Linux
Analysis Report
Kloki.sh4.elf
Overview
General Information
Sample name: | Kloki.sh4.elf |
Analysis ID: | 1594496 |
MD5: | fe6d747aff69396231c579700d673775 |
SHA1: | 5ecb9c6cc0ac382e97882a4a1164c8ee3895a783 |
SHA256: | 649c8f52c7bc85fb0f997557bdd19d972230c99c141c8834796db07fb43d6878 |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1594496 |
Start date and time: | 2025-01-19 03:22:09 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | Kloki.sh4.elf |
Detection: | MAL |
Classification: | mal60.spre.linELF@0/0@1/0 |
Command: | /tmp/Kloki.sh4.elf |
PID: | 5441 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | suka |
Standard Error: |
- system is lnxubuntu20
- Kloki.sh4.elf New Fork (PID: 5443, Parent: 5441)
- Kloki.sh4.elf New Fork (PID: 5445, Parent: 5441)
- Kloki.sh4.elf New Fork (PID: 5447, Parent: 5445)
- gnome-session-binary New Fork (PID: 5449, Parent: 1588)
- gnome-session-binary New Fork (PID: 5468, Parent: 1588)
- gnome-session-binary New Fork (PID: 5470, Parent: 1588)
- gnome-session-binary New Fork (PID: 5471, Parent: 1588)
- gdm3 New Fork (PID: 5472, Parent: 1400)
- gdm3 New Fork (PID: 5475, Parent: 1400)
- systemd New Fork (PID: 5486, Parent: 1)
- cleanup
⊘No yara matches
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-19T03:22:59.888796+0100 | 2500034 | 2 | Misc Attack | 83.222.191.90 | 13566 | 192.168.2.13 | 42788 | TCP |
- • AV Detection
- • Spreading
- • Networking
- • System Summary
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link |
Source: | String: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | Suricata IDS: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | 1 Service Stop |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | Virustotal | Browse | ||
100% | Avira | EXP/ELF.Mirai.W |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
secure-network-rebirthltd.ru | 83.222.191.90 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
83.222.60.229 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.187.150 | unknown | Bulgaria | 43561 | NET1-ASBG | false | |
83.222.127.151 | unknown | Russian Federation | 47328 | TRI-ASTrueRecordsIncES | false | |
83.222.46.159 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.52.147 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.149.84 | unknown | Switzerland | 31736 | SENSELAN-ASsenseLANGmbHCH | false | |
83.222.29.191 | unknown | Russian Federation | 25532 | MASTERHOST-ASMoscowRussiaRU | false | |
83.222.218.201 | unknown | Russian Federation | 25159 | SONICDUO-ASRU | false | |
83.222.38.243 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.53.119 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.87.233 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.227.248 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.170.87 | unknown | Bulgaria | 49040 | KIG-UNISAT-TVBG | false | |
83.222.38.126 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.2.83 | unknown | Russian Federation | 25532 | MASTERHOST-ASMoscowRussiaRU | false | |
83.222.187.141 | unknown | Bulgaria | 43561 | NET1-ASBG | false | |
83.222.126.103 | unknown | Russian Federation | 47328 | TRI-ASTrueRecordsIncES | false | |
83.222.198.68 | unknown | Russian Federation | 6854 | SYNTERRA-ASRU | false | |
83.222.166.241 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.149.168 | unknown | Switzerland | 31736 | SENSELAN-ASsenseLANGmbHCH | false | |
83.222.13.42 | unknown | Russian Federation | 25532 | MASTERHOST-ASMoscowRussiaRU | false | |
83.222.74.54 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.71.67 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.50.224 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.222.59 | unknown | Russian Federation | 25159 | SONICDUO-ASRU | false | |
83.222.122.137 | unknown | Russian Federation | 42632 | MNOGOBYTE-ASMoscowRussiaRU | false | |
