafficTCP traffic: 192.168.2.13:52442 -> 83.222.195.2:13566
Source: global trafficTCP traffic: 192.168.2.13:42470 -> 83.222.116.70:13566
Source: global trafficTCP traffic: 192.168.2.13:49228 -> 83.222.247.222:13566
Source: global trafficTCP traffic: 192.168.2.13:41168 -> 83.222.167.69:13566
Source: global trafficTCP traffic: 192.168.2.13:57492 -> 83.222.150.49:13566
Source: global trafficTCP traffic: 192.168.2.13:46972 -> 83.222.218.3:13566
Source: global trafficTCP traffic: 192.168.2.13:58796 -> 83.222.87.84:13566
Source: global trafficTCP traffic: 192.168.2.13:34746 -> 83.222.115.218:13566
Source: global trafficTCP traffic: 192.168.2.13:35098 -> 83.222.81.84:13566
Source: global trafficTCP traffic: 192.168.2.13:57754 -> 83.222.103.182:13566
Source: global trafficTCP traffic: 192.168.2.13:38670 -> 83.222.147.227:13566
Source: global trafficTCP traffic: 192.168.2.13:42936 -> 83.222.27.57:13566
Source: global trafficTCP traffic: 192.168.2.13:40920 -> 83.222.58.145:13566
Source: global trafficTCP traffic: 192.168.2.13:50586 -> 83.222.98.76:13566
Source: global trafficTCP traffic: 192.168.2.13:54270 -> 83.222.215.167:13566
Source: global trafficTCP traffic: 192.168.2.13:37480 -> 83.222.125.154:13566
Source: global trafficTCP traffic: 192.168.2.13:33484 -> 83.222.170.242:13566
Source: global trafficTCP traffic: 192.168.2.13:60448 -> 83.222.224.161:13566
Source: global trafficTCP traffic: 192.168.2.13:37976 -> 83.222.208.135:13566
Source: global trafficTCP traffic: 192.168.2.13:39788 -> 83.222.230.103:13566
Source: global trafficTCP traffic: 192.168.2.13:57898 -> 83.222.185.193:13566
Source: global trafficTCP traffic: 192.168.2.13:33592 -> 83.222.106.16:13566
Source: global trafficTCP traffic: 192.168.2.13:51412 -> 83.222.21.221:13566
Source: global trafficTCP traffic: 192.168.2.13:37584 -> 83.222.234.102:13566
Source: global trafficTCP traffic: 192.168.2.13:45116 -> 83.222.49.81:13566
Source: global trafficTCP traffic: 192.168.2.13:42754 -> 83.222.28.197:13566
Source: global trafficTCP traffic: 192.168.2.13:43066 -> 83.222.53.56:13566
Source: global trafficTCP traffic: 192.168.2.13:43492 -> 83.222.254.111:13566
Source: global trafficTCP traffic: 192.168.2.13:56220 -> 83.222.201.97:13566
Source: global trafficTCP traffic: 192.168.2.13:58076 -> 83.222.187.160:13566
Source: global trafficTCP traffic: 192.168.2.13:40820 -> 83.222.8.57:13566
Source: global trafficTCP traffic: 192.168.2.13:50030 -> 83.222.58.178:13566
Source: global trafficTCP traffic: 192.168.2.13:33526 -> 83.222.43.26:13566
Source: global trafficTCP traffic: 192.168.2.13:38122 -> 83.222.84.251:13566
Source: global trafficTCP traffic: 192.168.2.13:44370 -> 83.222.162.58:13566
Source: global trafficTCP traffic: 192.168.2.13:45108 -> 83.222.98.91:13566
Source: global trafficTCP traffic: 192.168.2.13:59070 -> 83.222.251.204:13566
Source: global trafficTCP traffic: 192.168.2.13:52998 -> 83.222.107.16:13566
Source: global trafficTCP traffic: 192.168.2.13:53192 -> 83.222.169.86:13566
Source: global trafficTCP traffic: 192.168.2.13:39304 -> 83.222.118.219:13566
Source: global trafficTCP traffic: 192.168.2.13:42768 -> 83.222.191.90:13566
Source: /tmp/Kloki.m68k.elf (PID: 5432)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.13:42768
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.106.96
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.106.96
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.106.96
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.77.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.106.96
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.138.149
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.108.38
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.77.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.138.149
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.108.38
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.121.112
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.130.253
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.121.112
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.130.253
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.225.141
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.225.141
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.225.141
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.101.63
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.124.101
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.225.141
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.166.87
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.101.63
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.117.41
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.124.101
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.166.87
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.17.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.117.41
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.49
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.17.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.195.2
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.49
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.195.2
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.116.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.247.222
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.116.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.247.222
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.167.69
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.150.49
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.167.69
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.150.49
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.150.49
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.218.3
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.150.49
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.87.84
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.218.3
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.115.218
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru

System Summary

barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 3442, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5414, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5440, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5461, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillallechowgetcurlpsbusyboxiptablesrebootinitinit 6catgrepbash
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 3442, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5414, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5440, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5461, result: successfulJump to behavior
Source: classification engineClassification label: mal52.spre.linELF@0/0@1/0
Source: /tmp/Kloki.m68k.elf (PID: 5432)Queries kernel information via 'uname': Jump to behavior
Source: Kloki.m68k.elf, 5432.1.00007ffdeb420000.00007ffdeb441000.rw-.sdmp, Kloki.m68k.elf, 5436.1.00007ffdeb420000.00007ffdeb441000.rw-.sdmpBinary or memory string: ~x86_64/usr/bin/qemu-m68k/tmp/Kloki.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.m68k.elf
Source: Kloki.m68k.elf, 5432.1.000055e4ee09e000.000055e4ee144000.rw-.sdmp, Kloki.m68k.elf, 5436.1.000055e4ee09e000.000055e4ee144000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/m68k
Source: Kloki.m68k.elf, 5432.1.00007ffdeb420000.00007ffdeb441000.rw-.sdmp, Kloki.m68k.elf, 5436.1.00007ffdeb420000.00007ffdeb441000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
Source: Kloki.m68k.elf, 5432.1.000055e4ee09e000.000055e4ee144000.rw-.sdmp, Kloki.m68k.elf, 5436.1.000055e4ee09e000.000055e4ee144000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591042 Sample: Kloki.m68k.elf Startdate: 14/01/2025 Architecture: LINUX Score: 52 23 83.222.162.58, 13566, 44370 WAVENETLB Bulgaria 2->23 25 83.222.124.101, 13566, 40992 TRI-ASTrueRecordsIncES Russian Federation 2->25 27 53 other IPs or domains 2->27 31 Multi AV Scanner detection for submitted file 2->31 8 Kloki.m68k.elf 2->8         started        10 gnome-session-binary sh gsd-print-notifications 2->10         started        12 gnome-session-binary sh gsd-rfkill 2->12         started        14 5 other processes 2->14 signatures3 process4 process5 16 Kloki.m68k.elf 8->16         started        process6 18 Kloki.m68k.elf 16->18         started        21 Kloki.m68k.elf 16->21         started        signatures7 29 Sample tries to kill multiple processes (SIGKILL) 18->29

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kloki.m68k.elf19%VirustotalBrowse
Kloki.m68k.elf26%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    83.222.115.218
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.77.184
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.101.63
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.43.26
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.58.178
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.87.84
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.28.197
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.170.242
    		unknownBulgaria
    		49040KIG-UNISAT-TVBGfalse
    83.222.117.41
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.116.70
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.84.251
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.185.193
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.187.160
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.125.154
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.169.86
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.150.49
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.58.145
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.167.69
    		unknownBulgaria
    		49040KIG-UNISAT-TVBGfalse
    83.222.225.141
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.53.56
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.118.219
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.162.58
    		unknownBulgaria
    		31037WAVENETLBfalse
    83.222.98.91
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.251.204
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.49.81
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.107.16
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.103.182
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.254.111
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.230.103
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.147.227
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.106.16
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.201.97
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.138.149
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.17.70
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.106.96
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.166.87
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.195.2
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.108.38
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.208.135
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.215.167
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.224.161
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.21.221
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.69.49
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.131.245
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.191.90
    		secure-network-rebirthltd.ruBulgaria
    		43561NET1-ASBGfalse
    83.222.121.112
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.218.3
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.130.253
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.98.76
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.247.222
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.81.84
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.27.57
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.234.102
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.8.57
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.124.101
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    83.222.58.145Kloki.x86.elfGet hashmaliciousUnknownBrowse

