Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
Kloki.arm5.elf

Overview

General Information

Sample name:Kloki.arm5.elf
Analysis ID:1594477
MD5:58b81b44e5fb0065713e5e87584e6ee6
SHA1:3241bb285157b8377b710fe618e54fb462c8f94f
SHA256:20c9236bc4e53aeb80e2081170b8cec48a4ef684fa0533535566925cbd2f6b19
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1594477
Start date and time:2025-01-19 02:56:10 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 1s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.arm5.elf
Detection:MAL
Classification:mal60.spre.linELF@0/0@1/0

Runtime Messages

Command:/tmp/Kloki.arm5.elf
PID:6267
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh (PID: 6294, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • sh (PID: 6296, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • sh (PID: 6298, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • sh (PID: 6301, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
  • gnome-shell (PID: 6301, Parent: 1477, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • gdm3 New Fork (PID: 6302, Parent: 1320)
  • Default (PID: 6302, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6304, Parent: 1320)
  • Default (PID: 6304, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-19T02:57:15.023637+010025000342Misc Attack83.222.191.9013566192.168.2.2342774TCP

Joe Sandbox Signatures

  • AV Detection
  • Spreading
  • Networking
  • System Summary
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Kloki.arm5.elfAvira: detected
Source: Kloki.arm5.elfVirustotal: Detection: 38%Perma Link
Source: Kloki.arm5.elfReversingLabs: Detection: 42%
Source: Kloki.arm5.elfString: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffinitsystemctltelinitcatgrepshashbashzshcshkshdashfish
Source: global trafficTCP traffic: 192.168.2.23:38230 -> 83.222.166.24:13566
Source: global trafficTCP traffic: 192.168.2.23:59522 -> 83.222.82.194:13566
Source: global trafficTCP traffic: 192.168.2.23:49096 -> 83.222.131.50:13566
Source: global trafficTCP traffic: 192.168.2.23:45106 -> 83.222.255.35:13566
Source: global trafficTCP traffic: 192.168.2.23:46492 -> 83.222.228.21:13566
Source: global trafficTCP traffic: 192.168.2.23:40878 -> 83.222.185.252:13566
Source: global trafficTCP traffic: 192.168.2.23:36060 -> 83.222.182.10:13566
Source: global trafficTCP traffic: 192.168.2.23:44998 -> 83.222.190.71:13566
Source: global trafficTCP traffic: 192.168.2.23:32888 -> 83.222.212.108:13566
Source: global trafficTCP traffic: 192.168.2.23:53450 -> 83.222.34.19:13566
Source: global trafficTCP traffic: 192.168.2.23:51404 -> 83.222.69.243:13566
Source: global trafficTCP traffic: 192.168.2.23:40904 -> 83.222.56.203:13566
Source: global trafficTCP traffic: 192.168.2.23:50686 -> 83.222.59.215:13566
Source: global trafficTCP traffic: 192.168.2.23:39004 -> 83.222.240.144:13566
Source: global trafficTCP traffic: 192.168.2.23:56230 -> 83.222.50.58:13566
Source: global trafficTCP traffic: 192.168.2.23:55254 -> 83.222.31.216:13566
Source: global trafficTCP traffic: 192.168.2.23:57560 -> 83.222.82.114:13566
Source: global trafficTCP traffic: 192.168.2.23:41638 -> 83.222.154.213:13566
Source: global trafficTCP traffic: 192.168.2.23:53926 -> 83.222.164.154:13566
Source: global trafficTCP traffic: 192.168.2.23:55636 -> 83.222.249.136:13566
Source: global trafficTCP traffic: 192.168.2.23:54108 -> 83.222.175.178:13566
Source: global trafficTCP traffic: 192.168.2.23:59938 -> 83.222.133.102:13566
Source: global trafficTCP traffic: 192.168.2.23:55280 -> 83.222.188.67:13566
Source: global trafficTCP traffic: 192.168.2.23:42764 -> 83.222.173.145:13566
Source: global trafficTCP traffic: 192.168.2.23:40214 -> 83.222.176.207:13566
Source: global trafficTCP traffic: 192.168.2.23:47452 -> 83.222.164.245:13566
Source: global trafficTCP traffic: 192.168.2.23:41774 -> 83.222.194.221:13566
Source: global trafficTCP traffic: 192.168.2.23:60992 -> 83.222.192.254:13566
Source: global trafficTCP traffic: 192.168.2.23:59066 -> 83.222.180.177:13566
Source: global trafficTCP traffic: 192.168.2.23:58006 -> 83.222.142.230:13566
Source: global trafficTCP traffic: 192.168.2.23:57958 -> 83.222.235.174:13566
Source: global trafficTCP traffic: 192.168.2.23:59218 -> 83.222.190.61:13566
Source: global trafficTCP traffic: 192.168.2.23:53422 -> 83.222.32.89:13566
Source: global trafficTCP traffic: 192.168.2.23:36524 -> 83.222.19.196:13566
Source: global trafficTCP traffic: 192.168.2.23:50648 -> 83.222.243.12:13566
Source: global trafficTCP traffic: 192.168.2.23:41368 -> 83.222.77.162:13566
Source: global trafficTCP traffic: 192.168.2.23:44552 -> 83.222.190.210:13566
Source: global trafficTCP traffic: 192.168.2.23:35286 -> 83.222.8.122:13566
Source: global trafficTCP traffic: 192.168.2.23:32978 -> 83.222.21.181:13566
Source: global trafficTCP traffic: 192.168.2.23:47492 -> 83.222.11.197:13566
Source: global trafficTCP traffic: 192.168.2.23:38668 -> 83.222.132.176:13566
Source: global trafficTCP traffic: 192.168.2.23:34402 -> 83.222.186.71:13566
Source: global trafficTCP traffic: 192.168.2.23:42906 -> 83.222.141.123:13566
Source: global trafficTCP traffic: 192.168.2.23:41152 -> 83.222.69.65:13566
Source: global trafficTCP traffic: 192.168.2.23:34468 -> 83.222.44.211:13566
Source: global trafficTCP traffic: 192.168.2.23:36242 -> 83.222.40.23:13566
Source: global trafficTCP traffic: 192.168.2.23:57522 -> 83.222.129.230:13566
Source: global trafficTCP traffic: 192.168.2.23:36636 -> 83.222.84.161:13566
Source: global trafficTCP traffic: 192.168.2.23:48836 -> 83.222.63.103:13566
Source: global trafficTCP traffic: 192.168.2.23:57214 -> 83.222.102.50:13566
Source: global trafficTCP traffic: 192.168.2.23:41438 -> 83.222.115.179:13566
Source: global trafficTCP traffic: 192.168.2.23:49662 -> 83.222.213.49:13566
Source: global trafficTCP traffic: 192.168.2.23:55626 -> 83.222.133.221:13566
Source: global trafficTCP traffic: 192.168.2.23:52298 -> 83.222.172.154:13566
Source: global trafficTCP traffic: 192.168.2.23:44314 -> 83.222.147.183:13566
Source: global trafficTCP traffic: 192.168.2.23:37246 -> 83.222.96.23:13566
Source: global trafficTCP traffic: 192.168.2.23:53368 -> 83.222.103.26:13566
Source: global trafficTCP traffic: 192.168.2.23:51646 -> 83.222.94.244:13566
Source: global trafficTCP traffic: 192.168.2.23:51590 -> 83.222.149.163:13566
Source: global trafficTCP traffic: 192.168.2.23:37412 -> 83.222.54.193:13566
Source: global trafficTCP traffic: 192.168.2.23:56356 -> 83.222.119.94:13566
Source: global trafficTCP traffic: 192.168.2.23:51372 -> 83.222.216.248:13566
Source: global trafficTCP traffic: 192.168.2.23:51340 -> 83.222.68.45:13566
Source: global trafficTCP traffic: 192.168.2.23:55194 -> 83.222.154.132:13566
Source: global trafficTCP traffic: 192.168.2.23:55892 -> 83.222.148.0:13566
Source: global trafficTCP traffic: 192.168.2.23:41252 -> 83.222.182.8:13566
Source: global trafficTCP traffic: 192.168.2.23:49808 -> 83.222.179.139:13566
Source: global trafficTCP traffic: 192.168.2.23:57054 -> 83.222.57.56:13566
Source: global trafficTCP traffic: 192.168.2.23:51772 -> 83.222.105.229:13566
Source: global trafficTCP traffic: 192.168.2.23:36130 -> 83.222.210.252:13566
Source: global trafficTCP traffic: 192.168.2.23:57896 -> 83.222.157.50:13566
Source: global trafficTCP traffic: 192.168.2.23:42102 -> 83.222.19.4:13566
Source: global trafficTCP traffic: 192.168.2.23:47828 -> 83.222.77.114:13566
Source: global trafficTCP traffic: 192.168.2.23:41898 -> 83.222.249.226:13566
Source: global trafficTCP traffic: 192.168.2.23:56328 -> 83.222.21.47:13566
Source: global trafficTCP traffic: 192.168.2.23:56672 -> 83.222.164.140:13566
Source: global trafficTCP traffic: 192.168.2.23:52336 -> 83.222.141.124:13566
Source: global trafficTCP traffic: 192.168.2.23:59018 -> 83.222.133.209:13566
Source: global trafficTCP traffic: 192.168.2.23:35638 -> 83.222.169.31:13566
Source: global trafficTCP traffic: 192.168.2.23:52808 -> 83.222.85.62:13566
Source: global trafficTCP traffic: 192.168.2.23:51148 -> 83.222.31.12:13566
Source: global trafficTCP traffic: 192.168.2.23:39680 -> 83.222.70.210:13566
Source: global trafficTCP traffic: 192.168.2.23:37208 -> 83.222.151.127:13566
Source: global trafficTCP traffic: 192.168.2.23:55468 -> 83.222.10.0:13566
Source: global trafficTCP traffic: 192.168.2.23:48026 -> 83.222.101.220:13566
Source: global trafficTCP traffic: 192.168.2.23:53836 -> 83.222.252.2:13566
Source: global trafficTCP traffic: 192.168.2.23:34610 -> 83.222.15.16:13566
Source: global trafficTCP traffic: 192.168.2.23:45552 -> 83.222.6.92:13566
Source: global trafficTCP traffic: 192.168.2.23:48656 -> 83.222.130.255:13566
Source: global trafficTCP traffic: 192.168.2.23:40928 -> 83.222.62.151:13566
Source: global trafficTCP traffic: 192.168.2.23:39644 -> 83.222.46.226:13566
Source: global trafficTCP traffic: 192.168.2.23:56990 -> 83.222.36.187:13566
Source: global trafficTCP traffic: 192.168.2.23:55972 -> 83.222.95.169:13566
Source: global trafficTCP traffic: 192.168.2.23:54982 -> 83.222.141.8:13566
Source: global trafficTCP traffic: 192.168.2.23:54506 -> 83.222.200.226:13566
Source: global trafficTCP traffic: 192.168.2.23:52964 -> 83.222.70.231:13566
Source: global trafficTCP traffic: 192.168.2.23:45506 -> 83.222.238.140:13566
Source: global trafficTCP traffic: 192.168.2.23:46892 -> 83.222.185.134:13566
Source: global trafficTCP traffic: 192.168.2.23:45912 -> 83.222.12.195:13566
Source: global trafficTCP traffic: 192.168.2.23:43064 -> 83.222.134.113:13566
Source: global trafficTCP traffic: 192.168.2.23:33594 -> 83.222.159.131:13566
Source: global trafficTCP traffic: 192.168.2.23:54026 -> 83.222.115.174:13566
Source: global trafficTCP traffic: 192.168.2.23:56678 -> 83.222.147.121:13566
Source: global trafficTCP traffic: 192.168.2.23:33792 -> 83.222.10.21:13566
Source: global trafficTCP traffic: 192.168.2.23:60184 -> 83.222.121.73:13566
Source: global trafficTCP traffic: 192.168.2.23:43862 -> 83.222.172.167:13566
Source: global trafficTCP traffic: 192.168.2.23:57224 -> 83.222.43.208:13566
Source: global trafficTCP traffic: 192.168.2.23:50514 -> 83.222.99.138:13566
Source: global trafficTCP traffic: 192.168.2.23:34914 -> 83.222.121.240:13566
Source: global trafficTCP traffic: 192.168.2.23:49234 -> 83.222.147.65:13566
Source: global trafficTCP traffic: 192.168.2.23:40832 -> 83.222.210.217:13566
Source: global trafficTCP traffic: 192.168.2.23:44736 -> 83.222.40.193:13566
Source: global trafficTCP traffic: 192.168.2.23:36200 -> 83.222.102.225:13566
Source: global trafficTCP traffic: 192.168.2.23:42774 -> 83.222.191.90:13566
Source: /tmp/Kloki.arm5.elf (PID: 6267)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.23:42774
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.166.24
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.82.194
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.166.24
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.82.194
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.131.50
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.131.50
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.131.50
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.255.35
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.131.50
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.255.35
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.255.35
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.255.35
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.228.21
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.228.21
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.185.252
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.182.10
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.190.71
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.185.252
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.212.108
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.182.10
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.190.71
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.212.108
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.212.108
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.34.19
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.212.108
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.243
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.56.203
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.34.19
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.243
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.56.203
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.59.215
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.59.215
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.240.144
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.240.144
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.50.58
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.31.216
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.50.58
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.82.114
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.31.216
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.154.213
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.82.114
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.154.213
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.164.154
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.249.136
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.175.178
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.133.102
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.164.154
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.188.67
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1532, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 2302, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6252, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6294, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6296, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6298, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6301, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6302, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffinitsystemctltelinitcatgrepshashbashzshcshkshdashfish
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1532, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 2302, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6252, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6294, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6296, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6298, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6301, result: successfulJump to behavior
Source: /tmp/Kloki.arm5.elf (PID: 6273)SIGKILL sent: pid: 6302, result: successfulJump to behavior
Source: classification engineClassification label: mal60.spre.linELF@0/0@1/0
Source: /tmp/Kloki.arm5.elf (PID: 6267)Queries kernel information via 'uname': Jump to behavior
Source: Kloki.arm5.elf, 6267.1.0000563bb74f4000.0000563bb7669000.rw-.sdmp, Kloki.arm5.elf, 6269.1.0000563bb74f4000.0000563bb7622000.rw-.sdmpBinary or memory string: ;V!/etc/qemu-binfmt/arm
Source: Kloki.arm5.elf, 6267.1.00007ffc89397000.00007ffc893b8000.rw-.sdmp, Kloki.arm5.elf, 6269.1.00007ffc89397000.00007ffc893b8000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/Kloki.arm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.arm5.elf
Source: Kloki.arm5.elf, 6267.1.0000563bb74f4000.0000563bb7669000.rw-.sdmp, Kloki.arm5.elf, 6269.1.0000563bb74f4000.0000563bb7622000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: Kloki.arm5.elf, 6267.1.00007ffc89397000.00007ffc893b8000.rw-.sdmp, Kloki.arm5.elf, 6269.1.00007ffc89397000.00007ffc893b8000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1594477 Sample: Kloki.arm5.elf Startdate: 19/01/2025 Architecture: LINUX Score: 60 23 83.222.164.140, 13566, 56672 WAVENETLB Bulgaria 2->23 25 83.222.164.245, 13566, 47452 WAVENETLB Bulgaria 2->25 27 98 other IPs or domains 2->27 29 Antivirus / Scanner detection for submitted sample 2->29 31 Multi AV Scanner detection for submitted file 2->31 8 Kloki.arm5.elf 2->8         started        10 gnome-session-binary sh gnome-shell 2->10         started        12 gnome-session-binary sh 2->12         started        14 4 other processes 2->14 signatures3 process4 process5 16 Kloki.arm5.elf 8->16         started        18 Kloki.arm5.elf 8->18         started        process6 20 Kloki.arm5.elf 16->20         started        signatures7 33 Sample tries to kill multiple processes (SIGKILL) 20->33