83.222.86.152 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.32.111 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.240.207 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.236.221 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.85.5 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.236.185 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.177.162 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.111.180 | unknown | Russian Federation | 42632 | MNOGOBYTE-ASMoscowRussiaRU | false | |
83.222.59.75 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.255.112 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.123.155 | unknown | Russian Federation | 42632 | MNOGOBYTE-ASMoscowRussiaRU | false | |
83.222.135.55 | unknown | Switzerland | 31736 | SENSELAN-ASsenseLANGmbHCH | false | |
83.222.205.208 | unknown | Russian Federation | 6854 | SYNTERRA-ASRU | false | |
83.222.93.70 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.195.121 | unknown | Russian Federation | 6854 | SYNTERRA-ASRU | false | |
83.222.9.18 | unknown | Russian Federation | 25532 | MASTERHOST-ASMoscowRussiaRU | false | |
83.222.119.3 | unknown | Russian Federation | 42632 | MNOGOBYTE-ASMoscowRussiaRU | false | |
83.222.28.56 | unknown | Russian Federation | 25532 | MASTERHOST-ASMoscowRussiaRU | false | |
83.222.161.168 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.212.206 | unknown | Russian Federation | 25159 | SONICDUO-ASRU | false | |
83.222.249.137 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.202.75 | unknown | Russian Federation | 6854 | SYNTERRA-ASRU | false | |
83.222.246.141 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.191.90 | secure-network-rebirthltd.ru | Bulgaria | 43561 | NET1-ASBG | false | |
83.222.89.200 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.74.37 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.42.173 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.231.118 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.54.4 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.74.245 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.117.39 | unknown | Russian Federation | 42632 | MNOGOBYTE-ASMoscowRussiaRU | false | |
83.222.195.159 | unknown | Russian Federation | 6854 | SYNTERRA-ASRU | false | |
83.222.118.158 | unknown | Russian Federation | 42632 | MNOGOBYTE-ASMoscowRussiaRU | false | |
83.222.224.99 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.41.144 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.186.219 | unknown | Bulgaria | 43561 | NET1-ASBG | false | |
83.222.178.235 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.176.33 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
83.222.187.150 | Get hash | malicious | Unknown | Browse | ||
83.222.111.180 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
secure-network-rebirthltd.ru | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
LOL-ASluLU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
LOL-ASluLU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
TRI-ASTrueRecordsIncES | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
NET1-ASBG | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.856830392608925 |
TrID: |
|
File name: | Kloki.sh4.elf |
File size: | 56'104 bytes |
MD5: | fe6d747aff69396231c579700d673775 |
SHA1: | 5ecb9c6cc0ac382e97882a4a1164c8ee3895a783 |
SHA256: | 649c8f52c7bc85fb0f997557bdd19d972230c99c141c8834796db07fb43d6878 |
SHA512: | 6caf2c16283ce2fda7dd8d68d0f1fb155a161522dc55f1f3cef7ae543d882bafc1c587dbfc1ceff6c07c012fde23646530cb6b402a6c5bf0857b79653c8dbf65 |
SSDEEP: | 768:Vaawtf7j0/ueoUHrD7uDLvWYCyw4ugQaCHCjsKrPJyaRolIASaCTe7pHfAkvHLI:VaawtftJCHyLulaGKrPJ1GlaaCTpkvL |
TLSH: | A5438D37C93A7E84D19996B4B8318E352B53E484C2531FBF06A5C66AA043DECF6053F6 |