      Domains

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      secure-network-rebirthltd.ruKloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.x86.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.spc.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      MNOGOBYTE-ASMoscowRussiaRUKloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.97.189
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.115.53
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.120.121
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.107.74
      Kloki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.111.94
      Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
      • 83.222.116.93
      Kloki.x86.elfGet hashmaliciousUnknownBrowse
      • 83.222.101.212
      Kloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.110.86
      Kloki.spc.elfGet hashmaliciousUnknownBrowse
      • 83.222.112.137
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.121.44
      LOL-ASluLUKloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.42.25
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.52.191
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.57.125
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.49.221
      Kloki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.46.246
      Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
      • 83.222.47.140
      Kloki.x86.elfGet hashmaliciousUnknownBrowse
      • 83.222.41.18
      Kloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.38.250
      Kloki.spc.elfGet hashmaliciousUnknownBrowse
      • 83.222.39.173
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.34.98
      MNOGOBYTE-ASMoscowRussiaRUKloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.97.189
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.115.53
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.120.121
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.107.74
      Kloki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.111.94
      Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
      • 83.222.116.93
      Kloki.x86.elfGet hashmaliciousUnknownBrowse
      • 83.222.101.212
      Kloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.110.86
      Kloki.spc.elfGet hashmaliciousUnknownBrowse
      • 83.222.112.137
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.121.44
      ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUKloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.93.115
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.78.154
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.82.17
      Kloki.arm7.elfGet hashmaliciousUnknownBrowse
      • 83.222.70.81
      Kloki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.83.69
      Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
      • 83.222.87.13
      Kloki.x86.elfGet hashmaliciousUnknownBrowse
      • 83.222.68.210
      Kloki.arm4.elfGet hashmaliciousUnknownBrowse
      • 83.222.73.212
      Kloki.spc.elfGet hashmaliciousUnknownBrowse
      • 83.222.89.90
      Kloki.arm5.elfGet hashmaliciousUnknownBrowse
      • 83.222.64.159

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
      Entropy (8bit):5.706702809147777
      TrID:
      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
      File name:Kloki.m68k.elf
      File size:153'984 bytes
      MD5:944b6d159ab3e092bd836ab50ace5726
      SHA1:14c0788721e4ab73da1eff990a53d5110379af60
      SHA256:58e3cfde1874c8b530ff43057d1eeb2e5daa7aa25b75682c6e09bf3b5921b27c
      SHA512:4045db565e294feb77f4bc29e2df85fee9c8d425be526d3ded91d7d20bd7110d1b0787bd4641c614817229e7b585742b3cba5c06add40597c0ccba07e03b6994
      SSDEEP:3072:6SyFEZIXJ5aWVoTcVUmsOMMNFSkXtkEEVCjbiYL13cRAyOpF1f:jLIZsO/NI6tkEzL5yOf1f
      TLSH:EDE32ACBF800DEBDF80AE73B48130805B130BBA155925E376257797FED3A1990967E86
      File Content Preview:.ELF.......................D...4..W......4. ...(.......................$...$...... ........(../(../(..H........... .dt.Q............................NV..a....da.....N^NuNV..J9..w.f>"y../D QJ.g.X.#.../DN."y../D QJ.f.A.....J.g.Hy...$N.X.......w.N^NuNV..N^NuN

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, big endian
      Version:1 (current)
      Machine:MC68000
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - System V
      ABI Version:0
      Entry Point Address:0x80000144
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:153584
      Section Header Size:40
      Number of Section Headers:10
      Header String Table Index:9

      Sections

      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
      NULL0x00x00x00x00x0000
      .initPROGBITS0x800000940x940x140x00x6AX002
      .textPROGBITS0x800000a80xa80x1f2e20x00x6AX004
      .finiPROGBITS0x8001f38a0x1f38a0xe0x00x6AX002
      .rodataPROGBITS0x8001f3980x1f3980x1b8c0x00x2A002
      .ctorsPROGBITS0x80022f280x20f280xc0x00x3WA004
      .dtorsPROGBITS0x80022f340x20f340x80x00x3WA004
      .dataPROGBITS0x80022f400x20f400x48700x00x3WA0032
      .bssNOBITS0x800277b00x257b00x55280x00x3WA004
      .shstrtabSTRTAB0x00x257b00x3e0x00x0001

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x800000000x800000000x20f240x20f246.13270x5R E0x2000.init .text .fini .rodata
      LOAD0x20f280x80022f280x80022f280x48880x9db00.35870x6RW 0x2000.ctors .dtors .data .bss
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

      Network Behavior

      Suricata IDS Alerts

      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
      2025-01-14T17:14:21.553369+01002500034ET COMPROMISED Known Compromised or Hostile Host Traffic group 18283.222.191.9013566192.168.2.1342768TCP

