Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
Kloki.i686.elf

Overview

General Information

Sample name:Kloki.i686.elf
Analysis ID:1594501
MD5:402f0360f10fb6a1e4fa5db07ea2097e
SHA1:d1dbfd0063a13d099f5279559aec456a83112fbf
SHA256:ef2c3a5af2266e147fa68bb6b20f5ed2f4c7bec1b131b3294bc7cb7a9b3b17f3
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1594501
Start date and time:2025-01-19 03:37:06 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 41s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.i686.elf
Detection:MAL
Classification:mal64.spre.linELF@0/0@1/0

Runtime Messages

Command:/tmp/Kloki.i686.elf
PID:5433
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh (PID: 5437, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 5437, Parent: 1588, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • sh (PID: 5459, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
  • gnome-shell (PID: 5459, Parent: 1588, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • sh (PID: 5461, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 5461, Parent: 1588, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • sh (PID: 5462, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gdm3 New Fork (PID: 5463, Parent: 1400)
  • Default (PID: 5463, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5464, Parent: 1400)
  • Default (PID: 5464, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5475, Parent: 1)
  • systemd-user-runtime-dir (PID: 5475, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Kloki.i686.elfLinux_Trojan_Mirai_268aac0bunknownunknown
  • 0x54ff:$a: 24 18 0F B7 44 24 20 8B 54 24 1C 83 F9 01 8B 7E 0C 89 04 24 8B
Kloki.i686.elfLinux_Trojan_Mirai_0cb1699cunknownunknown
  • 0x54b2:$a: DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 10 0F B7 02 83 E9 02 83
Kloki.i686.elfLinux_Trojan_Mirai_2e3f67a9unknownunknown
  • 0x682:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
  • 0x6e2:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
Kloki.i686.elfLinux_Trojan_Mirai_88de437funknownunknown
  • 0x7b52:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
Kloki.i686.elfLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x949f:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08

Memory Dumps

SourceRuleDescriptionAuthorStrings
5433.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_268aac0bunknownunknown
  • 0x54ff:$a: 24 18 0F B7 44 24 20 8B 54 24 1C 83 F9 01 8B 7E 0C 89 04 24 8B
5433.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_0cb1699cunknownunknown
  • 0x54b2:$a: DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 10 0F B7 02 83 E9 02 83
5433.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_2e3f67a9unknownunknown
  • 0x682:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
  • 0x6e2:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
5433.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
  • 0x7b52:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5433.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x949f:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
Click to see the 5 entries

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-19T03:37:55.366217+010025000342Misc Attack83.222.191.9013566192.168.2.1342868TCP