File Content Preview: | .ELF..............*.......@.4...........4. ...(...............@...@...........................A...A......4..........Q.td............................././"O.n........#.*@........#.*@L....o&O.n...l..............................././.../.a"O.!...n...a.b("...q. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 55704 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x30 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x4000e0 | 0xe0 | 0xc260 | 0x0 | 0x6 | AX | 0 | 0 | 32 |
.fini | PROGBITS | 0x40c340 | 0xc340 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x40c364 | 0xc364 | 0x1268 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x41d5d0 | 0xd5d0 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x41d5d8 | 0xd5d8 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x41d5e4 | 0xd5e4 | 0x374 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x41d958 | 0xd958 | 0x3174 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xd958 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0xd5cc | 0xd5cc | 6.9117 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0xd5d0 | 0x41d5d0 | 0x41d5d0 | 0x388 | 0x34fc | 2.8748 | 0x6 | RW | 0x10000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-19T03:22:59.888796+0100 | 2500034 | ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 | 2 | 83.222.191.90 | 13566 | 192.168.2.13 | 42788 | TCP |
- Total Packets: 149
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 19, 2025 03:22:59.473004103 CET | 53986 | 13566 | 192.168.2.13 | 83.222.74.54 |
Jan 19, 2025 03:22:59.477139950 CET | 33332 | 13566 | 192.168.2.13 | 83.222.246.141 |
Jan 19, 2025 03:22:59.477891922 CET | 54160 | 13566 | 192.168.2.13 | 83.222.28.56 |
Jan 19, 2025 03:22:59.478542089 CET | 40408 | 13566 | 192.168.2.13 | 83.222.187.141 |
Jan 19, 2025 03:22:59.478605032 CET | 13566 | 53986 | 83.222.74.54 | 192.168.2.13 |
Jan 19, 2025 03:22:59.478847980 CET | 53986 | 13566 | 192.168.2.13 | 83.222.74.54 |
Jan 19, 2025 03:22:59.479037046 CET | 52652 | 13566 | 192.168.2.13 | 83.222.149.168 |
Jan 19, 2025 03:22:59.482332945 CET | 13566 | 33332 | 83.222.246.141 | 192.168.2.13 |
Jan 19, 2025 03:22:59.482544899 CET | 33332 | 13566 | 192.168.2.13 | 83.222.246.141 |
Jan 19, 2025 03:22:59.483233929 CET | 13566 | 54160 | 83.222.28.56 | 192.168.2.13 |
Jan 19, 2025 03:22:59.483305931 CET | 54160 | 13566 | 192.168.2.13 | 83.222.28.56 |
Jan 19, 2025 03:22:59.483817101 CET | 13566 | 40408 | 83.222.187.141 | 192.168.2.13 |
Jan 19, 2025 03:22:59.483874083 CET | 40408 | 13566 | 192.168.2.13 | 83.222.187.141 |
Jan 19, 2025 03:22:59.484460115 CET | 13566 | 52652 | 83.222.149.168 | 192.168.2.13 |
Jan 19, 2025 03:22:59.484512091 CET | 52652 | 13566 | 192.168.2.13 | 83.222.149.168 |
Jan 19, 2025 03:22:59.494052887 CET | 52562 | 13566 | 192.168.2.13 | 83.222.32.111 |
Jan 19, 2025 03:22:59.499357939 CET | 13566 | 52562 | 83.222.32.111 | 192.168.2.13 |
Jan 19, 2025 03:22:59.499435902 CET | 52562 | 13566 | 192.168.2.13 | 83.222.32.111 |
Jan 19, 2025 03:22:59.511090040 CET | 52562 | 13566 | 192.168.2.13 | 83.222.32.111 |
Jan 19, 2025 03:22:59.516477108 CET | 13566 | 52562 | 83.222.32.111 | 192.168.2.13 |
Jan 19, 2025 03:22:59.516541004 CET | 52562 | 13566 | 192.168.2.13 | 83.222.32.111 |
Jan 19, 2025 03:22:59.550405979 CET | 55546 | 13566 | 192.168.2.13 | 83.222.111.180 |
Jan 19, 2025 03:22:59.554716110 CET | 53252 | 13566 | 192.168.2.13 | 83.222.231.118 |
Jan 19, 2025 03:22:59.555809021 CET | 13566 | 55546 | 83.222.111.180 | 192.168.2.13 |
Jan 19, 2025 03:22:59.555998087 CET | 55546 | 13566 | 192.168.2.13 | 83.222.111.180 |
Jan 19, 2025 03:22:59.558228970 CET | 56200 | 13566 | 192.168.2.13 | 83.222.93.70 |
Jan 19, 2025 03:22:59.559638023 CET | 13566 | 53252 | 83.222.231.118 | 192.168.2.13 |
Jan 19, 2025 03:22:59.559696913 CET | 53252 | 13566 | 192.168.2.13 | 83.222.231.118 |