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 14, 2025 17:14:21.216056108 CET6070813566192.168.2.1383.222.131.245
      Jan 14, 2025 17:14:21.220916033 CET135666070883.222.131.245192.168.2.13
      Jan 14, 2025 17:14:21.221139908 CET6070813566192.168.2.1383.222.131.245
      Jan 14, 2025 17:14:21.255336046 CET6070813566192.168.2.1383.222.131.245
      Jan 14, 2025 17:14:21.256104946 CET5778613566192.168.2.1383.222.106.96
      Jan 14, 2025 17:14:21.260445118 CET135666070883.222.131.245192.168.2.13
      Jan 14, 2025 17:14:21.260765076 CET6070813566192.168.2.1383.222.131.245
      Jan 14, 2025 17:14:21.260926962 CET135665778683.222.106.96192.168.2.13
      Jan 14, 2025 17:14:21.261008978 CET5778613566192.168.2.1383.222.106.96
      Jan 14, 2025 17:14:21.278148890 CET5778613566192.168.2.1383.222.106.96
      Jan 14, 2025 17:14:21.282170057 CET3957213566192.168.2.1383.222.77.184
      Jan 14, 2025 17:14:21.283029079 CET135665778683.222.106.96192.168.2.13
      Jan 14, 2025 17:14:21.283143044 CET5778613566192.168.2.1383.222.106.96
      Jan 14, 2025 17:14:21.285475016 CET3622413566192.168.2.1383.222.138.149
      Jan 14, 2025 17:14:21.286842108 CET4368413566192.168.2.1383.222.108.38
      Jan 14, 2025 17:14:21.287275076 CET135663957283.222.77.184192.168.2.13
      Jan 14, 2025 17:14:21.287321091 CET3957213566192.168.2.1383.222.77.184
      Jan 14, 2025 17:14:21.290288925 CET135663622483.222.138.149192.168.2.13
      Jan 14, 2025 17:14:21.290348053 CET3622413566192.168.2.1383.222.138.149
      Jan 14, 2025 17:14:21.291645050 CET135664368483.222.108.38192.168.2.13
      Jan 14, 2025 17:14:21.291729927 CET4368413566192.168.2.1383.222.108.38
      Jan 14, 2025 17:14:21.302573919 CET4927013566192.168.2.1383.222.121.112
      Jan 14, 2025 17:14:21.307338953 CET3449613566192.168.2.1383.222.130.253
      Jan 14, 2025 17:14:21.307436943 CET135664927083.222.121.112192.168.2.13
      Jan 14, 2025 17:14:21.307518005 CET4927013566192.168.2.1383.222.121.112
      Jan 14, 2025 17:14:21.312236071 CET135663449683.222.130.253192.168.2.13
      Jan 14, 2025 17:14:21.312345982 CET3449613566192.168.2.1383.222.130.253
      Jan 14, 2025 17:14:21.316320896 CET3494013566192.168.2.1383.222.225.141
      Jan 14, 2025 17:14:21.321249962 CET135663494083.222.225.141192.168.2.13
      Jan 14, 2025 17:14:21.321336031 CET3494013566192.168.2.1383.222.225.141
      Jan 14, 2025 17:14:21.328363895 CET3494013566192.168.2.1383.222.225.141
      Jan 14, 2025 17:14:21.329562902 CET5049013566192.168.2.1383.222.101.63
      Jan 14, 2025 17:14:21.331772089 CET4099213566192.168.2.1383.222.124.101
      Jan 14, 2025 17:14:21.333491087 CET135663494083.222.225.141192.168.2.13
      Jan 14, 2025 17:14:21.333554983 CET3494013566192.168.2.1383.222.225.141
      Jan 14, 2025 17:14:21.334355116 CET135665049083.222.101.63192.168.2.13
      Jan 14, 2025 17:14:21.334377050 CET5611213566192.168.2.1383.222.166.87
      Jan 14, 2025 17:14:21.334440947 CET5049013566192.168.2.1383.222.101.63
      Jan 14, 2025 17:14:21.336642027 CET135664099283.222.124.101192.168.2.13
      Jan 14, 2025 17:14:21.336684942 CET3609213566192.168.2.1383.222.117.41
      Jan 14, 2025 17:14:21.336757898 CET4099213566192.168.2.1383.222.124.101
      Jan 14, 2025 17:14:21.339242935 CET135665611283.222.166.87192.168.2.13
      Jan 14, 2025 17:14:21.339330912 CET5611213566192.168.2.1383.222.166.87
      Jan 14, 2025 17:14:21.340042114 CET4594413566192.168.2.1383.222.17.70
      Jan 14, 2025 17:14:21.341835022 CET135663609283.222.117.41192.168.2.13
      Jan 14, 2025 17:14:21.341880083 CET3609213566192.168.2.1383.222.117.41
      Jan 14, 2025 17:14:21.342809916 CET5435213566192.168.2.1383.222.69.49
      Jan 14, 2025 17:14:21.344939947 CET135664594483.222.17.70192.168.2.13
      Jan 14, 2025 17:14:21.344984055 CET4594413566192.168.2.1383.222.17.70
      Jan 14, 2025 17:14:21.346540928 CET5244213566192.168.2.1383.222.195.2