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kloki.arm5.elf38%VirustotalBrowse
Kloki.arm5.elf42%ReversingLabsLinux.Backdoor.Mirai
Kloki.arm5.elf100%AviraEXP/ELF.Mirai.W

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    83.222.121.73
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.147.65
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.70.231
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.172.167
    		unknownBulgaria
    		49040KIG-UNISAT-TVBGfalse
    83.222.59.215
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.194.221
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.10.21
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.166.24
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.11.197
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.190.210
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.147.121
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.115.174
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.129.230
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.69.65
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.115.179
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.54.193
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.159.131
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.249.226
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    91.189.91.43
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    91.189.91.42
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    83.222.212.108
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.228.21
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.19.4
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.46.226
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.21.47
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.96.23
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.188.67
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.238.140
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.216.248
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.243.12
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.133.221
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.15.16
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.133.102
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.6.92
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.102.225
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.70.210
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.40.193
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.103.26
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.21.181
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.94.244
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.69.243
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.255.35
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.102.50
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.95.169
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.147.183
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.151.127
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.57.56
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.44.211
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.173.145
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.154.132
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.131.50
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.252.2
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.134.113
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.210.217
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.180.177
    		unknownBulgaria
    		205872EXTRANET-ASBGfalse
    83.222.99.138
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.191.90
    		secure-network-rebirthltd.ruBulgaria
    		43561NET1-ASBGfalse
    83.222.130.255
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.192.254
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.133.209
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.176.207
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.68.45
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.77.114
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.36.187
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.213.49
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.56.203
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.85.62
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.186.71
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.175.178
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.240.144
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.132.176
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.121.240
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.164.245
    		unknownBulgaria
    		31037WAVENETLBfalse
    83.222.32.89
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.31.216
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.62.151
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.19.196
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.149.163
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.40.23
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.142.230
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.101.220
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.12.195
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.63.103
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.182.10
    		unknownBulgaria
    		205872EXTRANET-ASBGfalse
    83.222.200.226
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.141.124
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.141.123
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.164.140
    		unknownBulgaria
    		31037WAVENETLBfalse
    83.222.190.61
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.141.8
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.84.161
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.119.94
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.169.31
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.190.71
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.77.162
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.179.139
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.50.58
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.105.229
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.43.208
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.31.12
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    83.222.129.230Kloki.spc.elfGet hashmaliciousUnknownBrowse
      91.189.91.43Kloki.arm7.elfGet hashmaliciousMiraiBrowse
        arm7.elfGet hashmaliciousUnknownBrowse
          ppc.elfGet hashmaliciousUnknownBrowse
            arm.elfGet hashmaliciousUnknownBrowse
              mips.elfGet hashmaliciousUnknownBrowse
                arm6.elfGet hashmaliciousUnknownBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    na.elfGet hashmaliciousPrometeiBrowse
                      bin.sh.elfGet hashmaliciousMiraiBrowse
                        sshd.elfGet hashmaliciousUnknownBrowse
                          91.189.91.42Kloki.arm7.elfGet hashmaliciousMiraiBrowse
                            arm7.elfGet hashmaliciousUnknownBrowse
                              ppc.elfGet hashmaliciousUnknownBrowse
                                arm.elfGet hashmaliciousUnknownBrowse
                                  mips.elfGet hashmaliciousUnknownBrowse
                                    arm6.elfGet hashmaliciousUnknownBrowse
                                      na.elfGet hashmaliciousPrometeiBrowse
                                        na.elfGet hashmaliciousPrometeiBrowse
                                          bin.sh.elfGet hashmaliciousMiraiBrowse
                                            sshd.elfGet hashmaliciousUnknownBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              secure-network-rebirthltd.ruKloki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.191.90
                                              Kloki.arm7.elfGet hashmaliciousMiraiBrowse
                                              • 83.222.191.90
                                              loki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.191.90
                                              Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.191.90
                                              Kloki.i686.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.191.90
                                              loki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.191.90
                                              loki.arm4.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.191.90
                                              loki.mpsl.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.191.90
                                              loki.m68k.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.191.90
                                              loki.arm5.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.191.90