Jan 19, 2025 03:22:59.561892986 CET | 60602 | 13566 | 192.168.2.13 | 83.222.170.87 |
Jan 19, 2025 03:22:59.563086033 CET | 13566 | 56200 | 83.222.93.70 | 192.168.2.13 |
Jan 19, 2025 03:22:59.563138008 CET | 56200 | 13566 | 192.168.2.13 | 83.222.93.70 |
Jan 19, 2025 03:22:59.565809965 CET | 46512 | 13566 | 192.168.2.13 | 83.222.52.147 |
Jan 19, 2025 03:22:59.566977024 CET | 13566 | 60602 | 83.222.170.87 | 192.168.2.13 |
Jan 19, 2025 03:22:59.567178965 CET | 60602 | 13566 | 192.168.2.13 | 83.222.170.87 |
Jan 19, 2025 03:22:59.569689989 CET | 52560 | 13566 | 192.168.2.13 | 83.222.60.229 |
Jan 19, 2025 03:22:59.570871115 CET | 13566 | 46512 | 83.222.52.147 | 192.168.2.13 |
Jan 19, 2025 03:22:59.571043015 CET | 46512 | 13566 | 192.168.2.13 | 83.222.52.147 |
Jan 19, 2025 03:22:59.574771881 CET | 13566 | 52560 | 83.222.60.229 | 192.168.2.13 |
Jan 19, 2025 03:22:59.574856997 CET | 52560 | 13566 | 192.168.2.13 | 83.222.60.229 |
Jan 19, 2025 03:22:59.575552940 CET | 48722 | 13566 | 192.168.2.13 | 83.222.38.243 |
Jan 19, 2025 03:22:59.580522060 CET | 13566 | 48722 | 83.222.38.243 | 192.168.2.13 |
Jan 19, 2025 03:22:59.580701113 CET | 48722 | 13566 | 192.168.2.13 | 83.222.38.243 |
Jan 19, 2025 03:22:59.582462072 CET | 49556 | 13566 | 192.168.2.13 | 83.222.74.37 |
Jan 19, 2025 03:22:59.588305950 CET | 13566 | 49556 | 83.222.74.37 | 192.168.2.13 |
Jan 19, 2025 03:22:59.588366032 CET | 49556 | 13566 | 192.168.2.13 | 83.222.74.37 |
Jan 19, 2025 03:22:59.603770018 CET | 49556 | 13566 | 192.168.2.13 | 83.222.74.37 |
Jan 19, 2025 03:22:59.609004021 CET | 13566 | 49556 | 83.222.74.37 | 192.168.2.13 |
Jan 19, 2025 03:22:59.609234095 CET | 49556 | 13566 | 192.168.2.13 | 83.222.74.37 |
Jan 19, 2025 03:22:59.620402098 CET | 55960 | 13566 | 192.168.2.13 | 83.222.127.151 |
Jan 19, 2025 03:22:59.625718117 CET | 13566 | 55960 | 83.222.127.151 | 192.168.2.13 |
Jan 19, 2025 03:22:59.625777960 CET | 55960 | 13566 | 192.168.2.13 | 83.222.127.151 |
Jan 19, 2025 03:22:59.637707949 CET | 55960 | 13566 | 192.168.2.13 | 83.222.127.151 |
Jan 19, 2025 03:22:59.638225079 CET | 34030 | 13566 | 192.168.2.13 | 83.222.218.201 |
Jan 19, 2025 03:22:59.643007994 CET | 13566 | 55960 | 83.222.127.151 | 192.168.2.13 |
Jan 19, 2025 03:22:59.643058062 CET | 55960 | 13566 | 192.168.2.13 | 83.222.127.151 |
Jan 19, 2025 03:22:59.643400908 CET | 13566 | 34030 | 83.222.218.201 | 192.168.2.13 |
Jan 19, 2025 03:22:59.643466949 CET | 34030 | 13566 | 192.168.2.13 | 83.222.218.201 |
Jan 19, 2025 03:22:59.645525932 CET | 34030 | 13566 | 192.168.2.13 | 83.222.218.201 |
Jan 19, 2025 03:22:59.647732019 CET | 47940 | 13566 | 192.168.2.13 | 83.222.205.208 |
Jan 19, 2025 03:22:59.650579929 CET | 42802 | 13566 | 192.168.2.13 | 83.222.87.233 |
Jan 19, 2025 03:22:59.651724100 CET | 60116 | 13566 | 192.168.2.13 | 83.222.9.18 |
Jan 19, 2025 03:22:59.652028084 CET | 13566 | 34030 | 83.222.218.201 | 192.168.2.13 |
Jan 19, 2025 03:22:59.652201891 CET | 34030 | 13566 | 192.168.2.13 | 83.222.218.201 |
Jan 19, 2025 03:22:59.654129028 CET | 13566 | 47940 | 83.222.205.208 | 192.168.2.13 |
Jan 19, 2025 03:22:59.654314995 CET | 47940 | 13566 | 192.168.2.13 | 83.222.205.208 |
Jan 19, 2025 03:22:59.656064034 CET | 13566 | 42802 | 83.222.87.233 | 192.168.2.13 |
Jan 19, 2025 03:22:59.656101942 CET | 42802 | 13566 | 192.168.2.13 | 83.222.87.233 |
Jan 19, 2025 03:22:59.656668901 CET | 13566 | 60116 | 83.222.9.18 | 192.168.2.13 |
Jan 19, 2025 03:22:59.656744003 CET | 60116 | 13566 | 192.168.2.13 | 83.222.9.18 |
Jan 19, 2025 03:22:59.659709930 CET | 51670 | 13566 | 192.168.2.13 | 83.222.118.158 |
Jan 19, 2025 03:22:59.664753914 CET | 13566 | 51670 | 83.222.118.158 | 192.168.2.13 |
Jan 19, 2025 03:22:59.664819956 CET | 51670 | 13566 | 192.168.2.13 | 83.222.118.158 |
Jan 19, 2025 03:22:59.678030968 CET | 51670 | 13566 | 192.168.2.13 | 83.222.118.158 |