      Jan 14, 2025 17:14:21.347594976 CET135665435283.222.69.49192.168.2.13
      Jan 14, 2025 17:14:21.347668886 CET5435213566192.168.2.1383.222.69.49
      Jan 14, 2025 17:14:21.351506948 CET135665244283.222.195.2192.168.2.13
      Jan 14, 2025 17:14:21.351603985 CET5244213566192.168.2.1383.222.195.2
      Jan 14, 2025 17:14:21.352982044 CET4247013566192.168.2.1383.222.116.70
      Jan 14, 2025 17:14:21.356462002 CET4922813566192.168.2.1383.222.247.222
      Jan 14, 2025 17:14:21.357875109 CET135664247083.222.116.70192.168.2.13
      Jan 14, 2025 17:14:21.358194113 CET4247013566192.168.2.1383.222.116.70
      Jan 14, 2025 17:14:21.361279964 CET135664922883.222.247.222192.168.2.13
      Jan 14, 2025 17:14:21.361553907 CET4922813566192.168.2.1383.222.247.222
      Jan 14, 2025 17:14:21.362431049 CET4116813566192.168.2.1383.222.167.69
      Jan 14, 2025 17:14:21.364742994 CET5749213566192.168.2.1383.222.150.49
      Jan 14, 2025 17:14:21.367284060 CET135664116883.222.167.69192.168.2.13
      Jan 14, 2025 17:14:21.367367983 CET4116813566192.168.2.1383.222.167.69
      Jan 14, 2025 17:14:21.369618893 CET135665749283.222.150.49192.168.2.13
      Jan 14, 2025 17:14:21.370449066 CET5749213566192.168.2.1383.222.150.49
      Jan 14, 2025 17:14:21.377367020 CET5749213566192.168.2.1383.222.150.49
      Jan 14, 2025 17:14:21.378215075 CET4697213566192.168.2.1383.222.218.3
      Jan 14, 2025 17:14:21.382214069 CET135665749283.222.150.49192.168.2.13
      Jan 14, 2025 17:14:21.382327080 CET5749213566192.168.2.1383.222.150.49
      Jan 14, 2025 17:14:21.382591963 CET5879613566192.168.2.1383.222.87.84
      Jan 14, 2025 17:14:21.382996082 CET135664697283.222.218.3192.168.2.13
      Jan 14, 2025 17:14:21.383068085 CET4697213566192.168.2.1383.222.218.3
      Jan 14, 2025 17:14:21.386974096 CET3474613566192.168.2.1383.222.115.218
      Jan 14, 2025 17:14:21.387531042 CET135665879683.222.87.84192.168.2.13
      Jan 14, 2025 17:14:21.387592077 CET5879613566192.168.2.1383.222.87.84
      Jan 14, 2025 17:14:21.391016006 CET3509813566192.168.2.1383.222.81.84
      Jan 14, 2025 17:14:21.391773939 CET135663474683.222.115.218192.168.2.13
      Jan 14, 2025 17:14:21.391836882 CET3474613566192.168.2.1383.222.115.218
      Jan 14, 2025 17:14:21.395833015 CET135663509883.222.81.84192.168.2.13
      Jan 14, 2025 17:14:21.396234989 CET3509813566192.168.2.1383.222.81.84
      Jan 14, 2025 17:14:21.416358948 CET3509813566192.168.2.1383.222.81.84
      Jan 14, 2025 17:14:21.421181917 CET135663509883.222.81.84192.168.2.13
      Jan 14, 2025 17:14:21.421224117 CET3509813566192.168.2.1383.222.81.84
      Jan 14, 2025 17:14:21.422893047 CET5775413566192.168.2.1383.222.103.182
      Jan 14, 2025 17:14:21.426759958 CET3867013566192.168.2.1383.222.147.227
      Jan 14, 2025 17:14:21.427738905 CET135665775483.222.103.182192.168.2.13
      Jan 14, 2025 17:14:21.427783012 CET5775413566192.168.2.1383.222.103.182
      Jan 14, 2025 17:14:21.430783033 CET4293613566192.168.2.1383.222.27.57
      Jan 14, 2025 17:14:21.431637049 CET135663867083.222.147.227192.168.2.13
      Jan 14, 2025 17:14:21.431674957 CET3867013566192.168.2.1383.222.147.227
      Jan 14, 2025 17:14:21.435601950 CET135664293683.222.27.57192.168.2.13
      Jan 14, 2025 17:14:21.435695887 CET4293613566192.168.2.1383.222.27.57
      Jan 14, 2025 17:14:21.435981989 CET4293613566192.168.2.1383.222.27.57
      Jan 14, 2025 17:14:21.437581062 CET4092013566192.168.2.1383.222.58.145
      Jan 14, 2025 17:14:21.440784931 CET135664293683.222.27.57192.168.2.13
      Jan 14, 2025 17:14:21.440829992 CET4293613566192.168.2.1383.222.27.57
      Jan 14, 2025 17:14:21.442126989 CET5058613566192.168.2.1383.222.98.76
      Jan 14, 2025 17:14:21.442336082 CET135664092083.222.58.145192.168.2.13
      Jan 14, 2025 17:14:21.443351030 CET4092013566192.168.2.1383.222.58.145
      Jan 14, 2025 17:14:21.444863081 CET5427013566192.168.2.1383.222.215.167