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUKloki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.84.27
                                              Kloki.arm7.elfGet hashmaliciousMiraiBrowse
                                              • 83.222.84.226
                                              loki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.82.223
                                              Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.89.99
                                              Kloki.i686.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.78.125
                                              loki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.88.209
                                              loki.arm4.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.84.140
                                              loki.mpsl.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.84.140
                                              loki.m68k.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.93.197
                                              loki.arm5.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.90.26
                                              MNOGOBYTE-ASMoscowRussiaRUKloki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.112.215
                                              Kloki.arm7.elfGet hashmaliciousMiraiBrowse
                                              • 83.222.110.25
                                              loki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.101.228
                                              Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.107.141
                                              Kloki.i686.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.109.253
                                              loki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.112.175
                                              loki.arm4.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.122.108
                                              loki.mpsl.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.122.108
                                              loki.m68k.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.102.216
                                              loki.arm5.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.101.249
                                              SENSELAN-ASsenseLANGmbHCHKloki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.134.38
                                              Kloki.arm7.elfGet hashmaliciousMiraiBrowse
                                              • 83.222.139.96
                                              loki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.159.161
                                              Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.156.89
                                              Kloki.i686.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.142.101
                                              loki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.128.163
                                              loki.arm4.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.143.214
                                              loki.mpsl.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.143.214
                                              loki.m68k.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.157.43
                                              loki.arm5.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.135.133
                                              KIG-UNISAT-TVBGKloki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.170.59
                                              Kloki.arm7.elfGet hashmaliciousMiraiBrowse
                                              • 83.222.170.166
                                              loki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.170.135
                                              Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.160.95
                                              Kloki.i686.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.172.90
                                              loki.spc.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.170.78
                                              loki.arm4.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.172.4
                                              loki.mpsl.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.172.4
                                              loki.m68k.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.170.184
                                              loki.arm5.elfGet hashmaliciousUnknownBrowse
                                              • 83.222.172.26

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              No created / dropped files found

                                              Static File Info

                                              General

                                              File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                              Entropy (8bit):6.080237233317122
                                              TrID:
                                              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                              File name:Kloki.arm5.elf
                                              File size:63'260 bytes
                                              MD5:58b81b44e5fb0065713e5e87584e6ee6
                                              SHA1:3241bb285157b8377b710fe618e54fb462c8f94f
                                              SHA256:20c9236bc4e53aeb80e2081170b8cec48a4ef684fa0533535566925cbd2f6b19
                                              SHA512:8391530a13432ecd1843e7fa666605ea471282e3d69a7f23af0ec6ab4e3e2b2780d8b429b50323ea61187aa46913818c54adad1bed8a2c5f1805bcee6e6947a9
                                              SSDEEP:768:W5PQmtMHSXYGNvICYMOko0HrFRVCXSo6ub4oUHN9uPPQDmMdJZcbGuvD+sSO1Cfi:Y4muHMYMJHhRVCXSo9TszmHvDsOsXL
                                              TLSH:27532A91FC815A13C5D422B7FB6E428C372723B8D2EE7213AD265F11778A92B0E77641
                                              File Content Preview:.ELF...a..........(.........4...........4. ...(..........................................................5..........Q.td..................................-...L."...h7..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                              Static ELF Info

                                              ELF header

                                              Class:ELF32
                                              Data:2's complement, little endian
                                              Version:1 (current)
                                              Machine:ARM
                                              Version Number:0x1
                                              Type:EXEC (Executable file)
                                              OS/ABI:ARM - ABI
                                              ABI Version:0
                                              Entry Point Address:0x8190
                                              Flags:0x2
                                              ELF Header Size:52
                                              Program Header Offset:52
                                              Program Header Size:32
                                              Number of Program Headers:3
                                              Section Header Offset:62860
                                              Section Header Size:40
                                              Number of Section Headers:10
                                              Header String Table Index:9

                                              Sections

                                              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                              NULL0x00x00x00x00x0000
                                              .initPROGBITS0x80940x940x180x00x6AX004
                                              .textPROGBITS0x80b00xb00xddd80x00x6AX0016
                                              .finiPROGBITS0x15e880xde880x140x00x6AX004
                                              .rodataPROGBITS0x15e9c0xde9c0x13200x00x2A004
                                              .ctorsPROGBITS0x1f1c00xf1c00x80x00x3WA004
                                              .dtorsPROGBITS0x1f1c80xf1c80x80x00x3WA004
                                              .dataPROGBITS0x1f1d40xf1d40x3780x00x3WA004
                                              .bssNOBITS0x1f54c0xf54c0x31740x00x3WA004
                                              .shstrtabSTRTAB0x00xf54c0x3e0x00x0001

                                              Program Segments

                                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                              LOAD0x00x80000x80000xf1bc0xf1bc6.11440x5R E0x8000.init .text .fini .rodata
                                              LOAD0xf1c00x1f1c00x1f1c00x38c0x35002.81860x6RW 0x8000.ctors .dtors .data .bss
                                              GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                              Network Behavior

                                              Download Network PCAP: filteredfull

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2025-01-19T02:57:15.023637+01002500034ET COMPROMISED Known Compromised or Hostile Host Traffic group 18283.222.191.9013566192.168.2.2342774TCP