Jan 19, 2025 03:22:59.684815884 CET | 13566 | 51670 | 83.222.118.158 | 192.168.2.13 |
Jan 19, 2025 03:22:59.686036110 CET | 51670 | 13566 | 192.168.2.13 | 83.222.118.158 |
Jan 19, 2025 03:22:59.707124949 CET | 46820 | 13566 | 192.168.2.13 | 83.222.187.150 |
Jan 19, 2025 03:22:59.711982965 CET | 13566 | 46820 | 83.222.187.150 | 192.168.2.13 |
Jan 19, 2025 03:22:59.712064981 CET | 46820 | 13566 | 192.168.2.13 | 83.222.187.150 |
Jan 19, 2025 03:22:59.713442087 CET | 45828 | 13566 | 192.168.2.13 | 83.222.13.42 |
Jan 19, 2025 03:22:59.717195988 CET | 43970 | 13566 | 192.168.2.13 | 83.222.74.245 |
Jan 19, 2025 03:22:59.719569921 CET | 13566 | 45828 | 83.222.13.42 | 192.168.2.13 |
Jan 19, 2025 03:22:59.720705032 CET | 45828 | 13566 | 192.168.2.13 | 83.222.13.42 |
Jan 19, 2025 03:22:59.722146988 CET | 13566 | 43970 | 83.222.74.245 | 192.168.2.13 |
Jan 19, 2025 03:22:59.722260952 CET | 43970 | 13566 | 192.168.2.13 | 83.222.74.245 |
Jan 19, 2025 03:22:59.723978996 CET | 35054 | 13566 | 192.168.2.13 | 83.222.161.168 |
Jan 19, 2025 03:22:59.728441954 CET | 55776 | 13566 | 192.168.2.13 | 83.222.59.75 |
Jan 19, 2025 03:22:59.728912115 CET | 13566 | 35054 | 83.222.161.168 | 192.168.2.13 |
Jan 19, 2025 03:22:59.728980064 CET | 35054 | 13566 | 192.168.2.13 | 83.222.161.168 |
Jan 19, 2025 03:22:59.732240915 CET | 44820 | 13566 | 192.168.2.13 | 83.222.255.112 |
Jan 19, 2025 03:22:59.733278036 CET | 13566 | 55776 | 83.222.59.75 | 192.168.2.13 |
Jan 19, 2025 03:22:59.733342886 CET | 55776 | 13566 | 192.168.2.13 | 83.222.59.75 |
Jan 19, 2025 03:22:59.735743999 CET | 40934 | 13566 | 192.168.2.13 | 83.222.222.59 |
Jan 19, 2025 03:22:59.737572908 CET | 13566 | 44820 | 83.222.255.112 | 192.168.2.13 |
Jan 19, 2025 03:22:59.737622023 CET | 44820 | 13566 | 192.168.2.13 | 83.222.255.112 |
Jan 19, 2025 03:22:59.738923073 CET | 60228 | 13566 | 192.168.2.13 | 83.222.85.5 |
Jan 19, 2025 03:22:59.740804911 CET | 13566 | 40934 | 83.222.222.59 | 192.168.2.13 |
Jan 19, 2025 03:22:59.740907907 CET | 40934 | 13566 | 192.168.2.13 | 83.222.222.59 |
Jan 19, 2025 03:22:59.743689060 CET | 13566 | 60228 | 83.222.85.5 | 192.168.2.13 |
Jan 19, 2025 03:22:59.743742943 CET | 60228 | 13566 | 192.168.2.13 | 83.222.85.5 |
Jan 19, 2025 03:22:59.750792980 CET | 36282 | 13566 | 192.168.2.13 | 83.222.46.159 |
Jan 19, 2025 03:22:59.757469893 CET | 13566 | 36282 | 83.222.46.159 | 192.168.2.13 |
Jan 19, 2025 03:22:59.757539988 CET | 36282 | 13566 | 192.168.2.13 | 83.222.46.159 |
Jan 19, 2025 03:22:59.760792971 CET | 52452 | 13566 | 192.168.2.13 | 83.222.42.173 |
Jan 19, 2025 03:22:59.762029886 CET | 41970 | 13566 | 192.168.2.13 | 83.222.54.4 |
Jan 19, 2025 03:22:59.763185978 CET | 36606 | 13566 | 192.168.2.13 | 83.222.119.3 |
Jan 19, 2025 03:22:59.764137030 CET | 58238 | 13566 | 192.168.2.13 | 83.222.212.206 |
Jan 19, 2025 03:22:59.765909910 CET | 13566 | 52452 | 83.222.42.173 | 192.168.2.13 |
Jan 19, 2025 03:22:59.765993118 CET | 52452 | 13566 | 192.168.2.13 | 83.222.42.173 |
Jan 19, 2025 03:22:59.766086102 CET | 50632 | 13566 | 192.168.2.13 | 83.222.236.221 |
Jan 19, 2025 03:22:59.767009974 CET | 13566 | 41970 | 83.222.54.4 | 192.168.2.13 |
Jan 19, 2025 03:22:59.767066956 CET | 41970 | 13566 | 192.168.2.13 | 83.222.54.4 |
Jan 19, 2025 03:22:59.768248081 CET | 13566 | 36606 | 83.222.119.3 | 192.168.2.13 |
Jan 19, 2025 03:22:59.768362999 CET | 36606 | 13566 | 192.168.2.13 | 83.222.119.3 |
Jan 19, 2025 03:22:59.769226074 CET | 13566 | 58238 | 83.222.212.206 | 192.168.2.13 |
Jan 19, 2025 03:22:59.769328117 CET | 51646 | 13566 | 192.168.2.13 | 83.222.224.99 |
Jan 19, 2025 03:22:59.769334078 CET | 58238 | 13566 | 192.168.2.13 | 83.222.212.206 |
Jan 19, 2025 03:22:59.771115065 CET | 13566 | 50632 | 83.222.236.221 | 192.168.2.13 |
Jan 19, 2025 03:22:59.771162033 CET | 50632 | 13566 | 192.168.2.13 | 83.222.236.221 |