Joe Sandbox Signatures

  • AV Detection
  • Spreading
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Kloki.i686.elfVirustotal: Detection: 14%Perma Link
Source: Kloki.i686.elfJoe Sandbox ML: detected
Source: Kloki.i686.elfString: Xfppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffsystemctltelinitcatgrepbashzshcshkshdashfish
Source: global trafficTCP traffic: 192.168.2.13:34304 -> 83.222.103.245:13566
Source: global trafficTCP traffic: 192.168.2.13:37008 -> 83.222.87.142:13566
Source: global trafficTCP traffic: 192.168.2.13:38980 -> 83.222.96.67:13566
Source: global trafficTCP traffic: 192.168.2.13:34758 -> 83.222.152.17:13566
Source: global trafficTCP traffic: 192.168.2.13:49554 -> 83.222.78.237:13566
Source: global trafficTCP traffic: 192.168.2.13:44210 -> 83.222.204.106:13566
Source: global trafficTCP traffic: 192.168.2.13:47668 -> 83.222.230.25:13566
Source: global trafficTCP traffic: 192.168.2.13:54174 -> 83.222.140.194:13566
Source: global trafficTCP traffic: 192.168.2.13:48274 -> 83.222.118.91:13566
Source: global trafficTCP traffic: 192.168.2.13:49002 -> 83.222.119.76:13566
Source: global trafficTCP traffic: 192.168.2.13:51110 -> 83.222.183.136:13566
Source: global trafficTCP traffic: 192.168.2.13:51950 -> 83.222.212.238:13566
Source: global trafficTCP traffic: 192.168.2.13:41192 -> 83.222.40.112:13566
Source: global trafficTCP traffic: 192.168.2.13:43642 -> 83.222.44.150:13566
Source: global trafficTCP traffic: 192.168.2.13:37576 -> 83.222.22.21:13566
Source: global trafficTCP traffic: 192.168.2.13:44324 -> 83.222.55.148:13566
Source: global trafficTCP traffic: 192.168.2.13:35244 -> 83.222.139.151:13566
Source: global trafficTCP traffic: 192.168.2.13:44262 -> 83.222.215.227:13566
Source: global trafficTCP traffic: 192.168.2.13:55260 -> 83.222.244.115:13566
Source: global trafficTCP traffic: 192.168.2.13:53804 -> 83.222.93.129:13566
Source: global trafficTCP traffic: 192.168.2.13:56550 -> 83.222.53.211:13566
Source: global trafficTCP traffic: 192.168.2.13:39152 -> 83.222.37.112:13566
Source: global trafficTCP traffic: 192.168.2.13:33000 -> 83.222.220.2:13566
Source: global trafficTCP traffic: 192.168.2.13:45744 -> 83.222.61.4:13566
Source: global trafficTCP traffic: 192.168.2.13:42452 -> 83.222.114.84:13566
Source: global trafficTCP traffic: 192.168.2.13:34956 -> 83.222.26.88:13566
Source: global trafficTCP traffic: 192.168.2.13:41226 -> 83.222.164.36:13566
Source: global trafficTCP traffic: 192.168.2.13:47894 -> 83.222.109.145:13566
Source: global trafficTCP traffic: 192.168.2.13:57386 -> 83.222.25.120:13566
Source: global trafficTCP traffic: 192.168.2.13:38164 -> 83.222.19.70:13566
Source: global trafficTCP traffic: 192.168.2.13:47528 -> 83.222.218.154:13566
Source: global trafficTCP traffic: 192.168.2.13:51596 -> 83.222.225.177:13566
Source: global trafficTCP traffic: 192.168.2.13:43758 -> 83.222.14.74:13566
Source: global trafficTCP traffic: 192.168.2.13:43320 -> 83.222.125.7:13566
Source: global trafficTCP traffic: 192.168.2.13:53792 -> 83.222.33.113:13566
Source: global trafficTCP traffic: 192.168.2.13:43346 -> 83.222.122.126:13566
Source: global trafficTCP traffic: 192.168.2.13:39494 -> 83.222.242.176:13566
Source: global trafficTCP traffic: 192.168.2.13:44232 -> 83.222.81.206:13566
Source: global trafficTCP traffic: 192.168.2.13:34198 -> 83.222.178.143:13566
Source: global trafficTCP traffic: 192.168.2.13:51224 -> 83.222.211.36:13566
Source: global trafficTCP traffic: 192.168.2.13:49976 -> 83.222.227.237:13566
Source: global trafficTCP traffic: 192.168.2.13:35464 -> 83.222.124.80:13566
Source: global trafficTCP traffic: 192.168.2.13:47122 -> 83.222.126.32:13566
Source: global trafficTCP traffic: 192.168.2.13:55540 -> 83.222.153.136:13566
Source: global trafficTCP traffic: 192.168.2.13:53186 -> 83.222.221.167:13566
Source: global trafficTCP traffic: 192.168.2.13:47060 -> 83.222.210.183:13566
Source: global trafficTCP traffic: 192.168.2.13:42508 -> 83.222.117.151:13566
Source: global trafficTCP traffic: 192.168.2.13:37468 -> 83.222.65.179:13566
Source: global trafficTCP traffic: 192.168.2.13:54558 -> 83.222.105.190:13566
Source: global trafficTCP traffic: 192.168.2.13:45090 -> 83.222.186.138:13566
Source: global trafficTCP traffic: 192.168.2.13:39204 -> 83.222.48.53:13566
Source: global trafficTCP traffic: 192.168.2.13:46648 -> 83.222.9.34:13566
Source: global trafficTCP traffic: 192.168.2.13:56230 -> 83.222.229.90:13566
Source: global trafficTCP traffic: 192.168.2.13:48454 -> 83.222.241.151:13566
Source: global trafficTCP traffic: 192.168.2.13:38462 -> 83.222.233.196:13566
Source: global trafficTCP traffic: 192.168.2.13:37288 -> 83.222.177.55:13566
Source: global trafficTCP traffic: 192.168.2.13:38178 -> 83.222.187.204:13566
Source: global trafficTCP traffic: 192.168.2.13:48802 -> 83.222.29.47:13566
Source: global trafficTCP traffic: 192.168.2.13:52412 -> 83.222.87.146:13566
Source: global trafficTCP traffic: 192.168.2.13:39262 -> 83.222.198.240:13566
Source: global trafficTCP traffic: 192.168.2.13:38226 -> 83.222.26.164:13566
Source: global trafficTCP traffic: 192.168.2.13:43350 -> 83.222.152.236:13566
Source: global trafficTCP traffic: 192.168.2.13:57900 -> 83.222.91.217:13566
Source: global trafficTCP traffic: 192.168.2.13:42796 -> 83.222.159.196:13566
Source: global trafficTCP traffic: 192.168.2.13:35972 -> 83.222.152.90:13566
Source: global trafficTCP traffic: 192.168.2.13:49638 -> 83.222.79.200:13566
Source: global trafficTCP traffic: 192.168.2.13:45434 -> 83.222.143.88:13566
Source: global trafficTCP traffic: 192.168.2.13:59150 -> 83.222.234.116:13566
Source: global trafficTCP traffic: 192.168.2.13:51342 -> 83.222.178.219:13566
Source: global trafficTCP traffic: 192.168.2.13:55704 -> 83.222.11.156:13566
Source: global trafficTCP traffic: 192.168.2.13:42746 -> 83.222.159.198:13566
Source: global trafficTCP traffic: 192.168.2.13:48792 -> 83.222.253.133:13566
Source: global trafficTCP traffic: 192.168.2.13:34972 -> 83.222.127.84:13566
Source: global trafficTCP traffic: 192.168.2.13:34504 -> 83.222.104.80:13566
Source: global trafficTCP traffic: 192.168.2.13:54478 -> 83.222.69.49:13566
Source: global trafficTCP traffic: 192.168.2.13:43264 -> 83.222.23.70:13566
Source: global trafficTCP traffic: 192.168.2.13:36542 -> 83.222.234.221:13566
Source: global trafficTCP traffic: 192.168.2.13:40490 -> 83.222.29.69:13566
Source: global trafficTCP traffic: 192.168.2.13:41544 -> 83.222.182.189:13566
Source: global trafficTCP traffic: 192.168.2.13:53104 -> 83.222.10.78:13566
Source: global trafficTCP traffic: 192.168.2.13:57162 -> 83.222.23.89:13566
Source: global trafficTCP traffic: 192.168.2.13:58146 -> 83.222.22.166:13566
Source: global trafficTCP traffic: 192.168.2.13:35922 -> 83.222.177.1:13566
Source: global trafficTCP traffic: 192.168.2.13:57406 -> 83.222.26.99:13566
Source: global trafficTCP traffic: 192.168.2.13:35816 -> 83.222.220.37:13566
Source: global trafficTCP traffic: 192.168.2.13:57168 -> 83.222.255.124:13566
Source: global trafficTCP traffic: 192.168.2.13:35282 -> 83.222.235.104:13566
Source: global trafficTCP traffic: 192.168.2.13:40458 -> 83.222.204.232:13566
Source: global trafficTCP traffic: 192.168.2.13:45218 -> 83.222.237.76:13566
Source: global trafficTCP traffic: 192.168.2.13:56808 -> 83.222.60.5:13566
Source: global trafficTCP traffic: 192.168.2.13:43640 -> 83.222.146.129:13566
Source: global trafficTCP traffic: 192.168.2.13:57686 -> 83.222.54.124:13566
Source: global trafficTCP traffic: 192.168.2.13:50412 -> 83.222.94.84:13566
Source: global trafficTCP traffic: 192.168.2.13:46422 -> 83.222.193.21:13566
Source: global trafficTCP traffic: 192.168.2.13:48448 -> 83.222.17.203:13566
Source: global trafficTCP traffic: 192.168.2.13:44082 -> 83.222.99.40:13566
Source: global trafficTCP traffic: 192.168.2.13:52320 -> 83.222.36.122:13566
Source: global trafficTCP traffic: 192.168.2.13:48406 -> 83.222.206.213:13566
Source: global trafficTCP traffic: 192.168.2.13:54550 -> 83.222.123.232:13566
Source: global trafficTCP traffic: 192.168.2.13:53358 -> 83.222.57.87:13566
Source: global trafficTCP traffic: 192.168.2.13:55842 -> 83.222.13.56:13566
Source: global trafficTCP traffic: 192.168.2.13:40988 -> 83.222.211.248:13566
Source: global trafficTCP traffic: 192.168.2.13:50918 -> 83.222.160.160:13566
Source: global trafficTCP traffic: 192.168.2.13:42868 -> 83.222.191.90:13566
Source: Network trafficSuricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.13:42868
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.103.245
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.87.142
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.96.67
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.152.17
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.78.237
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.204.106
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.230.25
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.140.194
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.118.91
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.119.76
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.183.136
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.212.238
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.40.112
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.44.150
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.22.21
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.55.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.139.151
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.215.227
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.244.115
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.93.129
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.53.211
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.37.112
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.220.2
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.61.4
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.114.84
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.26.88
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.164.36
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.109.145
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.25.120
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.19.70
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.218.154
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.225.177
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.14.74
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.125.7
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.33.113
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.122.126
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.242.176
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.81.206
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.178.143
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.211.36
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.227.237
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.124.80
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.126.32
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.153.136
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.221.167
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.117.151
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.65.179
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.105.190
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.186.138
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.48.53
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru

System Summary

barindex
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 3442, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5415, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5437, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5459, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5461, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5462, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: Xfppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffsystemctltelinitcatgrepbashzshcshkshdashfish
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 3442, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5415, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5437, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5459, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5461, result: successfulJump to behavior
Source: /tmp/Kloki.i686.elf (PID: 5436)SIGKILL sent: pid: 5462, result: successfulJump to behavior
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: Kloki.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: classification engineClassification label: mal64.spre.linELF@0/0@1/0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume AccessOS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1594501 Sample: Kloki.i686.elf Startdate: 19/01/2025 Architecture: LINUX Score: 64 23 83.222.164.36, 13566, 41226 WAVENETLB Bulgaria 2->23 25 83.222.124.80, 13566, 35464 TRI-ASTrueRecordsIncES Russian Federation 2->25 27 98 other IPs or domains 2->27 29 Malicious sample detected (through community Yara rule) 2->29 31 Multi AV Scanner detection for submitted file 2->31 33 Machine Learning detection for sample 2->33 8 Kloki.i686.elf 2->8         started        10 gnome-session-binary sh gsd-rfkill 2->10         started        12 gnome-session-binary sh gnome-shell 2->12         started        14 5 other processes 2->14 signatures3 process4 process5 16 Kloki.i686.elf 8->16         started        18 Kloki.i686.elf 8->18         started        process6 20 Kloki.i686.elf 16->20         started        signatures7 35 Sample tries to kill multiple processes (SIGKILL) 20->35