                                              Network Port Distribution

                                              • Total Packets: 278
                                              • 13566 undefined
                                              • 443 (HTTPS)
                                              • 80 (HTTP)
                                              • 53 (DNS)
                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 19, 2025 02:57:13.294136047 CET4251680192.168.2.23109.202.202.202
                                              Jan 19, 2025 02:57:13.294141054 CET43928443192.168.2.2391.189.91.42
                                              Jan 19, 2025 02:57:14.231132030 CET3823013566192.168.2.2383.222.166.24
                                              Jan 19, 2025 02:57:14.232171059 CET5952213566192.168.2.2383.222.82.194
                                              Jan 19, 2025 02:57:14.236047029 CET135663823083.222.166.24192.168.2.23
                                              Jan 19, 2025 02:57:14.236109018 CET3823013566192.168.2.2383.222.166.24
                                              Jan 19, 2025 02:57:14.237113953 CET135665952283.222.82.194192.168.2.23
                                              Jan 19, 2025 02:57:14.237158060 CET5952213566192.168.2.2383.222.82.194
                                              Jan 19, 2025 02:57:14.252296925 CET4909613566192.168.2.2383.222.131.50
                                              Jan 19, 2025 02:57:14.257317066 CET135664909683.222.131.50192.168.2.23
                                              Jan 19, 2025 02:57:14.257381916 CET4909613566192.168.2.2383.222.131.50
                                              Jan 19, 2025 02:57:14.273642063 CET4909613566192.168.2.2383.222.131.50
                                              Jan 19, 2025 02:57:14.275856972 CET4510613566192.168.2.2383.222.255.35
                                              Jan 19, 2025 02:57:14.278610945 CET135664909683.222.131.50192.168.2.23
                                              Jan 19, 2025 02:57:14.278662920 CET4909613566192.168.2.2383.222.131.50
                                              Jan 19, 2025 02:57:14.280802965 CET135664510683.222.255.35192.168.2.23
                                              Jan 19, 2025 02:57:14.280967951 CET4510613566192.168.2.2383.222.255.35
                                              Jan 19, 2025 02:57:14.294826984 CET4510613566192.168.2.2383.222.255.35
                                              Jan 19, 2025 02:57:14.299766064 CET135664510683.222.255.35192.168.2.23
                                              Jan 19, 2025 02:57:14.300090075 CET4510613566192.168.2.2383.222.255.35
                                              Jan 19, 2025 02:57:14.300379992 CET4649213566192.168.2.2383.222.228.21
                                              Jan 19, 2025 02:57:14.305201054 CET135664649283.222.228.21192.168.2.23
                                              Jan 19, 2025 02:57:14.305293083 CET4649213566192.168.2.2383.222.228.21
                                              Jan 19, 2025 02:57:14.307157040 CET4087813566192.168.2.2383.222.185.252
                                              Jan 19, 2025 02:57:14.309756994 CET3606013566192.168.2.2383.222.182.10
                                              Jan 19, 2025 02:57:14.311616898 CET4499813566192.168.2.2383.222.190.71
                                              Jan 19, 2025 02:57:14.311971903 CET135664087883.222.185.252192.168.2.23
                                              Jan 19, 2025 02:57:14.312027931 CET4087813566192.168.2.2383.222.185.252
                                              Jan 19, 2025 02:57:14.313035011 CET3288813566192.168.2.2383.222.212.108
                                              Jan 19, 2025 02:57:14.314647913 CET135663606083.222.182.10192.168.2.23
                                              Jan 19, 2025 02:57:14.314692020 CET3606013566192.168.2.2383.222.182.10
                                              Jan 19, 2025 02:57:14.316489935 CET135664499883.222.190.71192.168.2.23
                                              Jan 19, 2025 02:57:14.316744089 CET4499813566192.168.2.2383.222.190.71
                                              Jan 19, 2025 02:57:14.317837954 CET135663288883.222.212.108192.168.2.23
                                              Jan 19, 2025 02:57:14.317940950 CET3288813566192.168.2.2383.222.212.108
                                              Jan 19, 2025 02:57:14.329747915 CET3288813566192.168.2.2383.222.212.108
                                              Jan 19, 2025 02:57:14.333374023 CET5345013566192.168.2.2383.222.34.19
                                              Jan 19, 2025 02:57:14.334640980 CET135663288883.222.212.108192.168.2.23
                                              Jan 19, 2025 02:57:14.334686995 CET3288813566192.168.2.2383.222.212.108
                                              Jan 19, 2025 02:57:14.335177898 CET5140413566192.168.2.2383.222.69.243
                                              Jan 19, 2025 02:57:14.336684942 CET4090413566192.168.2.2383.222.56.203
                                              Jan 19, 2025 02:57:14.338294983 CET135665345083.222.34.19192.168.2.23
                                              Jan 19, 2025 02:57:14.338387012 CET5345013566192.168.2.2383.222.34.19
                                              Jan 19, 2025 02:57:14.339982033 CET135665140483.222.69.243192.168.2.23
                                              Jan 19, 2025 02:57:14.340039968 CET5140413566192.168.2.2383.222.69.243
                                              Jan 19, 2025 02:57:14.341521978 CET135664090483.222.56.203192.168.2.23
                                              Jan 19, 2025 02:57:14.341578960 CET4090413566192.168.2.2383.222.56.203
                                              Jan 19, 2025 02:57:14.353944063 CET5068613566192.168.2.2383.222.59.215
                                              Jan 19, 2025 02:57:14.358860016 CET135665068683.222.59.215192.168.2.23
                                              Jan 19, 2025 02:57:14.358953953 CET5068613566192.168.2.2383.222.59.215
                                              Jan 19, 2025 02:57:14.395745993 CET3900413566192.168.2.2383.222.240.144
                                              Jan 19, 2025 02:57:14.400630951 CET135663900483.222.240.144192.168.2.23
                                              Jan 19, 2025 02:57:14.400686026 CET3900413566192.168.2.2383.222.240.144
                                              Jan 19, 2025 02:57:14.407689095 CET5623013566192.168.2.2383.222.50.58
                                              Jan 19, 2025 02:57:14.411561966 CET5525413566192.168.2.2383.222.31.216
                                              Jan 19, 2025 02:57:14.412815094 CET135665623083.222.50.58192.168.2.23
                                              Jan 19, 2025 02:57:14.412859917 CET5623013566192.168.2.2383.222.50.58
                                              Jan 19, 2025 02:57:14.415482044 CET5756013566192.168.2.2383.222.82.114
                                              Jan 19, 2025 02:57:14.416527987 CET135665525483.222.31.216192.168.2.23
                                              Jan 19, 2025 02:57:14.416569948 CET5525413566192.168.2.2383.222.31.216
                                              Jan 19, 2025 02:57:14.417889118 CET4163813566192.168.2.2383.222.154.213
                                              Jan 19, 2025 02:57:14.420275927 CET135665756083.222.82.114192.168.2.23
                                              Jan 19, 2025 02:57:14.420321941 CET5756013566192.168.2.2383.222.82.114
                                              Jan 19, 2025 02:57:14.422679901 CET135664163883.222.154.213192.168.2.23
                                              Jan 19, 2025 02:57:14.422751904 CET4163813566192.168.2.2383.222.154.213
                                              Jan 19, 2025 02:57:14.423666000 CET5392613566192.168.2.2383.222.164.154
                                              Jan 19, 2025 02:57:14.424774885 CET5563613566192.168.2.2383.222.249.136
                                              Jan 19, 2025 02:57:14.425436974 CET5410813566192.168.2.2383.222.175.178
                                              Jan 19, 2025 02:57:14.427359104 CET5993813566192.168.2.2383.222.133.102
                                              Jan 19, 2025 02:57:14.428486109 CET135665392683.222.164.154192.168.2.23
                                              Jan 19, 2025 02:57:14.428529978 CET5392613566192.168.2.2383.222.164.154
                                              Jan 19, 2025 02:57:14.429126024 CET5528013566192.168.2.2383.222.188.67
                                              Jan 19, 2025 02:57:14.429631948 CET135665563683.222.249.136192.168.2.23
                                              Jan 19, 2025 02:57:14.429687977 CET5563613566192.168.2.2383.222.249.136
                                              Jan 19, 2025 02:57:14.430233955 CET135665410883.222.175.178192.168.2.23
                                              Jan 19, 2025 02:57:14.430273056 CET5410813566192.168.2.2383.222.175.178
                                              Jan 19, 2025 02:57:14.432204008 CET135665993883.222.133.102192.168.2.23
                                              Jan 19, 2025 02:57:14.432259083 CET5993813566192.168.2.2383.222.133.102
                                              Jan 19, 2025 02:57:14.433856010 CET135665528083.222.188.67192.168.2.23
                                              Jan 19, 2025 02:57:14.433890104 CET5528013566192.168.2.2383.222.188.67
                                              Jan 19, 2025 02:57:14.434746981 CET4276413566192.168.2.2383.222.173.145
                                              Jan 19, 2025 02:57:14.437164068 CET4021413566192.168.2.2383.222.176.207
                                              Jan 19, 2025 02:57:14.437969923 CET4745213566192.168.2.2383.222.164.245
                                              Jan 19, 2025 02:57:14.438754082 CET4177413566192.168.2.2383.222.194.221
                                              Jan 19, 2025 02:57:14.439861059 CET135664276483.222.173.145192.168.2.23
                                              Jan 19, 2025 02:57:14.439933062 CET4276413566192.168.2.2383.222.173.145
                                              Jan 19, 2025 02:57:14.439965963 CET6099213566192.168.2.2383.222.192.254
                                              Jan 19, 2025 02:57:14.440814018 CET5906613566192.168.2.2383.222.180.177
                                              Jan 19, 2025 02:57:14.442071915 CET135664021483.222.176.207192.168.2.23
                                              Jan 19, 2025 02:57:14.442176104 CET4021413566192.168.2.2383.222.176.207
                                              Jan 19, 2025 02:57:14.442774057 CET135664745283.222.164.245192.168.2.23
                                              Jan 19, 2025 02:57:14.442835093 CET4745213566192.168.2.2383.222.164.245
                                              Jan 19, 2025 02:57:14.443597078 CET135664177483.222.194.221192.168.2.23
                                              Jan 19, 2025 02:57:14.443634987 CET4177413566192.168.2.2383.222.194.221
                                              Jan 19, 2025 02:57:14.444792032 CET135666099283.222.192.254192.168.2.23
                                              Jan 19, 2025 02:57:14.444839954 CET6099213566192.168.2.2383.222.192.254
                                              Jan 19, 2025 02:57:14.445655107 CET135665906683.222.180.177192.168.2.23
                                              Jan 19, 2025 02:57:14.445703030 CET5906613566192.168.2.2383.222.180.177
                                              Jan 19, 2025 02:57:14.461374998 CET5906613566192.168.2.2383.222.180.177
                                              Jan 19, 2025 02:57:14.461832047 CET5800613566192.168.2.2383.222.142.230
                                              Jan 19, 2025 02:57:14.462939024 CET5795813566192.168.2.2383.222.235.174
                                              Jan 19, 2025 02:57:14.463779926 CET5921813566192.168.2.2383.222.190.61
                                              Jan 19, 2025 02:57:14.464356899 CET5342213566192.168.2.2383.222.32.89