Jan 19, 2025 03:22:59.773752928 CET | 33828 | 13566 | 192.168.2.13 | 83.222.123.155 |
Jan 19, 2025 03:22:59.774455070 CET | 13566 | 51646 | 83.222.224.99 | 192.168.2.13 |
Jan 19, 2025 03:22:59.774497032 CET | 51646 | 13566 | 192.168.2.13 | 83.222.224.99 |
Jan 19, 2025 03:22:59.775866985 CET | 46116 | 13566 | 192.168.2.13 | 83.222.249.137 |
Jan 19, 2025 03:22:59.778476000 CET | 57084 | 13566 | 192.168.2.13 | 83.222.198.68 |
Jan 19, 2025 03:22:59.778614044 CET | 13566 | 33828 | 83.222.123.155 | 192.168.2.13 |
Jan 19, 2025 03:22:59.778670073 CET | 33828 | 13566 | 192.168.2.13 | 83.222.123.155 |
Jan 19, 2025 03:22:59.780591011 CET | 43014 | 13566 | 192.168.2.13 | 83.222.126.103 |
Jan 19, 2025 03:22:59.780641079 CET | 13566 | 46116 | 83.222.249.137 | 192.168.2.13 |
Jan 19, 2025 03:22:59.780685902 CET | 46116 | 13566 | 192.168.2.13 | 83.222.249.137 |
Jan 19, 2025 03:22:59.783184052 CET | 50798 | 13566 | 192.168.2.13 | 83.222.236.185 |
Jan 19, 2025 03:22:59.783376932 CET | 13566 | 57084 | 83.222.198.68 | 192.168.2.13 |
Jan 19, 2025 03:22:59.783426046 CET | 57084 | 13566 | 192.168.2.13 | 83.222.198.68 |
Jan 19, 2025 03:22:59.785408974 CET | 13566 | 43014 | 83.222.126.103 | 192.168.2.13 |
Jan 19, 2025 03:22:59.785415888 CET | 37402 | 13566 | 192.168.2.13 | 83.222.178.235 |
Jan 19, 2025 03:22:59.785449982 CET | 43014 | 13566 | 192.168.2.13 | 83.222.126.103 |
Jan 19, 2025 03:22:59.788019896 CET | 42408 | 13566 | 192.168.2.13 | 83.222.41.144 |
Jan 19, 2025 03:22:59.789242983 CET | 13566 | 50798 | 83.222.236.185 | 192.168.2.13 |
Jan 19, 2025 03:22:59.789290905 CET | 50798 | 13566 | 192.168.2.13 | 83.222.236.185 |
Jan 19, 2025 03:22:59.790112972 CET | 52806 | 13566 | 192.168.2.13 | 83.222.38.126 |
Jan 19, 2025 03:22:59.790671110 CET | 13566 | 37402 | 83.222.178.235 | 192.168.2.13 |
Jan 19, 2025 03:22:59.790713072 CET | 37402 | 13566 | 192.168.2.13 | 83.222.178.235 |
Jan 19, 2025 03:22:59.792156935 CET | 34114 | 13566 | 192.168.2.13 | 83.222.149.84 |
Jan 19, 2025 03:22:59.792834044 CET | 13566 | 42408 | 83.222.41.144 | 192.168.2.13 |
Jan 19, 2025 03:22:59.792886019 CET | 42408 | 13566 | 192.168.2.13 | 83.222.41.144 |
Jan 19, 2025 03:22:59.793893099 CET | 36758 | 13566 | 192.168.2.13 | 83.222.29.191 |
Jan 19, 2025 03:22:59.794996977 CET | 13566 | 52806 | 83.222.38.126 | 192.168.2.13 |
Jan 19, 2025 03:22:59.795219898 CET | 52806 | 13566 | 192.168.2.13 | 83.222.38.126 |
Jan 19, 2025 03:22:59.796494961 CET | 48908 | 13566 | 192.168.2.13 | 83.222.2.83 |
Jan 19, 2025 03:22:59.796996117 CET | 13566 | 34114 | 83.222.149.84 | 192.168.2.13 |
Jan 19, 2025 03:22:59.797069073 CET | 34114 | 13566 | 192.168.2.13 | 83.222.149.84 |
Jan 19, 2025 03:22:59.798230886 CET | 40226 | 13566 | 192.168.2.13 | 83.222.195.121 |
Jan 19, 2025 03:22:59.798742056 CET | 13566 | 36758 | 83.222.29.191 | 192.168.2.13 |
Jan 19, 2025 03:22:59.798790932 CET | 36758 | 13566 | 192.168.2.13 | 83.222.29.191 |
Jan 19, 2025 03:22:59.800414085 CET | 34438 | 13566 | 192.168.2.13 | 83.222.86.152 |
Jan 19, 2025 03:22:59.801373959 CET | 13566 | 48908 | 83.222.2.83 | 192.168.2.13 |
Jan 19, 2025 03:22:59.801600933 CET | 48908 | 13566 | 192.168.2.13 | 83.222.2.83 |
Jan 19, 2025 03:22:59.802692890 CET | 55308 | 13566 | 192.168.2.13 | 83.222.71.67 |
Jan 19, 2025 03:22:59.802957058 CET | 13566 | 40226 | 83.222.195.121 | 192.168.2.13 |
Jan 19, 2025 03:22:59.802999973 CET | 40226 | 13566 | 192.168.2.13 | 83.222.195.121 |
Jan 19, 2025 03:22:59.805227995 CET | 13566 | 34438 | 83.222.86.152 | 192.168.2.13 |
Jan 19, 2025 03:22:59.805345058 CET | 34438 | 13566 | 192.168.2.13 | 83.222.86.152 |
Jan 19, 2025 03:22:59.805522919 CET | 44170 | 13566 | 192.168.2.13 | 83.222.117.39 |
Jan 19, 2025 03:22:59.807503939 CET | 13566 | 55308 | 83.222.71.67 | 192.168.2.13 |
Jan 19, 2025 03:22:59.807636023 CET | 55308 | 13566 | 192.168.2.13 | 83.222.71.67 |