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kloki.i686.elf14%VirustotalBrowse
Kloki.i686.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    83.222.198.240
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.152.17
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.241.151
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.183.136
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.61.4
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.19.70
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.22.166
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.91.217
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.152.90
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.122.126
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.29.47
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.211.248
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.229.90
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.177.1
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.81.206
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.211.36
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.234.116
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.54.124
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.94.84
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.160.160
    		unknownBulgaria
    		49040KIG-UNISAT-TVBGfalse
    83.222.65.179
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.220.37
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.23.70
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.178.219
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.22.21
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.36.122
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.225.177
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.40.112
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.242.176
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.124.80
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.143.88
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.123.232
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.210.183
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.187.204
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.53.211
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.204.232
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.193.21
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.206.213
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.204.106
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.118.91
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.191.90
    		secure-network-rebirthltd.ruBulgaria
    		43561NET1-ASBGfalse
    83.222.237.76
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.14.74
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.104.80
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.99.40
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.140.194
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.234.221
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.186.138
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.48.53
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.233.196
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.215.227
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.11.156
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.13.56
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.44.150
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.37.112
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.178.143
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.9.34
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.109.145
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.26.99
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.96.67
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.218.154
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.126.32
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.87.142
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.127.84
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.164.36
    		unknownBulgaria
    		31037WAVENETLBfalse
    83.222.87.146
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.221.167
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.139.151
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.119.76
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.230.25
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.79.200
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.220.2
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.212.238
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.153.136
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.26.164
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.60.5
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.235.104
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.55.148
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.17.203
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.159.198
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.29.69
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.25.120
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.182.189
    		unknownBulgaria
    		205872EXTRANET-ASBGfalse
    83.222.10.78
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.23.89
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.159.196
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.177.55
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.69.49
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.255.124
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.78.237
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.253.133
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.117.151
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.244.115
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.57.87
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.93.129
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.146.129
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.33.113
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.103.245
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.227.237
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.114.84
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    83.222.94.84loki.x86.elfGet hashmaliciousUnknownBrowse

      Domains

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      secure-network-rebirthltd.ruKloki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      loki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      loki.arm7.elfGet hashmaliciousMiraiBrowse
      • 83.222.191.90
      Kloki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      Kloki.ppc.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      loki.mpsl.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      loki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      loki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90
      loki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.191.90

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      COGECO-PEER1CAKloki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.232.116
      loki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.237.134
      Kloki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.224.99
      loki.arm7.elfGet hashmaliciousMiraiBrowse
      • 83.222.247.103
      Kloki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.224.152
      Kloki.ppc.elfGet hashmaliciousUnknownBrowse
      • 83.222.243.167
      loki.mpsl.elfGet hashmaliciousUnknownBrowse
      • 83.222.228.152
      loki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.254.156
      loki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.233.216
      loki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.240.133
      SYNTERRA-ASRUKloki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.210.211
      loki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.195.162
      Kloki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.195.159
      loki.arm7.elfGet hashmaliciousMiraiBrowse
      • 83.222.196.148
      Kloki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.194.13
      Kloki.ppc.elfGet hashmaliciousUnknownBrowse
      • 83.222.195.110
      loki.mpsl.elfGet hashmaliciousUnknownBrowse
      • 83.222.206.80
      loki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.211.104
      loki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.195.237
      loki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.211.69
      GCN-ASGCNAD-SofiaBulgariaBGKloki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.174.216
      loki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.175.167
      Kloki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.176.33
      loki.arm7.elfGet hashmaliciousMiraiBrowse
      • 83.222.177.157
      Kloki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.173.11
      Kloki.ppc.elfGet hashmaliciousUnknownBrowse
      • 83.222.166.158
      loki.mpsl.elfGet hashmaliciousUnknownBrowse
      • 83.222.169.136
      loki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.166.153
      loki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.169.206
      loki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.173.171
      SENSELAN-ASsenseLANGmbHCHKloki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.128.248
      loki.mips.elfGet hashmaliciousUnknownBrowse
      • 83.222.140.196
      Kloki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.135.55
      loki.arm7.elfGet hashmaliciousMiraiBrowse
      • 83.222.153.195
      Kloki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.136.251
      Kloki.ppc.elfGet hashmaliciousUnknownBrowse
      • 83.222.152.112
      loki.mpsl.elfGet hashmaliciousUnknownBrowse
      • 83.222.154.185
      loki.i486.elfGet hashmaliciousUnknownBrowse
      • 83.222.144.139
      loki.sh4.elfGet hashmaliciousUnknownBrowse
      • 83.222.159.6
      loki.m68k.elfGet hashmaliciousUnknownBrowse
      • 83.222.155.1

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
      Entropy (8bit):6.313748385488092
      TrID:
      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
      File name:Kloki.i686.elf
      File size:58'512 bytes
      MD5:402f0360f10fb6a1e4fa5db07ea2097e
      SHA1:d1dbfd0063a13d099f5279559aec456a83112fbf
      SHA256:ef2c3a5af2266e147fa68bb6b20f5ed2f4c7bec1b131b3294bc7cb7a9b3b17f3
      SHA512:3552d8a02cae85f6909a8279b17d711bf867c046571ae0621262a3eb96a04a3a288d07a685d7bcf5b7a69f906ed570671341ceb21d14a2be52c6d8db72d4088e
      SSDEEP:1536:cd8O3IFk1dTDSVTUwq/+5W1IdM1+iss6rBQPav5:cd8OYF4NDSVTUw+/Sq1+issuB2m5
      TLSH:BE431A81F98B80F6E80709315067F73FCB31D9394161DAAEDF99EF36EA23641921224D
      File Content Preview:.ELF....................h...4...........4. ...(.....................<...<....................`...`.......7..........Q.td............................U..S.......w....h........[]...$.............U......=.b...t..1....$`.....$`......u........t...$<_..........b

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:Intel 80386
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - System V
      ABI Version:0
      Entry Point Address:0x8048168
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:58112
      Section Header Size:40
      Number of Section Headers:10
      Header String Table Index:9

      Sections

      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
      NULL0x00x00x00x00x0000
      .initPROGBITS0x80480940x940x1c0x00x6AX001
      .textPROGBITS0x80480b00xb00xc8c10x00x6AX0016
      .finiPROGBITS0x80549710xc9710x170x00x6AX001
      .rodataPROGBITS0x80549a00xc9a00x159c0x00x2A0032
      .ctorsPROGBITS0x80560000xe0000x80x00x3WA004
      .dtorsPROGBITS0x80560080xe0080x80x00x3WA004
      .dataPROGBITS0x80560200xe0200x2a00x00x3WA0032
      .bssNOBITS0x80562c00xe2c00x35000x00x3WA0032
      .shstrtabSTRTAB0x00xe2c00x3e0x00x0001