      Jan 14, 2025 17:14:21.446880102 CET135665058683.222.98.76192.168.2.13
      Jan 14, 2025 17:14:21.446916103 CET5058613566192.168.2.1383.222.98.76
      Jan 14, 2025 17:14:21.449642897 CET135665427083.222.215.167192.168.2.13
      Jan 14, 2025 17:14:21.449690104 CET5427013566192.168.2.1383.222.215.167
      Jan 14, 2025 17:14:21.451334953 CET3748013566192.168.2.1383.222.125.154
      Jan 14, 2025 17:14:21.451673985 CET3348413566192.168.2.1383.222.170.242
      Jan 14, 2025 17:14:21.456132889 CET135663748083.222.125.154192.168.2.13
      Jan 14, 2025 17:14:21.456238031 CET3748013566192.168.2.1383.222.125.154
      Jan 14, 2025 17:14:21.456482887 CET135663348483.222.170.242192.168.2.13
      Jan 14, 2025 17:14:21.456587076 CET6044813566192.168.2.1383.222.224.161
      Jan 14, 2025 17:14:21.456717014 CET3348413566192.168.2.1383.222.170.242
      Jan 14, 2025 17:14:21.459832907 CET3797613566192.168.2.1383.222.208.135
      Jan 14, 2025 17:14:21.461365938 CET135666044883.222.224.161192.168.2.13
      Jan 14, 2025 17:14:21.462815046 CET3978813566192.168.2.1383.222.230.103
      Jan 14, 2025 17:14:21.464366913 CET5789813566192.168.2.1383.222.185.193
      Jan 14, 2025 17:14:21.464464903 CET6044813566192.168.2.1383.222.224.161
      Jan 14, 2025 17:14:21.464616060 CET135663797683.222.208.135192.168.2.13
      Jan 14, 2025 17:14:21.464668036 CET3797613566192.168.2.1383.222.208.135
      Jan 14, 2025 17:14:21.466403008 CET3359213566192.168.2.1383.222.106.16
      Jan 14, 2025 17:14:21.467633009 CET135663978883.222.230.103192.168.2.13
      Jan 14, 2025 17:14:21.467689991 CET3978813566192.168.2.1383.222.230.103
      Jan 14, 2025 17:14:21.468022108 CET5141213566192.168.2.1383.222.21.221
      Jan 14, 2025 17:14:21.469175100 CET135665789883.222.185.193192.168.2.13
      Jan 14, 2025 17:14:21.469314098 CET5789813566192.168.2.1383.222.185.193
      Jan 14, 2025 17:14:21.470331907 CET3758413566192.168.2.1383.222.234.102
      Jan 14, 2025 17:14:21.471199036 CET135663359283.222.106.16192.168.2.13
      Jan 14, 2025 17:14:21.471259117 CET3359213566192.168.2.1383.222.106.16
      Jan 14, 2025 17:14:21.472167969 CET4511613566192.168.2.1383.222.49.81
      Jan 14, 2025 17:14:21.472783089 CET135665141283.222.21.221192.168.2.13
      Jan 14, 2025 17:14:21.472825050 CET5141213566192.168.2.1383.222.21.221
      Jan 14, 2025 17:14:21.474172115 CET4275413566192.168.2.1383.222.28.197
      Jan 14, 2025 17:14:21.475094080 CET135663758483.222.234.102192.168.2.13
      Jan 14, 2025 17:14:21.475167036 CET3758413566192.168.2.1383.222.234.102
      Jan 14, 2025 17:14:21.477402925 CET135664511683.222.49.81192.168.2.13
      Jan 14, 2025 17:14:21.477462053 CET4511613566192.168.2.1383.222.49.81
      Jan 14, 2025 17:14:21.477832079 CET4306613566192.168.2.1383.222.53.56
      Jan 14, 2025 17:14:21.479028940 CET135664275483.222.28.197192.168.2.13
      Jan 14, 2025 17:14:21.479208946 CET4275413566192.168.2.1383.222.28.197
      Jan 14, 2025 17:14:21.481826067 CET4349213566192.168.2.1383.222.254.111
      Jan 14, 2025 17:14:21.482635975 CET135664306683.222.53.56192.168.2.13
      Jan 14, 2025 17:14:21.482685089 CET4306613566192.168.2.1383.222.53.56
      Jan 14, 2025 17:14:21.484240055 CET5622013566192.168.2.1383.222.201.97
      Jan 14, 2025 17:14:21.486641884 CET5807613566192.168.2.1383.222.187.160
      Jan 14, 2025 17:14:21.486675978 CET135664349283.222.254.111192.168.2.13
      Jan 14, 2025 17:14:21.486716032 CET4349213566192.168.2.1383.222.254.111
      Jan 14, 2025 17:14:21.488563061 CET4082013566192.168.2.1383.222.8.57
      Jan 14, 2025 17:14:21.489021063 CET135665622083.222.201.97192.168.2.13
      Jan 14, 2025 17:14:21.489136934 CET5622013566192.168.2.1383.222.201.97
      Jan 14, 2025 17:14:21.491343975 CET5003013566192.168.2.1383.222.58.178
      Jan 14, 2025 17:14:21.491449118 CET135665807683.222.187.160192.168.2.13
      Jan 14, 2025 17:14:21.491513968 CET5807613566192.168.2.1383.222.187.160