                                              Jan 19, 2025 02:57:14.466475010 CET135665906683.222.180.177192.168.2.23
                                              Jan 19, 2025 02:57:14.466522932 CET5906613566192.168.2.2383.222.180.177
                                              Jan 19, 2025 02:57:14.469007015 CET135665800683.222.142.230192.168.2.23
                                              Jan 19, 2025 02:57:14.469065905 CET5800613566192.168.2.2383.222.142.230
                                              Jan 19, 2025 02:57:14.469077110 CET135665795883.222.235.174192.168.2.23
                                              Jan 19, 2025 02:57:14.469106913 CET135665921883.222.190.61192.168.2.23
                                              Jan 19, 2025 02:57:14.469141006 CET5921813566192.168.2.2383.222.190.61
                                              Jan 19, 2025 02:57:14.469141006 CET5795813566192.168.2.2383.222.235.174
                                              Jan 19, 2025 02:57:14.469193935 CET135665342283.222.32.89192.168.2.23
                                              Jan 19, 2025 02:57:14.469244003 CET5342213566192.168.2.2383.222.32.89
                                              Jan 19, 2025 02:57:14.490888119 CET5342213566192.168.2.2383.222.32.89
                                              Jan 19, 2025 02:57:14.491405010 CET3652413566192.168.2.2383.222.19.196
                                              Jan 19, 2025 02:57:14.492177963 CET5064813566192.168.2.2383.222.243.12
                                              Jan 19, 2025 02:57:14.492908955 CET4136813566192.168.2.2383.222.77.162
                                              Jan 19, 2025 02:57:14.493654966 CET4455213566192.168.2.2383.222.190.210
                                              Jan 19, 2025 02:57:14.494507074 CET3528613566192.168.2.2383.222.8.122
                                              Jan 19, 2025 02:57:14.495327950 CET3297813566192.168.2.2383.222.21.181
                                              Jan 19, 2025 02:57:14.496033907 CET135665342283.222.32.89192.168.2.23
                                              Jan 19, 2025 02:57:14.496118069 CET5342213566192.168.2.2383.222.32.89
                                              Jan 19, 2025 02:57:14.496284008 CET135663652483.222.19.196192.168.2.23
                                              Jan 19, 2025 02:57:14.496366024 CET3652413566192.168.2.2383.222.19.196
                                              Jan 19, 2025 02:57:14.497219086 CET135665064883.222.243.12192.168.2.23
                                              Jan 19, 2025 02:57:14.497281075 CET5064813566192.168.2.2383.222.243.12
                                              Jan 19, 2025 02:57:14.497718096 CET135664136883.222.77.162192.168.2.23
                                              Jan 19, 2025 02:57:14.497766972 CET4136813566192.168.2.2383.222.77.162
                                              Jan 19, 2025 02:57:14.498512983 CET135664455283.222.190.210192.168.2.23
                                              Jan 19, 2025 02:57:14.498558998 CET4455213566192.168.2.2383.222.190.210
                                              Jan 19, 2025 02:57:14.499114037 CET4749213566192.168.2.2383.222.11.197
                                              Jan 19, 2025 02:57:14.500324011 CET135663528683.222.8.122192.168.2.23
                                              Jan 19, 2025 02:57:14.500371933 CET3528613566192.168.2.2383.222.8.122
                                              Jan 19, 2025 02:57:14.500418901 CET3866813566192.168.2.2383.222.132.176
                                              Jan 19, 2025 02:57:14.501533031 CET3440213566192.168.2.2383.222.186.71
                                              Jan 19, 2025 02:57:14.501758099 CET135663297883.222.21.181192.168.2.23
                                              Jan 19, 2025 02:57:14.501811981 CET3297813566192.168.2.2383.222.21.181
                                              Jan 19, 2025 02:57:14.503968000 CET135664749283.222.11.197192.168.2.23
                                              Jan 19, 2025 02:57:14.504034996 CET4749213566192.168.2.2383.222.11.197
                                              Jan 19, 2025 02:57:14.504054070 CET4290613566192.168.2.2383.222.141.123
                                              Jan 19, 2025 02:57:14.505356073 CET4115213566192.168.2.2383.222.69.65
                                              Jan 19, 2025 02:57:14.505445957 CET135663866883.222.132.176192.168.2.23
                                              Jan 19, 2025 02:57:14.505490065 CET3866813566192.168.2.2383.222.132.176
                                              Jan 19, 2025 02:57:14.506413937 CET3446813566192.168.2.2383.222.44.211
                                              Jan 19, 2025 02:57:14.506495953 CET135663440283.222.186.71192.168.2.23
                                              Jan 19, 2025 02:57:14.506536961 CET3440213566192.168.2.2383.222.186.71
                                              Jan 19, 2025 02:57:14.507698059 CET3624213566192.168.2.2383.222.40.23
                                              Jan 19, 2025 02:57:14.508900881 CET135664290683.222.141.123192.168.2.23
                                              Jan 19, 2025 02:57:14.508949995 CET4290613566192.168.2.2383.222.141.123
                                              Jan 19, 2025 02:57:14.510190964 CET135664115283.222.69.65192.168.2.23
                                              Jan 19, 2025 02:57:14.510241032 CET4115213566192.168.2.2383.222.69.65
                                              Jan 19, 2025 02:57:14.511023045 CET5752213566192.168.2.2383.222.129.230
                                              Jan 19, 2025 02:57:14.511284113 CET135663446883.222.44.211192.168.2.23
                                              Jan 19, 2025 02:57:14.511334896 CET3446813566192.168.2.2383.222.44.211
                                              Jan 19, 2025 02:57:14.512392044 CET3663613566192.168.2.2383.222.84.161
                                              Jan 19, 2025 02:57:14.512551069 CET135663624283.222.40.23192.168.2.23
                                              Jan 19, 2025 02:57:14.512593031 CET3624213566192.168.2.2383.222.40.23
                                              Jan 19, 2025 02:57:14.515786886 CET4883613566192.168.2.2383.222.63.103
                                              Jan 19, 2025 02:57:14.516052008 CET135665752283.222.129.230192.168.2.23
                                              Jan 19, 2025 02:57:14.516103029 CET5752213566192.168.2.2383.222.129.230
                                              Jan 19, 2025 02:57:14.517172098 CET135663663683.222.84.161192.168.2.23
                                              Jan 19, 2025 02:57:14.517232895 CET3663613566192.168.2.2383.222.84.161
                                              Jan 19, 2025 02:57:14.517426014 CET5721413566192.168.2.2383.222.102.50
                                              Jan 19, 2025 02:57:14.519830942 CET4143813566192.168.2.2383.222.115.179
                                              Jan 19, 2025 02:57:14.520610094 CET135664883683.222.63.103192.168.2.23
                                              Jan 19, 2025 02:57:14.520653009 CET4883613566192.168.2.2383.222.63.103
                                              Jan 19, 2025 02:57:14.521497965 CET4966213566192.168.2.2383.222.213.49
                                              Jan 19, 2025 02:57:14.522248983 CET135665721483.222.102.50192.168.2.23
                                              Jan 19, 2025 02:57:14.522298098 CET5721413566192.168.2.2383.222.102.50
                                              Jan 19, 2025 02:57:14.523267984 CET5562613566192.168.2.2383.222.133.221
                                              Jan 19, 2025 02:57:14.524271011 CET5229813566192.168.2.2383.222.172.154
                                              Jan 19, 2025 02:57:14.524753094 CET135664143883.222.115.179192.168.2.23
                                              Jan 19, 2025 02:57:14.524806023 CET4143813566192.168.2.2383.222.115.179
                                              Jan 19, 2025 02:57:14.525324106 CET4431413566192.168.2.2383.222.147.183
                                              Jan 19, 2025 02:57:14.526360989 CET135664966283.222.213.49192.168.2.23
                                              Jan 19, 2025 02:57:14.526393890 CET3724613566192.168.2.2383.222.96.23
                                              Jan 19, 2025 02:57:14.526468039 CET4966213566192.168.2.2383.222.213.49
                                              Jan 19, 2025 02:57:14.527421951 CET5336813566192.168.2.2383.222.103.26
                                              Jan 19, 2025 02:57:14.528193951 CET135665562683.222.133.221192.168.2.23
                                              Jan 19, 2025 02:57:14.528244019 CET5562613566192.168.2.2383.222.133.221
                                              Jan 19, 2025 02:57:14.528376102 CET5164613566192.168.2.2383.222.94.244
                                              Jan 19, 2025 02:57:14.529093981 CET135665229883.222.172.154192.168.2.23
                                              Jan 19, 2025 02:57:14.529228926 CET5229813566192.168.2.2383.222.172.154
                                              Jan 19, 2025 02:57:14.529807091 CET5159013566192.168.2.2383.222.149.163
                                              Jan 19, 2025 02:57:14.530107975 CET135664431483.222.147.183192.168.2.23
                                              Jan 19, 2025 02:57:14.530164003 CET4431413566192.168.2.2383.222.147.183
                                              Jan 19, 2025 02:57:14.531068087 CET3741213566192.168.2.2383.222.54.193
                                              Jan 19, 2025 02:57:14.531267881 CET135663724683.222.96.23192.168.2.23
                                              Jan 19, 2025 02:57:14.531307936 CET3724613566192.168.2.2383.222.96.23
                                              Jan 19, 2025 02:57:14.532099009 CET5635613566192.168.2.2383.222.119.94
                                              Jan 19, 2025 02:57:14.532299042 CET135665336883.222.103.26192.168.2.23
                                              Jan 19, 2025 02:57:14.532351017 CET5336813566192.168.2.2383.222.103.26
                                              Jan 19, 2025 02:57:14.532994032 CET5137213566192.168.2.2383.222.216.248
                                              Jan 19, 2025 02:57:14.533170938 CET135665164683.222.94.244192.168.2.23
                                              Jan 19, 2025 02:57:14.533221960 CET5164613566192.168.2.2383.222.94.244
                                              Jan 19, 2025 02:57:14.534634113 CET135665159083.222.149.163192.168.2.23
                                              Jan 19, 2025 02:57:14.534691095 CET5159013566192.168.2.2383.222.149.163
                                              Jan 19, 2025 02:57:14.535916090 CET135663741283.222.54.193192.168.2.23
                                              Jan 19, 2025 02:57:14.535967112 CET3741213566192.168.2.2383.222.54.193
                                              Jan 19, 2025 02:57:14.536915064 CET135665635683.222.119.94192.168.2.23
                                              Jan 19, 2025 02:57:14.536977053 CET5635613566192.168.2.2383.222.119.94
                                              Jan 19, 2025 02:57:14.537782907 CET135665137283.222.216.248192.168.2.23
                                              Jan 19, 2025 02:57:14.537838936 CET5137213566192.168.2.2383.222.216.248
                                              Jan 19, 2025 02:57:14.553920031 CET5137213566192.168.2.2383.222.216.248
                                              Jan 19, 2025 02:57:14.557766914 CET5134013566192.168.2.2383.222.68.45
                                              Jan 19, 2025 02:57:14.558963060 CET135665137283.222.216.248192.168.2.23
                                              Jan 19, 2025 02:57:14.559027910 CET5137213566192.168.2.2383.222.216.248
                                              Jan 19, 2025 02:57:14.562788963 CET135665134083.222.68.45192.168.2.23
                                              Jan 19, 2025 02:57:14.562849998 CET5134013566192.168.2.2383.222.68.45