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x80480000x80480000xdf3c0xdf3c6.36020x5R E0x1000.init .text .fini .rodata
      LOAD0xe0000x80560000x80560000x2c00x37c03.43870x6RW 0x1000.ctors .dtors .data .bss
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

      Network Behavior

      Download Network PCAP: filteredfull

      Suricata IDS Alerts

      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
      2025-01-19T03:37:55.366217+01002500034ET COMPROMISED Known Compromised or Hostile Host Traffic group 18283.222.191.9013566192.168.2.1342868TCP

      Network Port Distribution

      • Total Packets: 217
      • 13566 undefined
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Jan 19, 2025 03:37:55.346146107 CET3430413566192.168.2.1383.222.103.245
      Jan 19, 2025 03:37:55.346168995 CET3700813566192.168.2.1383.222.87.142
      Jan 19, 2025 03:37:55.346199989 CET3898013566192.168.2.1383.222.96.67
      Jan 19, 2025 03:37:55.346199989 CET3475813566192.168.2.1383.222.152.17
      Jan 19, 2025 03:37:55.346216917 CET4955413566192.168.2.1383.222.78.237
      Jan 19, 2025 03:37:55.346244097 CET4421013566192.168.2.1383.222.204.106
      Jan 19, 2025 03:37:55.346290112 CET4766813566192.168.2.1383.222.230.25
      Jan 19, 2025 03:37:55.346311092 CET5417413566192.168.2.1383.222.140.194
      Jan 19, 2025 03:37:55.346312046 CET4827413566192.168.2.1383.222.118.91
      Jan 19, 2025 03:37:55.346313000 CET4900213566192.168.2.1383.222.119.76
      Jan 19, 2025 03:37:55.346328974 CET5111013566192.168.2.1383.222.183.136
      Jan 19, 2025 03:37:55.346354961 CET5195013566192.168.2.1383.222.212.238
      Jan 19, 2025 03:37:55.346370935 CET4119213566192.168.2.1383.222.40.112
      Jan 19, 2025 03:37:55.346375942 CET4364213566192.168.2.1383.222.44.150
      Jan 19, 2025 03:37:55.346370935 CET3757613566192.168.2.1383.222.22.21
      Jan 19, 2025 03:37:55.346393108 CET4432413566192.168.2.1383.222.55.148
      Jan 19, 2025 03:37:55.346415997 CET3524413566192.168.2.1383.222.139.151
      Jan 19, 2025 03:37:55.346427917 CET4426213566192.168.2.1383.222.215.227
      Jan 19, 2025 03:37:55.346443892 CET5526013566192.168.2.1383.222.244.115
      Jan 19, 2025 03:37:55.346456051 CET5380413566192.168.2.1383.222.93.129
      Jan 19, 2025 03:37:55.346461058 CET5655013566192.168.2.1383.222.53.211
      Jan 19, 2025 03:37:55.346465111 CET3915213566192.168.2.1383.222.37.112
      Jan 19, 2025 03:37:55.346474886 CET3300013566192.168.2.1383.222.220.2
      Jan 19, 2025 03:37:55.346510887 CET4574413566192.168.2.1383.222.61.4
      Jan 19, 2025 03:37:55.346529007 CET4245213566192.168.2.1383.222.114.84
      Jan 19, 2025 03:37:55.346529961 CET3495613566192.168.2.1383.222.26.88
      Jan 19, 2025 03:37:55.346558094 CET4122613566192.168.2.1383.222.164.36
      Jan 19, 2025 03:37:55.346564054 CET4789413566192.168.2.1383.222.109.145
      Jan 19, 2025 03:37:55.346596956 CET5738613566192.168.2.1383.222.25.120
      Jan 19, 2025 03:37:55.346611977 CET3816413566192.168.2.1383.222.19.70
      Jan 19, 2025 03:37:55.346640110 CET4752813566192.168.2.1383.222.218.154
      Jan 19, 2025 03:37:55.346642017 CET5159613566192.168.2.1383.222.225.177
      Jan 19, 2025 03:37:55.346647978 CET4375813566192.168.2.1383.222.14.74
      Jan 19, 2025 03:37:55.346674919 CET4332013566192.168.2.1383.222.125.7
      Jan 19, 2025 03:37:55.346677065 CET5379213566192.168.2.1383.222.33.113
      Jan 19, 2025 03:37:55.346690893 CET4334613566192.168.2.1383.222.122.126
      Jan 19, 2025 03:37:55.346705914 CET3949413566192.168.2.1383.222.242.176
      Jan 19, 2025 03:37:55.346736908 CET4423213566192.168.2.1383.222.81.206
      Jan 19, 2025 03:37:55.346745968 CET3419813566192.168.2.1383.222.178.143
      Jan 19, 2025 03:37:55.346772909 CET5122413566192.168.2.1383.222.211.36
      Jan 19, 2025 03:37:55.346775055 CET4997613566192.168.2.1383.222.227.237
      Jan 19, 2025 03:37:55.346828938 CET3546413566192.168.2.1383.222.124.80
      Jan 19, 2025 03:37:55.346828938 CET4712213566192.168.2.1383.222.126.32
      Jan 19, 2025 03:37:55.346865892 CET5554013566192.168.2.1383.222.153.136
      Jan 19, 2025 03:37:55.346867085 CET5318613566192.168.2.1383.222.221.167
      Jan 19, 2025 03:37:55.346879959 CET4706013566192.168.2.1383.222.210.183
      Jan 19, 2025 03:37:55.346880913 CET4250813566192.168.2.1383.222.117.151
      Jan 19, 2025 03:37:55.346894979 CET3746813566192.168.2.1383.222.65.179
      Jan 19, 2025 03:37:55.346918106 CET5455813566192.168.2.1383.222.105.190
      Jan 19, 2025 03:37:55.346926928 CET4509013566192.168.2.1383.222.186.138
      Jan 19, 2025 03:37:55.346932888 CET3920413566192.168.2.1383.222.48.53
      Jan 19, 2025 03:37:55.346961021 CET4664813566192.168.2.1383.222.9.34
      Jan 19, 2025 03:37:55.346970081 CET5623013566192.168.2.1383.222.229.90
      Jan 19, 2025 03:37:55.347002983 CET4845413566192.168.2.1383.222.241.151
      Jan 19, 2025 03:37:55.347006083 CET3846213566192.168.2.1383.222.233.196
      Jan 19, 2025 03:37:55.347038984 CET3728813566192.168.2.1383.222.177.55
      Jan 19, 2025 03:37:55.347039938 CET3817813566192.168.2.1383.222.187.204
      Jan 19, 2025 03:37:55.347057104 CET4880213566192.168.2.1383.222.29.47
      Jan 19, 2025 03:37:55.347076893 CET5241213566192.168.2.1383.222.87.146
      Jan 19, 2025 03:37:55.347084999 CET3926213566192.168.2.1383.222.198.240
      Jan 19, 2025 03:37:55.347094059 CET3822613566192.168.2.1383.222.26.164
      Jan 19, 2025 03:37:55.347107887 CET4335013566192.168.2.1383.222.152.236
      Jan 19, 2025 03:37:55.347124100 CET5790013566192.168.2.1383.222.91.217
      Jan 19, 2025 03:37:55.347131968 CET4279613566192.168.2.1383.222.159.196
      Jan 19, 2025 03:37:55.347165108 CET3597213566192.168.2.1383.222.152.90
      Jan 19, 2025 03:37:55.347184896 CET4963813566192.168.2.1383.222.79.200
      Jan 19, 2025 03:37:55.347186089 CET4543413566192.168.2.1383.222.143.88
      Jan 19, 2025 03:37:55.347198009 CET5915013566192.168.2.1383.222.234.116
      Jan 19, 2025 03:37:55.347212076 CET5134213566192.168.2.1383.222.178.219
      Jan 19, 2025 03:37:55.347259045 CET5570413566192.168.2.1383.222.11.156
      Jan 19, 2025 03:37:55.347259045 CET4274613566192.168.2.1383.222.159.198
      Jan 19, 2025 03:37:55.347305059 CET4879213566192.168.2.1383.222.253.133
      Jan 19, 2025 03:37:55.347332954 CET3497213566192.168.2.1383.222.127.84
      Jan 19, 2025 03:37:55.347340107 CET3450413566192.168.2.1383.222.104.80
      Jan 19, 2025 03:37:55.347362041 CET5447813566192.168.2.1383.222.69.49
      Jan 19, 2025 03:37:55.347362041 CET4326413566192.168.2.1383.222.23.70