      Jan 14, 2025 17:14:21.493411064 CET135664082083.222.8.57192.168.2.13
      Jan 14, 2025 17:14:21.493469954 CET4082013566192.168.2.1383.222.8.57
      Jan 14, 2025 17:14:21.493603945 CET3352613566192.168.2.1383.222.43.26
      Jan 14, 2025 17:14:21.496186972 CET135665003083.222.58.178192.168.2.13
      Jan 14, 2025 17:14:21.496321917 CET5003013566192.168.2.1383.222.58.178
      Jan 14, 2025 17:14:21.496520996 CET3812213566192.168.2.1383.222.84.251
      Jan 14, 2025 17:14:21.498378992 CET135663352683.222.43.26192.168.2.13
      Jan 14, 2025 17:14:21.498548985 CET3352613566192.168.2.1383.222.43.26
      Jan 14, 2025 17:14:21.498712063 CET4437013566192.168.2.1383.222.162.58
      Jan 14, 2025 17:14:21.501305103 CET135663812283.222.84.251192.168.2.13
      Jan 14, 2025 17:14:21.501368999 CET3812213566192.168.2.1383.222.84.251
      Jan 14, 2025 17:14:21.503550053 CET135664437083.222.162.58192.168.2.13
      Jan 14, 2025 17:14:21.503644943 CET4437013566192.168.2.1383.222.162.58
      Jan 14, 2025 17:14:21.516859055 CET4437013566192.168.2.1383.222.162.58
      Jan 14, 2025 17:14:21.518086910 CET4510813566192.168.2.1383.222.98.91
      Jan 14, 2025 17:14:21.520272970 CET5907013566192.168.2.1383.222.251.204
      Jan 14, 2025 17:14:21.522989988 CET135664510883.222.98.91192.168.2.13
      Jan 14, 2025 17:14:21.523062944 CET4510813566192.168.2.1383.222.98.91
      Jan 14, 2025 17:14:21.523590088 CET135664437083.222.162.58192.168.2.13
      Jan 14, 2025 17:14:21.525150061 CET135665907083.222.251.204192.168.2.13
      Jan 14, 2025 17:14:21.525194883 CET5907013566192.168.2.1383.222.251.204
      Jan 14, 2025 17:14:21.525598049 CET5299813566192.168.2.1383.222.107.16
      Jan 14, 2025 17:14:21.527821064 CET5319213566192.168.2.1383.222.169.86
      Jan 14, 2025 17:14:21.530415058 CET135665299883.222.107.16192.168.2.13
      Jan 14, 2025 17:14:21.530539036 CET5299813566192.168.2.1383.222.107.16
      Jan 14, 2025 17:14:21.531119108 CET3930413566192.168.2.1383.222.118.219
      Jan 14, 2025 17:14:21.532624960 CET135665319283.222.169.86192.168.2.13
      Jan 14, 2025 17:14:21.532712936 CET5319213566192.168.2.1383.222.169.86
      Jan 14, 2025 17:14:21.535924911 CET135663930483.222.118.219192.168.2.13
      Jan 14, 2025 17:14:21.535969973 CET3930413566192.168.2.1383.222.118.219
      Jan 14, 2025 17:14:21.538367987 CET135664437083.222.162.58192.168.2.13
      Jan 14, 2025 17:14:21.538466930 CET4437013566192.168.2.1383.222.162.58
      Jan 14, 2025 17:14:21.548456907 CET4276813566192.168.2.1383.222.191.90
      Jan 14, 2025 17:14:21.553369045 CET135664276883.222.191.90192.168.2.13
      Jan 14, 2025 17:14:21.553442955 CET4276813566192.168.2.1383.222.191.90
      Jan 14, 2025 17:14:21.556207895 CET4276813566192.168.2.1383.222.191.90
      Jan 14, 2025 17:14:21.561037064 CET135664276883.222.191.90192.168.2.13
      Jan 14, 2025 17:14:21.561130047 CET4276813566192.168.2.1383.222.191.90
      Jan 14, 2025 17:14:21.565994024 CET135664276883.222.191.90192.168.2.13
      Jan 14, 2025 17:14:31.566456079 CET4276813566192.168.2.1383.222.191.90
      Jan 14, 2025 17:14:31.571266890 CET135664276883.222.191.90192.168.2.13
      Jan 14, 2025 17:14:32.179785967 CET135664276883.222.191.90192.168.2.13
      Jan 14, 2025 17:14:32.179887056 CET4276813566192.168.2.1383.222.191.90
      Jan 14, 2025 17:14:33.166980982 CET135664276883.222.191.90192.168.2.13
      Jan 14, 2025 17:14:33.167110920 CET4276813566192.168.2.1383.222.191.90
      Jan 14, 2025 17:15:33.218247890 CET4276813566192.168.2.1383.222.191.90
      Jan 14, 2025 17:15:33.223263025 CET135664276883.222.191.90192.168.2.13
      Jan 14, 2025 17:15:33.423860073 CET135664276883.222.191.90192.168.2.13
      Jan 14, 2025 17:15:33.423969984 CET4276813566192.168.2.1383.222.191.90
      Jan 14, 2025 17:15:34.166008949 CET135664276883.222.191.90192.168.2.13
      Jan 14, 2025 17:15:34.166124105 CET4276813566192.168.2.1383.222.191.90