Jan 19, 2025 03:22:59.810236931 CET | 58138 | 13566 | 192.168.2.13 | 83.222.166.241 |
Jan 19, 2025 03:22:59.810457945 CET | 13566 | 44170 | 83.222.117.39 | 192.168.2.13 |
Jan 19, 2025 03:22:59.810502052 CET | 44170 | 13566 | 192.168.2.13 | 83.222.117.39 |
Jan 19, 2025 03:22:59.814939022 CET | 59950 | 13566 | 192.168.2.13 | 83.222.195.159 |
Jan 19, 2025 03:22:59.816349983 CET | 13566 | 58138 | 83.222.166.241 | 192.168.2.13 |
Jan 19, 2025 03:22:59.816423893 CET | 58138 | 13566 | 192.168.2.13 | 83.222.166.241 |
Jan 19, 2025 03:22:59.818447113 CET | 44960 | 13566 | 192.168.2.13 | 83.222.122.137 |
Jan 19, 2025 03:22:59.820312977 CET | 13566 | 59950 | 83.222.195.159 | 192.168.2.13 |
Jan 19, 2025 03:22:59.820354939 CET | 59950 | 13566 | 192.168.2.13 | 83.222.195.159 |
Jan 19, 2025 03:22:59.822113037 CET | 46786 | 13566 | 192.168.2.13 | 83.222.227.248 |
Jan 19, 2025 03:22:59.823185921 CET | 13566 | 44960 | 83.222.122.137 | 192.168.2.13 |
Jan 19, 2025 03:22:59.823235989 CET | 44960 | 13566 | 192.168.2.13 | 83.222.122.137 |
Jan 19, 2025 03:22:59.824826956 CET | 41414 | 13566 | 192.168.2.13 | 83.222.240.207 |
Jan 19, 2025 03:22:59.827161074 CET | 13566 | 46786 | 83.222.227.248 | 192.168.2.13 |
Jan 19, 2025 03:22:59.827209949 CET | 46786 | 13566 | 192.168.2.13 | 83.222.227.248 |
Jan 19, 2025 03:22:59.828252077 CET | 47508 | 13566 | 192.168.2.13 | 83.222.177.162 |
Jan 19, 2025 03:22:59.829664946 CET | 13566 | 41414 | 83.222.240.207 | 192.168.2.13 |
Jan 19, 2025 03:22:59.829708099 CET | 41414 | 13566 | 192.168.2.13 | 83.222.240.207 |
Jan 19, 2025 03:22:59.831018925 CET | 51608 | 13566 | 192.168.2.13 | 83.222.186.219 |
Jan 19, 2025 03:22:59.833314896 CET | 13566 | 47508 | 83.222.177.162 | 192.168.2.13 |
Jan 19, 2025 03:22:59.833444118 CET | 47508 | 13566 | 192.168.2.13 | 83.222.177.162 |
Jan 19, 2025 03:22:59.836235046 CET | 13566 | 51608 | 83.222.186.219 | 192.168.2.13 |
Jan 19, 2025 03:22:59.836359978 CET | 51608 | 13566 | 192.168.2.13 | 83.222.186.219 |
Jan 19, 2025 03:22:59.836402893 CET | 36042 | 13566 | 192.168.2.13 | 83.222.50.224 |
Jan 19, 2025 03:22:59.841403008 CET | 13566 | 36042 | 83.222.50.224 | 192.168.2.13 |
Jan 19, 2025 03:22:59.841475010 CET | 36042 | 13566 | 192.168.2.13 | 83.222.50.224 |
Jan 19, 2025 03:22:59.842775106 CET | 36042 | 13566 | 192.168.2.13 | 83.222.50.224 |
Jan 19, 2025 03:22:59.844501019 CET | 56052 | 13566 | 192.168.2.13 | 83.222.89.200 |
Jan 19, 2025 03:22:59.847965956 CET | 13566 | 36042 | 83.222.50.224 | 192.168.2.13 |
Jan 19, 2025 03:22:59.848025084 CET | 36042 | 13566 | 192.168.2.13 | 83.222.50.224 |
Jan 19, 2025 03:22:59.849647999 CET | 13566 | 56052 | 83.222.89.200 | 192.168.2.13 |
Jan 19, 2025 03:22:59.849688053 CET | 56052 | 13566 | 192.168.2.13 | 83.222.89.200 |
Jan 19, 2025 03:22:59.850451946 CET | 43426 | 13566 | 192.168.2.13 | 83.222.53.119 |
Jan 19, 2025 03:22:59.854630947 CET | 41558 | 13566 | 192.168.2.13 | 83.222.135.55 |
Jan 19, 2025 03:22:59.855458975 CET | 13566 | 43426 | 83.222.53.119 | 192.168.2.13 |
Jan 19, 2025 03:22:59.855508089 CET | 43426 | 13566 | 192.168.2.13 | 83.222.53.119 |
Jan 19, 2025 03:22:59.859524012 CET | 13566 | 41558 | 83.222.135.55 | 192.168.2.13 |
Jan 19, 2025 03:22:59.859561920 CET | 41558 | 13566 | 192.168.2.13 | 83.222.135.55 |
Jan 19, 2025 03:22:59.859632015 CET | 56070 | 13566 | 192.168.2.13 | 83.222.202.75 |
Jan 19, 2025 03:22:59.863876104 CET | 45742 | 13566 | 192.168.2.13 | 83.222.176.33 |
Jan 19, 2025 03:22:59.864536047 CET | 13566 | 56070 | 83.222.202.75 | 192.168.2.13 |
Jan 19, 2025 03:22:59.864599943 CET | 56070 | 13566 | 192.168.2.13 | 83.222.202.75 |
Jan 19, 2025 03:22:59.868654966 CET | 13566 | 45742 | 83.222.176.33 | 192.168.2.13 |
Jan 19, 2025 03:22:59.868704081 CET | 45742 | 13566 | 192.168.2.13 | 83.222.176.33 |