      Jan 19, 2025 03:37:55.347398043 CET3654213566192.168.2.1383.222.234.221
      Jan 19, 2025 03:37:55.347400904 CET4049013566192.168.2.1383.222.29.69
      Jan 19, 2025 03:37:55.347409964 CET4154413566192.168.2.1383.222.182.189
      Jan 19, 2025 03:37:55.347429037 CET5310413566192.168.2.1383.222.10.78
      Jan 19, 2025 03:37:55.347440958 CET5716213566192.168.2.1383.222.23.89
      Jan 19, 2025 03:37:55.347464085 CET5814613566192.168.2.1383.222.22.166
      Jan 19, 2025 03:37:55.347501040 CET3592213566192.168.2.1383.222.177.1
      Jan 19, 2025 03:37:55.347506046 CET5740613566192.168.2.1383.222.26.99
      Jan 19, 2025 03:37:55.347512960 CET3581613566192.168.2.1383.222.220.37
      Jan 19, 2025 03:37:55.347528934 CET5716813566192.168.2.1383.222.255.124
      Jan 19, 2025 03:37:55.347544909 CET3528213566192.168.2.1383.222.235.104
      Jan 19, 2025 03:37:55.347551107 CET4045813566192.168.2.1383.222.204.232
      Jan 19, 2025 03:37:55.347568989 CET4521813566192.168.2.1383.222.237.76
      Jan 19, 2025 03:37:55.347585917 CET5680813566192.168.2.1383.222.60.5
      Jan 19, 2025 03:37:55.347601891 CET4364013566192.168.2.1383.222.146.129
      Jan 19, 2025 03:37:55.347609043 CET5768613566192.168.2.1383.222.54.124
      Jan 19, 2025 03:37:55.347623110 CET5041213566192.168.2.1383.222.94.84
      Jan 19, 2025 03:37:55.347632885 CET4642213566192.168.2.1383.222.193.21
      Jan 19, 2025 03:37:55.347655058 CET4844813566192.168.2.1383.222.17.203
      Jan 19, 2025 03:37:55.347661972 CET4408213566192.168.2.1383.222.99.40
      Jan 19, 2025 03:37:55.347673893 CET5232013566192.168.2.1383.222.36.122
      Jan 19, 2025 03:37:55.347688913 CET4840613566192.168.2.1383.222.206.213
      Jan 19, 2025 03:37:55.347701073 CET5455013566192.168.2.1383.222.123.232
      Jan 19, 2025 03:37:55.347723007 CET5335813566192.168.2.1383.222.57.87
      Jan 19, 2025 03:37:55.347727060 CET5584213566192.168.2.1383.222.13.56
      Jan 19, 2025 03:37:55.347727060 CET4098813566192.168.2.1383.222.211.248
      Jan 19, 2025 03:37:55.347747087 CET5091813566192.168.2.1383.222.160.160
      Jan 19, 2025 03:37:55.351356983 CET135663430483.222.103.245192.168.2.13
      Jan 19, 2025 03:37:55.351392984 CET135663700883.222.87.142192.168.2.13
      Jan 19, 2025 03:37:55.351422071 CET135664955483.222.78.237192.168.2.13
      Jan 19, 2025 03:37:55.351447105 CET3700813566192.168.2.1383.222.87.142
      Jan 19, 2025 03:37:55.351458073 CET135664421083.222.204.106192.168.2.13
      Jan 19, 2025 03:37:55.351464987 CET4955413566192.168.2.1383.222.78.237
      Jan 19, 2025 03:37:55.351464987 CET3430413566192.168.2.1383.222.103.245
      Jan 19, 2025 03:37:55.351490021 CET135663898083.222.96.67192.168.2.13
      Jan 19, 2025 03:37:55.351517916 CET135663475883.222.152.17192.168.2.13
      Jan 19, 2025 03:37:55.351531982 CET135664766883.222.230.25192.168.2.13
      Jan 19, 2025 03:37:55.351543903 CET135664900283.222.119.76192.168.2.13
      Jan 19, 2025 03:37:55.351556063 CET135665417483.222.140.194192.168.2.13
      Jan 19, 2025 03:37:55.351560116 CET4421013566192.168.2.1383.222.204.106
      Jan 19, 2025 03:37:55.351567984 CET135664827483.222.118.91192.168.2.13
      Jan 19, 2025 03:37:55.351598978 CET3898013566192.168.2.1383.222.96.67
      Jan 19, 2025 03:37:55.351614952 CET4766813566192.168.2.1383.222.230.25
      Jan 19, 2025 03:37:55.351619959 CET4900213566192.168.2.1383.222.119.76
      Jan 19, 2025 03:37:55.351627111 CET3475813566192.168.2.1383.222.152.17
      Jan 19, 2025 03:37:55.351628065 CET5417413566192.168.2.1383.222.140.194
      Jan 19, 2025 03:37:55.351628065 CET4827413566192.168.2.1383.222.118.91
      Jan 19, 2025 03:37:55.356249094 CET135665111083.222.183.136192.168.2.13
      Jan 19, 2025 03:37:55.356277943 CET135665195083.222.212.238192.168.2.13
      Jan 19, 2025 03:37:55.356287956 CET5111013566192.168.2.1383.222.183.136
      Jan 19, 2025 03:37:55.356307030 CET135664364283.222.44.150192.168.2.13
      Jan 19, 2025 03:37:55.356318951 CET5195013566192.168.2.1383.222.212.238
      Jan 19, 2025 03:37:55.356338024 CET135664432483.222.55.148192.168.2.13
      Jan 19, 2025 03:37:55.356348991 CET4364213566192.168.2.1383.222.44.150
      Jan 19, 2025 03:37:55.356368065 CET135663524483.222.139.151192.168.2.13
      Jan 19, 2025 03:37:55.356381893 CET4432413566192.168.2.1383.222.55.148
      Jan 19, 2025 03:37:55.356395960 CET3524413566192.168.2.1383.222.139.151
      Jan 19, 2025 03:37:55.356398106 CET135664119283.222.40.112192.168.2.13
      Jan 19, 2025 03:37:55.356427908 CET135663757683.222.22.21192.168.2.13
      Jan 19, 2025 03:37:55.356441021 CET4119213566192.168.2.1383.222.40.112
      Jan 19, 2025 03:37:55.356456995 CET135665526083.222.244.115192.168.2.13
      Jan 19, 2025 03:37:55.356461048 CET3757613566192.168.2.1383.222.22.21
      Jan 19, 2025 03:37:55.356484890 CET135665380483.222.93.129192.168.2.13
      Jan 19, 2025 03:37:55.356493950 CET5526013566192.168.2.1383.222.244.115
      Jan 19, 2025 03:37:55.356514931 CET135664426283.222.215.227192.168.2.13
      Jan 19, 2025 03:37:55.356523037 CET5380413566192.168.2.1383.222.93.129
      Jan 19, 2025 03:37:55.356544018 CET135665655083.222.53.211192.168.2.13
      Jan 19, 2025 03:37:55.356563091 CET4426213566192.168.2.1383.222.215.227
      Jan 19, 2025 03:37:55.356623888 CET135663915283.222.37.112192.168.2.13
      Jan 19, 2025 03:37:55.356640100 CET5655013566192.168.2.1383.222.53.211
      Jan 19, 2025 03:37:55.356652021 CET135663300083.222.220.2192.168.2.13
      Jan 19, 2025 03:37:55.356671095 CET3915213566192.168.2.1383.222.37.112
      Jan 19, 2025 03:37:55.356679916 CET135664574483.222.61.4192.168.2.13
      Jan 19, 2025 03:37:55.356693983 CET3300013566192.168.2.1383.222.220.2
      Jan 19, 2025 03:37:55.356709003 CET135663495683.222.26.88192.168.2.13
      Jan 19, 2025 03:37:55.356730938 CET4574413566192.168.2.1383.222.61.4
      Jan 19, 2025 03:37:55.356739044 CET135664245283.222.114.84192.168.2.13
      Jan 19, 2025 03:37:55.356748104 CET3495613566192.168.2.1383.222.26.88
      Jan 19, 2025 03:37:55.356767893 CET135664122683.222.164.36192.168.2.13
      Jan 19, 2025 03:37:55.356789112 CET4245213566192.168.2.1383.222.114.84
      Jan 19, 2025 03:37:55.356796980 CET135665738683.222.25.120192.168.2.13
      Jan 19, 2025 03:37:55.356812000 CET4122613566192.168.2.1383.222.164.36
      Jan 19, 2025 03:37:55.356842995 CET5738613566192.168.2.1383.222.25.120
      Jan 19, 2025 03:37:55.356853008 CET135663816483.222.19.70192.168.2.13
      Jan 19, 2025 03:37:55.356894970 CET135664789483.222.109.145192.168.2.13