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 14, 2025 17:14:21.536601067 CET3866753192.168.2.138.8.8.8
      Jan 14, 2025 17:14:21.546730995 CET53386678.8.8.8192.168.2.13

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Jan 14, 2025 17:14:21.536601067 CET192.168.2.138.8.8.80x2285Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Jan 14, 2025 17:14:21.546730995 CET8.8.8.8192.168.2.130x2285No error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

      System Behavior

      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/tmp/Kloki.m68k.elf
      Arguments:/tmp/Kloki.m68k.elf
      File size:4463432 bytes
      MD5 hash:cd177594338c77b895ae27c33f8f86cc

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/tmp/Kloki.m68k.elf
      Arguments:-
      File size:4463432 bytes
      MD5 hash:cd177594338c77b895ae27c33f8f86cc

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/tmp/Kloki.m68k.elf
      Arguments:-
      File size:4463432 bytes
      MD5 hash:cd177594338c77b895ae27c33f8f86cc

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/tmp/Kloki.m68k.elf
      Arguments:-
      File size:4463432 bytes
      MD5 hash:cd177594338c77b895ae27c33f8f86cc

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/usr/libexec/gsd-print-notifications
      Arguments:/usr/libexec/gsd-print-notifications
      File size:51840 bytes
      MD5 hash:71539698aa691718cee775d6b9450ae2

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/usr/libexec/gsd-rfkill
      Arguments:/usr/libexec/gsd-rfkill
      File size:51808 bytes
      MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/usr/sbin/gdm3
      Arguments:-
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/usr/sbin/gdm3
      Arguments:-
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Chronological Activities


      General

      Start time (UTC):16:14:20
      Start date (UTC):14/01/2025
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):16:14:30
      Start date (UTC):14/01/2025
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Chronological Activities


      General

      Start time (UTC):16:14:30
      Start date (UTC):14/01/2025
      Path:/lib/systemd/systemd-user-runtime-dir
      Arguments:/lib/systemd/systemd-user-runtime-dir stop 127
      File size:22672 bytes
      MD5 hash:d55f4b0847f88131dbcfb07435178e54

      Chronological Activities