                                              Jan 19, 2025 02:57:14.562922001 CET5519413566192.168.2.2383.222.154.132
                                              Jan 19, 2025 02:57:14.567789078 CET135665519483.222.154.132192.168.2.23
                                              Jan 19, 2025 02:57:14.567854881 CET5519413566192.168.2.2383.222.154.132
                                              Jan 19, 2025 02:57:14.570071936 CET5519413566192.168.2.2383.222.154.132
                                              Jan 19, 2025 02:57:14.570472956 CET5589213566192.168.2.2383.222.148.0
                                              Jan 19, 2025 02:57:14.571440935 CET4125213566192.168.2.2383.222.182.8
                                              Jan 19, 2025 02:57:14.574609995 CET4980813566192.168.2.2383.222.179.139
                                              Jan 19, 2025 02:57:14.574987888 CET135665519483.222.154.132192.168.2.23
                                              Jan 19, 2025 02:57:14.575036049 CET5519413566192.168.2.2383.222.154.132
                                              Jan 19, 2025 02:57:14.575376034 CET135665589283.222.148.0192.168.2.23
                                              Jan 19, 2025 02:57:14.575452089 CET5589213566192.168.2.2383.222.148.0
                                              Jan 19, 2025 02:57:14.576364040 CET135664125283.222.182.8192.168.2.23
                                              Jan 19, 2025 02:57:14.576417923 CET4125213566192.168.2.2383.222.182.8
                                              Jan 19, 2025 02:57:14.579643965 CET135664980883.222.179.139192.168.2.23
                                              Jan 19, 2025 02:57:14.579700947 CET4980813566192.168.2.2383.222.179.139
                                              Jan 19, 2025 02:57:14.579762936 CET5705413566192.168.2.2383.222.57.56
                                              Jan 19, 2025 02:57:14.584944963 CET135665705483.222.57.56192.168.2.23
                                              Jan 19, 2025 02:57:14.584999084 CET5705413566192.168.2.2383.222.57.56
                                              Jan 19, 2025 02:57:14.586179018 CET5177213566192.168.2.2383.222.105.229
                                              Jan 19, 2025 02:57:14.591609001 CET135665177283.222.105.229192.168.2.23
                                              Jan 19, 2025 02:57:14.591675997 CET5177213566192.168.2.2383.222.105.229
                                              Jan 19, 2025 02:57:14.603689909 CET5177213566192.168.2.2383.222.105.229
                                              Jan 19, 2025 02:57:14.608711004 CET135665177283.222.105.229192.168.2.23
                                              Jan 19, 2025 02:57:14.608756065 CET5177213566192.168.2.2383.222.105.229
                                              Jan 19, 2025 02:57:14.614584923 CET3613013566192.168.2.2383.222.210.252
                                              Jan 19, 2025 02:57:14.619519949 CET135663613083.222.210.252192.168.2.23
                                              Jan 19, 2025 02:57:14.619617939 CET3613013566192.168.2.2383.222.210.252
                                              Jan 19, 2025 02:57:14.639244080 CET3613013566192.168.2.2383.222.210.252
                                              Jan 19, 2025 02:57:14.644294977 CET135663613083.222.210.252192.168.2.23
                                              Jan 19, 2025 02:57:14.644387960 CET3613013566192.168.2.2383.222.210.252
                                              Jan 19, 2025 02:57:14.650594950 CET5789613566192.168.2.2383.222.157.50
                                              Jan 19, 2025 02:57:14.655652046 CET135665789683.222.157.50192.168.2.23
                                              Jan 19, 2025 02:57:14.655714989 CET5789613566192.168.2.2383.222.157.50
                                              Jan 19, 2025 02:57:14.660793066 CET5789613566192.168.2.2383.222.157.50
                                              Jan 19, 2025 02:57:14.665757895 CET135665789683.222.157.50192.168.2.23
                                              Jan 19, 2025 02:57:14.665822983 CET5789613566192.168.2.2383.222.157.50
                                              Jan 19, 2025 02:57:14.667509079 CET4210213566192.168.2.2383.222.19.4
                                              Jan 19, 2025 02:57:14.672375917 CET135664210283.222.19.4192.168.2.23
                                              Jan 19, 2025 02:57:14.672461987 CET4210213566192.168.2.2383.222.19.4
                                              Jan 19, 2025 02:57:14.674808025 CET4210213566192.168.2.2383.222.19.4
                                              Jan 19, 2025 02:57:14.679717064 CET135664210283.222.19.4192.168.2.23
                                              Jan 19, 2025 02:57:14.679800034 CET4210213566192.168.2.2383.222.19.4
                                              Jan 19, 2025 02:57:14.686134100 CET4782813566192.168.2.2383.222.77.114
                                              Jan 19, 2025 02:57:14.691025972 CET135664782883.222.77.114192.168.2.23
                                              Jan 19, 2025 02:57:14.691107988 CET4782813566192.168.2.2383.222.77.114
                                              Jan 19, 2025 02:57:14.692287922 CET4782813566192.168.2.2383.222.77.114
                                              Jan 19, 2025 02:57:14.697190046 CET135664782883.222.77.114192.168.2.23
                                              Jan 19, 2025 02:57:14.697251081 CET4782813566192.168.2.2383.222.77.114
                                              Jan 19, 2025 02:57:14.698558092 CET4189813566192.168.2.2383.222.249.226
                                              Jan 19, 2025 02:57:14.703491926 CET135664189883.222.249.226192.168.2.23
                                              Jan 19, 2025 02:57:14.703888893 CET4189813566192.168.2.2383.222.249.226
                                              Jan 19, 2025 02:57:14.711334944 CET4189813566192.168.2.2383.222.249.226
                                              Jan 19, 2025 02:57:14.716376066 CET135664189883.222.249.226192.168.2.23
                                              Jan 19, 2025 02:57:14.716478109 CET4189813566192.168.2.2383.222.249.226
                                              Jan 19, 2025 02:57:14.720316887 CET5632813566192.168.2.2383.222.21.47
                                              Jan 19, 2025 02:57:14.725277901 CET135665632883.222.21.47192.168.2.23
                                              Jan 19, 2025 02:57:14.725353003 CET5632813566192.168.2.2383.222.21.47
                                              Jan 19, 2025 02:57:14.733082056 CET5632813566192.168.2.2383.222.21.47
                                              Jan 19, 2025 02:57:14.738049984 CET135665632883.222.21.47192.168.2.23
                                              Jan 19, 2025 02:57:14.738125086 CET5632813566192.168.2.2383.222.21.47
                                              Jan 19, 2025 02:57:14.739027023 CET5667213566192.168.2.2383.222.164.140
                                              Jan 19, 2025 02:57:14.743941069 CET135665667283.222.164.140192.168.2.23
                                              Jan 19, 2025 02:57:14.744016886 CET5667213566192.168.2.2383.222.164.140
                                              Jan 19, 2025 02:57:14.748692036 CET5667213566192.168.2.2383.222.164.140
                                              Jan 19, 2025 02:57:14.753560066 CET135665667283.222.164.140192.168.2.23
                                              Jan 19, 2025 02:57:14.753621101 CET5667213566192.168.2.2383.222.164.140
                                              Jan 19, 2025 02:57:14.760567904 CET5233613566192.168.2.2383.222.141.124
                                              Jan 19, 2025 02:57:14.766670942 CET135665233683.222.141.124192.168.2.23
                                              Jan 19, 2025 02:57:14.766957045 CET5233613566192.168.2.2383.222.141.124
                                              Jan 19, 2025 02:57:14.771117926 CET5233613566192.168.2.2383.222.141.124
                                              Jan 19, 2025 02:57:14.774187088 CET5901813566192.168.2.2383.222.133.209
                                              Jan 19, 2025 02:57:14.777362108 CET135665233683.222.141.124192.168.2.23
                                              Jan 19, 2025 02:57:14.777420044 CET5233613566192.168.2.2383.222.141.124
                                              Jan 19, 2025 02:57:14.780256987 CET135665901883.222.133.209192.168.2.23
                                              Jan 19, 2025 02:57:14.780313969 CET5901813566192.168.2.2383.222.133.209
                                              Jan 19, 2025 02:57:14.781320095 CET3563813566192.168.2.2383.222.169.31
                                              Jan 19, 2025 02:57:14.786166906 CET135663563883.222.169.31192.168.2.23
                                              Jan 19, 2025 02:57:14.786233902 CET3563813566192.168.2.2383.222.169.31
                                              Jan 19, 2025 02:57:14.788328886 CET5280813566192.168.2.2383.222.85.62
                                              Jan 19, 2025 02:57:14.793206930 CET135665280883.222.85.62192.168.2.23
                                              Jan 19, 2025 02:57:14.793266058 CET5280813566192.168.2.2383.222.85.62
                                              Jan 19, 2025 02:57:14.797002077 CET5114813566192.168.2.2383.222.31.12
                                              Jan 19, 2025 02:57:14.801951885 CET135665114883.222.31.12192.168.2.23
                                              Jan 19, 2025 02:57:14.802067995 CET5114813566192.168.2.2383.222.31.12
                                              Jan 19, 2025 02:57:14.802911043 CET3968013566192.168.2.2383.222.70.210
                                              Jan 19, 2025 02:57:14.807966948 CET135663968083.222.70.210192.168.2.23
                                              Jan 19, 2025 02:57:14.808026075 CET3968013566192.168.2.2383.222.70.210
                                              Jan 19, 2025 02:57:14.811526060 CET3720813566192.168.2.2383.222.151.127
                                              Jan 19, 2025 02:57:14.816479921 CET135663720883.222.151.127192.168.2.23
                                              Jan 19, 2025 02:57:14.816817999 CET3720813566192.168.2.2383.222.151.127
                                              Jan 19, 2025 02:57:14.818276882 CET5546813566192.168.2.2383.222.10.0
                                              Jan 19, 2025 02:57:14.823144913 CET135665546883.222.10.0192.168.2.23
                                              Jan 19, 2025 02:57:14.823249102 CET5546813566192.168.2.2383.222.10.0
                                              Jan 19, 2025 02:57:14.831140041 CET4802613566192.168.2.2383.222.101.220
                                              Jan 19, 2025 02:57:14.836797953 CET135664802683.222.101.220192.168.2.23
                                              Jan 19, 2025 02:57:14.836929083 CET4802613566192.168.2.2383.222.101.220
                                              Jan 19, 2025 02:57:14.837626934 CET4802613566192.168.2.2383.222.101.220
                                              Jan 19, 2025 02:57:14.840647936 CET5383613566192.168.2.2383.222.252.2
                                              Jan 19, 2025 02:57:14.842519045 CET135664802683.222.101.220192.168.2.23
                                              Jan 19, 2025 02:57:14.842559099 CET135664802683.222.101.220192.168.2.23
                                              Jan 19, 2025 02:57:14.842916965 CET4802613566192.168.2.2383.222.101.220
                                              Jan 19, 2025 02:57:14.845510960 CET135665383683.222.252.2192.168.2.23
                                              Jan 19, 2025 02:57:14.845568895 CET5383613566192.168.2.2383.222.252.2
                                              Jan 19, 2025 02:57:14.848337889 CET3461013566192.168.2.2383.222.15.16
                                              Jan 19, 2025 02:57:14.853306055 CET135663461083.222.15.16192.168.2.23
                                              Jan 19, 2025 02:57:14.853369951 CET3461013566192.168.2.2383.222.15.16
                                              Jan 19, 2025 02:57:14.855283976 CET4555213566192.168.2.2383.222.6.92