      Jan 19, 2025 03:37:55.356895924 CET3816413566192.168.2.1383.222.19.70
      Jan 19, 2025 03:37:55.356924057 CET135664752883.222.218.154192.168.2.13
      Jan 19, 2025 03:37:55.356940031 CET4789413566192.168.2.1383.222.109.145
      Jan 19, 2025 03:37:55.356952906 CET135665159683.222.225.177192.168.2.13
      Jan 19, 2025 03:37:55.356956005 CET4752813566192.168.2.1383.222.218.154
      Jan 19, 2025 03:37:55.356981993 CET135664375883.222.14.74192.168.2.13
      Jan 19, 2025 03:37:55.356987953 CET5159613566192.168.2.1383.222.225.177
      Jan 19, 2025 03:37:55.357011080 CET135665379283.222.33.113192.168.2.13
      Jan 19, 2025 03:37:55.357021093 CET4375813566192.168.2.1383.222.14.74
      Jan 19, 2025 03:37:55.357040882 CET135664332083.222.125.7192.168.2.13
      Jan 19, 2025 03:37:55.357048988 CET5379213566192.168.2.1383.222.33.113
      Jan 19, 2025 03:37:55.357069016 CET135664334683.222.122.126192.168.2.13
      Jan 19, 2025 03:37:55.357084036 CET4332013566192.168.2.1383.222.125.7
      Jan 19, 2025 03:37:55.357098103 CET135663949483.222.242.176192.168.2.13
      Jan 19, 2025 03:37:55.357111931 CET4334613566192.168.2.1383.222.122.126
      Jan 19, 2025 03:37:55.357126951 CET135664423283.222.81.206192.168.2.13
      Jan 19, 2025 03:37:55.357132912 CET3949413566192.168.2.1383.222.242.176
      Jan 19, 2025 03:37:55.357156992 CET135663419883.222.178.143192.168.2.13
      Jan 19, 2025 03:37:55.357182980 CET4423213566192.168.2.1383.222.81.206
      Jan 19, 2025 03:37:55.357184887 CET135664997683.222.227.237192.168.2.13
      Jan 19, 2025 03:37:55.357192993 CET3419813566192.168.2.1383.222.178.143
      Jan 19, 2025 03:37:55.357213974 CET135665122483.222.211.36192.168.2.13
      Jan 19, 2025 03:37:55.357223988 CET4997613566192.168.2.1383.222.227.237
      Jan 19, 2025 03:37:55.357243061 CET135663546483.222.124.80192.168.2.13
      Jan 19, 2025 03:37:55.357258081 CET5122413566192.168.2.1383.222.211.36
      Jan 19, 2025 03:37:55.357270956 CET135664712283.222.126.32192.168.2.13
      Jan 19, 2025 03:37:55.357285976 CET3546413566192.168.2.1383.222.124.80
      Jan 19, 2025 03:37:55.357300043 CET135665554083.222.153.136192.168.2.13
      Jan 19, 2025 03:37:55.357320070 CET4712213566192.168.2.1383.222.126.32
      Jan 19, 2025 03:37:55.357328892 CET135664706083.222.210.183192.168.2.13
      Jan 19, 2025 03:37:55.357352972 CET5554013566192.168.2.1383.222.153.136
      Jan 19, 2025 03:37:55.357357025 CET135665318683.222.221.167192.168.2.13
      Jan 19, 2025 03:37:55.357372046 CET4706013566192.168.2.1383.222.210.183
      Jan 19, 2025 03:37:55.357387066 CET135664250883.222.117.151192.168.2.13
      Jan 19, 2025 03:37:55.357398987 CET5318613566192.168.2.1383.222.221.167
      Jan 19, 2025 03:37:55.357425928 CET4250813566192.168.2.1383.222.117.151
      Jan 19, 2025 03:37:55.357438087 CET135663746883.222.65.179192.168.2.13
      Jan 19, 2025 03:37:55.357474089 CET3746813566192.168.2.1383.222.65.179
      Jan 19, 2025 03:37:55.357480049 CET135665455883.222.105.190192.168.2.13
      Jan 19, 2025 03:37:55.357507944 CET135664509083.222.186.138192.168.2.13
      Jan 19, 2025 03:37:55.357518911 CET5455813566192.168.2.1383.222.105.190
      Jan 19, 2025 03:37:55.357537985 CET135663920483.222.48.53192.168.2.13
      Jan 19, 2025 03:37:55.357551098 CET4509013566192.168.2.1383.222.186.138
      Jan 19, 2025 03:37:55.357567072 CET135664664883.222.9.34192.168.2.13
      Jan 19, 2025 03:37:55.357590914 CET3920413566192.168.2.1383.222.48.53
      Jan 19, 2025 03:37:55.357595921 CET135665623083.222.229.90192.168.2.13
      Jan 19, 2025 03:37:55.357624054 CET135664845483.222.241.151192.168.2.13
      Jan 19, 2025 03:37:55.357631922 CET4664813566192.168.2.1383.222.9.34
      Jan 19, 2025 03:37:55.357636929 CET5623013566192.168.2.1383.222.229.90
      Jan 19, 2025 03:37:55.357651949 CET135663846283.222.233.196192.168.2.13
      Jan 19, 2025 03:37:55.357670069 CET4845413566192.168.2.1383.222.241.151
      Jan 19, 2025 03:37:55.357680082 CET135663728883.222.177.55192.168.2.13
      Jan 19, 2025 03:37:55.357703924 CET3846213566192.168.2.1383.222.233.196
      Jan 19, 2025 03:37:55.357709885 CET135663817883.222.187.204192.168.2.13
      Jan 19, 2025 03:37:55.357712984 CET3728813566192.168.2.1383.222.177.55
      Jan 19, 2025 03:37:55.357738018 CET135664880283.222.29.47192.168.2.13
      Jan 19, 2025 03:37:55.357759953 CET3817813566192.168.2.1383.222.187.204
      Jan 19, 2025 03:37:55.357767105 CET135665241283.222.87.146192.168.2.13
      Jan 19, 2025 03:37:55.357800961 CET4880213566192.168.2.1383.222.29.47
      Jan 19, 2025 03:37:55.357804060 CET135663926283.222.198.240192.168.2.13
      Jan 19, 2025 03:37:55.357805967 CET5241213566192.168.2.1383.222.87.146
      Jan 19, 2025 03:37:55.357832909 CET135663822683.222.26.164192.168.2.13
      Jan 19, 2025 03:37:55.357856989 CET3926213566192.168.2.1383.222.198.240
      Jan 19, 2025 03:37:55.357860088 CET135664335083.222.152.236192.168.2.13
      Jan 19, 2025 03:37:55.357882023 CET3822613566192.168.2.1383.222.26.164
      Jan 19, 2025 03:37:55.357888937 CET135665790083.222.91.217192.168.2.13
      Jan 19, 2025 03:37:55.357897997 CET4335013566192.168.2.1383.222.152.236
      Jan 19, 2025 03:37:55.357916117 CET135664279683.222.159.196192.168.2.13
      Jan 19, 2025 03:37:55.357933998 CET5790013566192.168.2.1383.222.91.217
      Jan 19, 2025 03:37:55.357943058 CET135663597283.222.152.90192.168.2.13
      Jan 19, 2025 03:37:55.357959986 CET4279613566192.168.2.1383.222.159.196
      Jan 19, 2025 03:37:55.357969999 CET135664543483.222.143.88192.168.2.13
      Jan 19, 2025 03:37:55.357984066 CET3597213566192.168.2.1383.222.152.90
      Jan 19, 2025 03:37:55.358000994 CET135664963883.222.79.200192.168.2.13
      Jan 19, 2025 03:37:55.358006001 CET4543413566192.168.2.1383.222.143.88
      Jan 19, 2025 03:37:55.358036995 CET135665915083.222.234.116192.168.2.13
      Jan 19, 2025 03:37:55.358045101 CET4963813566192.168.2.1383.222.79.200
      Jan 19, 2025 03:37:55.358064890 CET135665134283.222.178.219192.168.2.13
      Jan 19, 2025 03:37:55.358069897 CET5915013566192.168.2.1383.222.234.116
      Jan 19, 2025 03:37:55.358099937 CET135665570483.222.11.156192.168.2.13
      Jan 19, 2025 03:37:55.358107090 CET5134213566192.168.2.1383.222.178.219
      Jan 19, 2025 03:37:55.358128071 CET135664274683.222.159.198192.168.2.13
      Jan 19, 2025 03:37:55.358141899 CET5570413566192.168.2.1383.222.11.156
      Jan 19, 2025 03:37:55.358155966 CET135664879283.222.253.133192.168.2.13