Jan 19, 2025 03:22:59.883629084 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Jan 19, 2025 03:22:59.888796091 CET | 13566 | 42788 | 83.222.191.90 | 192.168.2.13 |
Jan 19, 2025 03:22:59.888855934 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Jan 19, 2025 03:22:59.895843029 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Jan 19, 2025 03:22:59.901890993 CET | 13566 | 42788 | 83.222.191.90 | 192.168.2.13 |
Jan 19, 2025 03:22:59.901957035 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Jan 19, 2025 03:22:59.906951904 CET | 13566 | 42788 | 83.222.191.90 | 192.168.2.13 |
Jan 19, 2025 03:23:09.901717901 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Jan 19, 2025 03:23:09.906987906 CET | 13566 | 42788 | 83.222.191.90 | 192.168.2.13 |
Jan 19, 2025 03:23:10.103444099 CET | 13566 | 42788 | 83.222.191.90 | 192.168.2.13 |
Jan 19, 2025 03:23:10.103609085 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Jan 19, 2025 03:23:10.462558031 CET | 13566 | 42788 | 83.222.191.90 | 192.168.2.13 |
Jan 19, 2025 03:23:10.462682009 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Jan 19, 2025 03:24:10.504755974 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Jan 19, 2025 03:24:10.510433912 CET | 13566 | 42788 | 83.222.191.90 | 192.168.2.13 |
Jan 19, 2025 03:24:10.706958055 CET | 13566 | 42788 | 83.222.191.90 | 192.168.2.13 |
Jan 19, 2025 03:24:10.707283020 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Jan 19, 2025 03:24:11.463079929 CET | 13566 | 42788 | 83.222.191.90 | 192.168.2.13 |
Jan 19, 2025 03:24:11.463188887 CET | 42788 | 13566 | 192.168.2.13 | 83.222.191.90 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 19, 2025 03:22:59.873250961 CET | 50912 | 53 | 192.168.2.13 | 8.8.8.8 |
Jan 19, 2025 03:22:59.880356073 CET | 53 | 50912 | 8.8.8.8 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 19, 2025 03:22:59.873250961 CET | 192.168.2.13 | 8.8.8.8 | 0x7fa6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 19, 2025 03:22:59.880356073 CET | 8.8.8.8 | 192.168.2.13 | 0x7fa6 | No error (0) | 83.222.191.90 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /tmp/Kloki.sh4.elf |
Arguments: | /tmp/Kloki.sh4.elf |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /tmp/Kloki.sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /tmp/Kloki.sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /tmp/Kloki.sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gsd-rfkill |
Arguments: | /usr/libexec/gsd-rfkill |
File size: | 51808 bytes |
MD5 hash: | 88a16a3c0aba1759358c06215ecfb5cc |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/bin/gnome-shell |
Arguments: | /usr/bin/gnome-shell |
File size: | 23168 bytes |
MD5 hash: | da7a257239677622fe4b3a65972c9e87 |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 02:22:58 |
Start date (UTC): | 19/01/2025 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:22:59 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/sbin/gdm3 |
Arguments: | - |
File size: | 453296 bytes |
MD5 hash: | 2492e2d8d34f9377e3e530a61a15674f |
Start time (UTC): | 02:22:59 |
Start date (UTC): | 19/01/2025 |
Path: | /etc/gdm3/PrimeOff/Default |
Arguments: | /etc/gdm3/PrimeOff/Default |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:22:59 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/sbin/gdm3 |
Arguments: | - |
File size: | 453296 bytes |
MD5 hash: | 2492e2d8d34f9377e3e530a61a15674f |
Start time (UTC): | 02:22:59 |
Start date (UTC): | 19/01/2025 |
Path: | /etc/gdm3/PrimeOff/Default |
Arguments: | /etc/gdm3/PrimeOff/Default |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:23:09 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 02:23:09 |
Start date (UTC): | 19/01/2025 |
Path: | /lib/systemd/systemd-user-runtime-dir |
Arguments: | /lib/systemd/systemd-user-runtime-dir stop 127 |
File size: | 22672 bytes |
MD5 hash: | d55f4b0847f88131dbcfb07435178e54 |