                                              Jan 19, 2025 02:57:14.860281944 CET135664555283.222.6.92192.168.2.23
                                              Jan 19, 2025 02:57:14.860538006 CET4555213566192.168.2.2383.222.6.92
                                              Jan 19, 2025 02:57:14.861834049 CET4865613566192.168.2.2383.222.130.255
                                              Jan 19, 2025 02:57:14.866703033 CET135664865683.222.130.255192.168.2.23
                                              Jan 19, 2025 02:57:14.866774082 CET4865613566192.168.2.2383.222.130.255
                                              Jan 19, 2025 02:57:14.867448092 CET4092813566192.168.2.2383.222.62.151
                                              Jan 19, 2025 02:57:14.870376110 CET3964413566192.168.2.2383.222.46.226
                                              Jan 19, 2025 02:57:14.872309923 CET135664092883.222.62.151192.168.2.23
                                              Jan 19, 2025 02:57:14.872381926 CET4092813566192.168.2.2383.222.62.151
                                              Jan 19, 2025 02:57:14.873742104 CET5699013566192.168.2.2383.222.36.187
                                              Jan 19, 2025 02:57:14.875276089 CET135663964483.222.46.226192.168.2.23
                                              Jan 19, 2025 02:57:14.875334978 CET3964413566192.168.2.2383.222.46.226
                                              Jan 19, 2025 02:57:14.877906084 CET5597213566192.168.2.2383.222.95.169
                                              Jan 19, 2025 02:57:14.878673077 CET135665699083.222.36.187192.168.2.23
                                              Jan 19, 2025 02:57:14.878765106 CET5699013566192.168.2.2383.222.36.187
                                              Jan 19, 2025 02:57:14.882787943 CET135665597283.222.95.169192.168.2.23
                                              Jan 19, 2025 02:57:14.882883072 CET5597213566192.168.2.2383.222.95.169
                                              Jan 19, 2025 02:57:14.883483887 CET5498213566192.168.2.2383.222.141.8
                                              Jan 19, 2025 02:57:14.888375044 CET5450613566192.168.2.2383.222.200.226
                                              Jan 19, 2025 02:57:14.888401985 CET135665498283.222.141.8192.168.2.23
                                              Jan 19, 2025 02:57:14.888453007 CET5498213566192.168.2.2383.222.141.8
                                              Jan 19, 2025 02:57:14.892610073 CET5296413566192.168.2.2383.222.70.231
                                              Jan 19, 2025 02:57:14.893315077 CET135665450683.222.200.226192.168.2.23
                                              Jan 19, 2025 02:57:14.893418074 CET5450613566192.168.2.2383.222.200.226
                                              Jan 19, 2025 02:57:14.896219969 CET4550613566192.168.2.2383.222.238.140
                                              Jan 19, 2025 02:57:14.897528887 CET135665296483.222.70.231192.168.2.23
                                              Jan 19, 2025 02:57:14.897629023 CET5296413566192.168.2.2383.222.70.231
                                              Jan 19, 2025 02:57:14.899810076 CET4689213566192.168.2.2383.222.185.134
                                              Jan 19, 2025 02:57:14.901104927 CET135664550683.222.238.140192.168.2.23
                                              Jan 19, 2025 02:57:14.901161909 CET4550613566192.168.2.2383.222.238.140
                                              Jan 19, 2025 02:57:14.904616117 CET135664689283.222.185.134192.168.2.23
                                              Jan 19, 2025 02:57:14.904664040 CET4689213566192.168.2.2383.222.185.134
                                              Jan 19, 2025 02:57:14.904869080 CET4591213566192.168.2.2383.222.12.195
                                              Jan 19, 2025 02:57:14.907931089 CET4306413566192.168.2.2383.222.134.113
                                              Jan 19, 2025 02:57:14.909713984 CET135664591283.222.12.195192.168.2.23
                                              Jan 19, 2025 02:57:14.909771919 CET4591213566192.168.2.2383.222.12.195
                                              Jan 19, 2025 02:57:14.910878897 CET3359413566192.168.2.2383.222.159.131
                                              Jan 19, 2025 02:57:14.912861109 CET135664306483.222.134.113192.168.2.23
                                              Jan 19, 2025 02:57:14.912919998 CET4306413566192.168.2.2383.222.134.113
                                              Jan 19, 2025 02:57:14.913465023 CET5402613566192.168.2.2383.222.115.174
                                              Jan 19, 2025 02:57:14.916029930 CET135663359483.222.159.131192.168.2.23
                                              Jan 19, 2025 02:57:14.916083097 CET3359413566192.168.2.2383.222.159.131
                                              Jan 19, 2025 02:57:14.918023109 CET5667813566192.168.2.2383.222.147.121
                                              Jan 19, 2025 02:57:14.918896914 CET135665402683.222.115.174192.168.2.23
                                              Jan 19, 2025 02:57:14.919039965 CET5402613566192.168.2.2383.222.115.174
                                              Jan 19, 2025 02:57:14.923069954 CET135665667883.222.147.121192.168.2.23
                                              Jan 19, 2025 02:57:14.923125982 CET5667813566192.168.2.2383.222.147.121
                                              Jan 19, 2025 02:57:14.923652887 CET3379213566192.168.2.2383.222.10.21
                                              Jan 19, 2025 02:57:14.928750992 CET6018413566192.168.2.2383.222.121.73
                                              Jan 19, 2025 02:57:14.929104090 CET135663379283.222.10.21192.168.2.23
                                              Jan 19, 2025 02:57:14.929160118 CET3379213566192.168.2.2383.222.10.21
                                              Jan 19, 2025 02:57:14.935400009 CET135666018483.222.121.73192.168.2.23
                                              Jan 19, 2025 02:57:14.935456991 CET6018413566192.168.2.2383.222.121.73
                                              Jan 19, 2025 02:57:14.935955048 CET4386213566192.168.2.2383.222.172.167
                                              Jan 19, 2025 02:57:14.941395998 CET5722413566192.168.2.2383.222.43.208
                                              Jan 19, 2025 02:57:14.942190886 CET135664386283.222.172.167192.168.2.23
                                              Jan 19, 2025 02:57:14.942318916 CET4386213566192.168.2.2383.222.172.167
                                              Jan 19, 2025 02:57:14.945127010 CET5051413566192.168.2.2383.222.99.138
                                              Jan 19, 2025 02:57:14.947639942 CET135665722483.222.43.208192.168.2.23
                                              Jan 19, 2025 02:57:14.947748899 CET5722413566192.168.2.2383.222.43.208
                                              Jan 19, 2025 02:57:14.950968981 CET3491413566192.168.2.2383.222.121.240
                                              Jan 19, 2025 02:57:14.951292992 CET135665051483.222.99.138192.168.2.23
                                              Jan 19, 2025 02:57:14.951347113 CET5051413566192.168.2.2383.222.99.138
                                              Jan 19, 2025 02:57:14.955815077 CET135663491483.222.121.240192.168.2.23
                                              Jan 19, 2025 02:57:14.955885887 CET3491413566192.168.2.2383.222.121.240
                                              Jan 19, 2025 02:57:14.956382990 CET4923413566192.168.2.2383.222.147.65
                                              Jan 19, 2025 02:57:14.962410927 CET135664923483.222.147.65192.168.2.23
                                              Jan 19, 2025 02:57:14.962615013 CET4923413566192.168.2.2383.222.147.65
                                              Jan 19, 2025 02:57:14.965177059 CET4083213566192.168.2.2383.222.210.217
                                              Jan 19, 2025 02:57:14.970052004 CET135664083283.222.210.217192.168.2.23
                                              Jan 19, 2025 02:57:14.970124960 CET4083213566192.168.2.2383.222.210.217
                                              Jan 19, 2025 02:57:14.973350048 CET4473613566192.168.2.2383.222.40.193
                                              Jan 19, 2025 02:57:14.978207111 CET135664473683.222.40.193192.168.2.23
                                              Jan 19, 2025 02:57:14.978276968 CET4473613566192.168.2.2383.222.40.193
                                              Jan 19, 2025 02:57:14.982280016 CET4473613566192.168.2.2383.222.40.193
                                              Jan 19, 2025 02:57:14.987196922 CET135664473683.222.40.193192.168.2.23
                                              Jan 19, 2025 02:57:14.987263918 CET4473613566192.168.2.2383.222.40.193
                                              Jan 19, 2025 02:57:14.987858057 CET3620013566192.168.2.2383.222.102.225
                                              Jan 19, 2025 02:57:14.992816925 CET135663620083.222.102.225192.168.2.23
                                              Jan 19, 2025 02:57:14.993037939 CET3620013566192.168.2.2383.222.102.225
                                              Jan 19, 2025 02:57:15.018603086 CET4277413566192.168.2.2383.222.191.90
                                              Jan 19, 2025 02:57:15.023637056 CET135664277483.222.191.90192.168.2.23
                                              Jan 19, 2025 02:57:15.023843050 CET4277413566192.168.2.2383.222.191.90
                                              Jan 19, 2025 02:57:15.031038046 CET4277413566192.168.2.2383.222.191.90
                                              Jan 19, 2025 02:57:15.036075115 CET135664277483.222.191.90192.168.2.23
                                              Jan 19, 2025 02:57:15.036144972 CET4277413566192.168.2.2383.222.191.90
                                              Jan 19, 2025 02:57:15.041101933 CET135664277483.222.191.90192.168.2.23
                                              Jan 19, 2025 02:57:18.669315100 CET42836443192.168.2.2391.189.91.43
                                              Jan 19, 2025 02:57:25.036583900 CET4277413566192.168.2.2383.222.191.90
                                              Jan 19, 2025 02:57:25.041764975 CET135664277483.222.191.90192.168.2.23
                                              Jan 19, 2025 02:57:25.238267899 CET135664277483.222.191.90192.168.2.23
                                              Jan 19, 2025 02:57:25.238404989 CET4277413566192.168.2.2383.222.191.90
                                              Jan 19, 2025 02:57:25.690293074 CET135664277483.222.191.90192.168.2.23
                                              Jan 19, 2025 02:57:25.690365076 CET4277413566192.168.2.2383.222.191.90
                                              Jan 19, 2025 02:57:35.051002979 CET43928443192.168.2.2391.189.91.42
                                              Jan 19, 2025 02:57:43.241867065 CET4251680192.168.2.23109.202.202.202
                                              Jan 19, 2025 02:57:45.289578915 CET42836443192.168.2.2391.189.91.43
                                              Jan 19, 2025 02:58:16.005441904 CET43928443192.168.2.2391.189.91.42
                                              Jan 19, 2025 02:58:25.732475996 CET4277413566192.168.2.2383.222.191.90
                                              Jan 19, 2025 02:58:25.737431049 CET135664277483.222.191.90192.168.2.23
                                              Jan 19, 2025 02:58:25.940582991 CET135664277483.222.191.90192.168.2.23
                                              Jan 19, 2025 02:58:25.940979958 CET4277413566192.168.2.2383.222.191.90
                                              Jan 19, 2025 02:58:26.686264992 CET135664277483.222.191.90192.168.2.23
                                              Jan 19, 2025 02:58:26.686608076 CET4277413566192.168.2.2383.222.191.90
                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 19, 2025 02:57:15.003725052 CET3795053192.168.2.238.8.8.8
                                              Jan 19, 2025 02:57:15.013700962 CET53379508.8.8.8192.168.2.23