      Jan 19, 2025 03:37:55.358169079 CET4274613566192.168.2.1383.222.159.198
      Jan 19, 2025 03:37:55.358184099 CET135663497283.222.127.84192.168.2.13
      Jan 19, 2025 03:37:55.358198881 CET4879213566192.168.2.1383.222.253.133
      Jan 19, 2025 03:37:55.358211994 CET135663450483.222.104.80192.168.2.13
      Jan 19, 2025 03:37:55.358222961 CET3497213566192.168.2.1383.222.127.84
      Jan 19, 2025 03:37:55.358241081 CET135665447883.222.69.49192.168.2.13
      Jan 19, 2025 03:37:55.358268976 CET135664326483.222.23.70192.168.2.13
      Jan 19, 2025 03:37:55.358272076 CET3450413566192.168.2.1383.222.104.80
      Jan 19, 2025 03:37:55.358273029 CET5447813566192.168.2.1383.222.69.49
      Jan 19, 2025 03:37:55.358297110 CET135664049083.222.29.69192.168.2.13
      Jan 19, 2025 03:37:55.358299971 CET4326413566192.168.2.1383.222.23.70
      Jan 19, 2025 03:37:55.358325005 CET135663654283.222.234.221192.168.2.13
      Jan 19, 2025 03:37:55.358338118 CET4049013566192.168.2.1383.222.29.69
      Jan 19, 2025 03:37:55.358354092 CET135664154483.222.182.189192.168.2.13
      Jan 19, 2025 03:37:55.358366013 CET3654213566192.168.2.1383.222.234.221
      Jan 19, 2025 03:37:55.358381033 CET135665310483.222.10.78192.168.2.13
      Jan 19, 2025 03:37:55.358386993 CET4154413566192.168.2.1383.222.182.189
      Jan 19, 2025 03:37:55.358407974 CET135665716283.222.23.89192.168.2.13
      Jan 19, 2025 03:37:55.358417034 CET5310413566192.168.2.1383.222.10.78
      Jan 19, 2025 03:37:55.358437061 CET135665814683.222.22.166192.168.2.13
      Jan 19, 2025 03:37:55.358452082 CET5716213566192.168.2.1383.222.23.89
      Jan 19, 2025 03:37:55.358467102 CET135665740683.222.26.99192.168.2.13
      Jan 19, 2025 03:37:55.358474970 CET5814613566192.168.2.1383.222.22.166
      Jan 19, 2025 03:37:55.358495951 CET135663592283.222.177.1192.168.2.13
      Jan 19, 2025 03:37:55.358503103 CET5740613566192.168.2.1383.222.26.99
      Jan 19, 2025 03:37:55.358524084 CET135663581683.222.220.37192.168.2.13
      Jan 19, 2025 03:37:55.358542919 CET3592213566192.168.2.1383.222.177.1
      Jan 19, 2025 03:37:55.358556032 CET135665716883.222.255.124192.168.2.13
      Jan 19, 2025 03:37:55.358565092 CET3581613566192.168.2.1383.222.220.37
      Jan 19, 2025 03:37:55.358596087 CET135663528283.222.235.104192.168.2.13
      Jan 19, 2025 03:37:55.358597040 CET5716813566192.168.2.1383.222.255.124
      Jan 19, 2025 03:37:55.358623981 CET135664045883.222.204.232192.168.2.13
      Jan 19, 2025 03:37:55.358632088 CET3528213566192.168.2.1383.222.235.104
      Jan 19, 2025 03:37:55.358652115 CET135664521883.222.237.76192.168.2.13
      Jan 19, 2025 03:37:55.358659983 CET4045813566192.168.2.1383.222.204.232
      Jan 19, 2025 03:37:55.358680964 CET135665680883.222.60.5192.168.2.13
      Jan 19, 2025 03:37:55.358694077 CET4521813566192.168.2.1383.222.237.76
      Jan 19, 2025 03:37:55.358709097 CET135664364083.222.146.129192.168.2.13
      Jan 19, 2025 03:37:55.358724117 CET5680813566192.168.2.1383.222.60.5
      Jan 19, 2025 03:37:55.358737946 CET135665768683.222.54.124192.168.2.13
      Jan 19, 2025 03:37:55.358756065 CET4364013566192.168.2.1383.222.146.129
      Jan 19, 2025 03:37:55.358767986 CET135665041283.222.94.84192.168.2.13
      Jan 19, 2025 03:37:55.358778954 CET5768613566192.168.2.1383.222.54.124
      Jan 19, 2025 03:37:55.358795881 CET135664642283.222.193.21192.168.2.13
      Jan 19, 2025 03:37:55.358812094 CET5041213566192.168.2.1383.222.94.84
      Jan 19, 2025 03:37:55.358825922 CET135664844883.222.17.203192.168.2.13
      Jan 19, 2025 03:37:55.358848095 CET4642213566192.168.2.1383.222.193.21
      Jan 19, 2025 03:37:55.358854055 CET135664408283.222.99.40192.168.2.13
      Jan 19, 2025 03:37:55.358881950 CET135665232083.222.36.122192.168.2.13
      Jan 19, 2025 03:37:55.358886003 CET4844813566192.168.2.1383.222.17.203
      Jan 19, 2025 03:37:55.358891964 CET4408213566192.168.2.1383.222.99.40
      Jan 19, 2025 03:37:55.358911037 CET135664840683.222.206.213192.168.2.13
      Jan 19, 2025 03:37:55.358918905 CET5232013566192.168.2.1383.222.36.122
      Jan 19, 2025 03:37:55.358937979 CET135665455083.222.123.232192.168.2.13
      Jan 19, 2025 03:37:55.358948946 CET4840613566192.168.2.1383.222.206.213
      Jan 19, 2025 03:37:55.358966112 CET135665335883.222.57.87192.168.2.13
      Jan 19, 2025 03:37:55.358982086 CET5455013566192.168.2.1383.222.123.232
      Jan 19, 2025 03:37:55.358994007 CET135665584283.222.13.56192.168.2.13
      Jan 19, 2025 03:37:55.358994007 CET5335813566192.168.2.1383.222.57.87
      Jan 19, 2025 03:37:55.359024048 CET135664098883.222.211.248192.168.2.13
      Jan 19, 2025 03:37:55.359028101 CET5584213566192.168.2.1383.222.13.56
      Jan 19, 2025 03:37:55.359054089 CET135665091883.222.160.160192.168.2.13
      Jan 19, 2025 03:37:55.359069109 CET4098813566192.168.2.1383.222.211.248
      Jan 19, 2025 03:37:55.359100103 CET5091813566192.168.2.1383.222.160.160
      Jan 19, 2025 03:37:55.361377001 CET4286813566192.168.2.1383.222.191.90
      Jan 19, 2025 03:37:55.366216898 CET135664286883.222.191.90192.168.2.13
      Jan 19, 2025 03:37:55.366266966 CET4286813566192.168.2.1383.222.191.90
      Jan 19, 2025 03:37:55.366785049 CET4286813566192.168.2.1383.222.191.90
      Jan 19, 2025 03:37:55.371660948 CET135664286883.222.191.90192.168.2.13
      Jan 19, 2025 03:37:55.371702909 CET4286813566192.168.2.1383.222.191.90
      Jan 19, 2025 03:37:55.376549959 CET135664286883.222.191.90192.168.2.13
      Jan 19, 2025 03:38:05.375456095 CET4286813566192.168.2.1383.222.191.90
      Jan 19, 2025 03:38:05.381164074 CET135664286883.222.191.90192.168.2.13
      Jan 19, 2025 03:38:05.577963114 CET135664286883.222.191.90192.168.2.13
      Jan 19, 2025 03:38:05.578217030 CET4286813566192.168.2.1383.222.191.90
      Jan 19, 2025 03:38:05.940383911 CET135664286883.222.191.90192.168.2.13
      Jan 19, 2025 03:38:05.940448999 CET4286813566192.168.2.1383.222.191.90
      Jan 19, 2025 03:39:05.990417004 CET4286813566192.168.2.1383.222.191.90
      Jan 19, 2025 03:39:05.995657921 CET135664286883.222.191.90192.168.2.13
      Jan 19, 2025 03:39:06.192183971 CET135664286883.222.191.90192.168.2.13
      Jan 19, 2025 03:39:06.192257881 CET4286813566192.168.2.1383.222.191.90
      Jan 19, 2025 03:39:06.940221071 CET135664286883.222.191.90192.168.2.13
      Jan 19, 2025 03:39:06.940340042 CET4286813566192.168.2.1383.222.191.90
      TimestampSource PortDest PortSource IPDest IP
      Jan 19, 2025 03:37:55.347783089 CET5326953192.168.2.138.8.8.8
      Jan 19, 2025 03:37:55.361305952 CET53532698.8.8.8192.168.2.13

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Jan 19, 2025 03:37:55.347783089 CET192.168.2.138.8.8.80xc9d8Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Jan 19, 2025 03:37:55.361305952 CET8.8.8.8192.168.2.130xc9d8No error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

      System Behavior

      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/tmp/Kloki.i686.elf
      Arguments:/tmp/Kloki.i686.elf
      File size:58512 bytes
      MD5 hash:402f0360f10fb6a1e4fa5db07ea2097e

      File Activities

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/tmp/Kloki.i686.elf
      Arguments:-
      File size:58512 bytes
      MD5 hash:402f0360f10fb6a1e4fa5db07ea2097e

      File Activities

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/tmp/Kloki.i686.elf
      Arguments:-
      File size:58512 bytes
      MD5 hash:402f0360f10fb6a1e4fa5db07ea2097e

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/tmp/Kloki.i686.elf
      Arguments:-
      File size:58512 bytes
      MD5 hash:402f0360f10fb6a1e4fa5db07ea2097e

      File Activities

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      File Activities

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/usr/libexec/gsd-rfkill
      Arguments:/usr/libexec/gsd-rfkill
      File size:51808 bytes
      MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

      File Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      File Activities

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/usr/bin/gnome-shell
      Arguments:/usr/bin/gnome-shell
      File size:23168 bytes
      MD5 hash:da7a257239677622fe4b3a65972c9e87

      File Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      File Activities

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/usr/libexec/gsd-sharing
      Arguments:/usr/libexec/gsd-sharing
      File size:35424 bytes
      MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      File Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/usr/sbin/gdm3
      Arguments:-
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      File Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/usr/sbin/gdm3
      Arguments:-
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Process Activities


      General

      Start time (UTC):02:37:54
      Start date (UTC):19/01/2025
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      File Activities


      General

      Start time (UTC):02:38:04
      Start date (UTC):19/01/2025
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Process Activities


      General

      Start time (UTC):02:38:04
      Start date (UTC):19/01/2025
      Path:/lib/systemd/systemd-user-runtime-dir
      Arguments:/lib/systemd/systemd-user-runtime-dir stop 127
      File size:22672 bytes
      MD5 hash:d55f4b0847f88131dbcfb07435178e54

      File Activities

      Process Activities