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jan 19, 2025 02:57:15.003725052 CET192.168.2.238.8.8.80xd461Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jan 19, 2025 02:57:15.013700962 CET8.8.8.8192.168.2.230xd461No error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

                                              System Behavior

                                              General

                                              Start time (UTC):01:57:13
                                              Start date (UTC):19/01/2025
                                              Path:/tmp/Kloki.arm5.elf
                                              Arguments:/tmp/Kloki.arm5.elf
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              File Activities

                                              Process Activities

                                              System Activities

                                              Network Activities


                                              General

                                              Start time (UTC):01:57:13
                                              Start date (UTC):19/01/2025
                                              Path:/tmp/Kloki.arm5.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              File Activities

                                              Process Activities


                                              General

                                              Start time (UTC):01:57:13
                                              Start date (UTC):19/01/2025
                                              Path:/tmp/Kloki.arm5.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Process Activities

                                              Network Activities


                                              General

                                              Start time (UTC):01:57:13
                                              Start date (UTC):19/01/2025
                                              Path:/tmp/Kloki.arm5.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              File Activities

                                              Process Activities


                                              General

                                              Start time (UTC):01:57:13
                                              Start date (UTC):19/01/2025
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Process Activities


                                              General

                                              Start time (UTC):01:57:13
                                              Start date (UTC):19/01/2025
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              File Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Process Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              File Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Process Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              File Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Process Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              File Activities

                                              Process Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/usr/bin/gnome-shell
                                              Arguments:/usr/bin/gnome-shell
                                              File size:23168 bytes
                                              MD5 hash:da7a257239677622fe4b3a65972c9e87

                                              File Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/usr/sbin/gdm3
                                              Arguments:-
                                              File size:453296 bytes
                                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                              Process Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/etc/gdm3/PrimeOff/Default
                                              Arguments:/etc/gdm3/PrimeOff/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              File Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/usr/sbin/gdm3
                                              Arguments:-
                                              File size:453296 bytes
                                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                              Process Activities


                                              General

                                              Start time (UTC):01:57:14
                                              Start date (UTC):19/01/2025
                                              Path:/etc/gdm3/PrimeOff/Default
                                              Arguments:/etc/gdm3/PrimeOff/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              File Activities