Linux
Analysis Report
Kloki.arm4.elf
Overview
General Information
Sample name: | Kloki.arm4.elf |
Analysis ID: | 1594506 |
MD5: | cdb33d02d278650cf9471987e8381ed1 |
SHA1: | c9c031a687931d46bf7f826ada46708a85b8656c |
SHA256: | 81fa7637ba78c674c4742411f3aece085bb8b3452a9b9ac8fcbd4d86472b333e |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1594506 |
Start date and time: | 2025-01-19 03:51:09 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | Kloki.arm4.elf |
Detection: | MAL |
Classification: | mal60.spre.linELF@0/0@1/0 |
Command: | /tmp/Kloki.arm4.elf |
PID: | 6269 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | suka |
Standard Error: |
- system is lnxubuntu20
- Kloki.arm4.elf New Fork (PID: 6271, Parent: 6269)
- Kloki.arm4.elf New Fork (PID: 6273, Parent: 6269)
- Kloki.arm4.elf New Fork (PID: 6275, Parent: 6273)
- gnome-session-binary New Fork (PID: 6297, Parent: 1477)
- gnome-session-binary New Fork (PID: 6299, Parent: 1477)
- gnome-session-binary New Fork (PID: 6301, Parent: 1477)
- gnome-session-binary New Fork (PID: 6302, Parent: 1477)
- gdm3 New Fork (PID: 6305, Parent: 1320)
- gdm3 New Fork (PID: 6306, Parent: 1320)
- cleanup
⊘No yara matches
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-19T03:52:25.208492+0100 | 2500034 | 2 | Misc Attack | 83.222.191.90 | 13566 | 192.168.2.23 | 42666 | TCP |
- • AV Detection
- • Spreading
- • Networking
- • System Summary
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link |
Source: | String: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | Suricata IDS: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 Service Stop |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
38% | Virustotal | Browse | ||
100% | Avira | EXP/ELF.Mirai.W |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
secure-network-rebirthltd.ru | 83.222.191.90 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
83.222.171.53 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.20.65 | unknown | Russian Federation | 25532 | MASTERHOST-ASMoscowRussiaRU | false | |
83.222.166.174 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.226.14 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.78.142 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.149.134 | unknown | Switzerland | 31736 | SENSELAN-ASsenseLANGmbHCH | false | |
83.222.165.55 | unknown | Bulgaria | 31037 | WAVENETLB | false | |
83.222.206.8 | unknown | Russian Federation | 6854 | SYNTERRA-ASRU | false | |
83.222.180.159 | unknown | Bulgaria | 205872 | EXTRANET-ASBG | false | |
83.222.116.4 | unknown | Russian Federation | 42632 | MNOGOBYTE-ASMoscowRussiaRU | false | |
83.222.173.73 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.68.227 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
83.222.251.5 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.163.194 | unknown | Bulgaria | 31037 | WAVENETLB | false | |
83.222.163.195 | unknown | Bulgaria | 31037 | WAVENETLB | false | |
83.222.69.29 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.233.53 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.203.69 | unknown | Russian Federation | 6854 | SYNTERRA-ASRU | false | |
83.222.9.187 | unknown | Russian Federation | 25532 | MASTERHOST-ASMoscowRussiaRU | false | |
83.222.6.129 | unknown | Russian Federation | 25532 | MASTERHOST-ASMoscowRussiaRU | false | |
83.222.220.209 | unknown | Russian Federation | 25159 | SONICDUO-ASRU | false | |
83.222.215.5 | unknown | Russian Federation | 25159 | SONICDUO-ASRU | false | |
83.222.255.142 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.199.151 | unknown | Russian Federation | 6854 | SYNTERRA-ASRU | false | |
83.222.164.6 | unknown | Bulgaria | 31037 | WAVENETLB | false | |
83.222.80.148 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.222.12 | unknown | Russian Federation | 25159 | SONICDUO-ASRU | false | |
83.222.133.221 | unknown | Switzerland | 31736 | SENSELAN-ASsenseLANGmbHCH | false | |
83.222.81.101 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.174.68 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.42.32 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.227.182 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.112.184 | unknown | Russian Federation | 42632 | MNOGOBYTE-ASMoscowRussiaRU | false | |
83.222.207.75 | unknown | Russian Federation | 6854 | SYNTERRA-ASRU | false | |
83.222.92.93 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.95.169 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
83.222.253.144 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.52.36 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.144.97 | unknown | Switzerland | 31736 | SENSELAN-ASsenseLANGmbHCH | false | |
83.222.61.253 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.158.150 | unknown | Switzerland | 31736 | SENSELAN-ASsenseLANGmbHCH | false | |
83.222.80.179 | unknown | Russian Federation | 16285 | ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU | false | |
34.249.145.219 | unknown | United States | 16509 | AMAZON-02US | false | |
83.222.32.27 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.175.31 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.45.242 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.183.146 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.191.90 | secure-network-rebirthltd.ru | Bulgaria | 43561 | NET1-ASBG | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
83.222.162.242 | unknown | Bulgaria | 31037 | WAVENETLB | false | |
83.222.240.49 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.251.105 | unknown | United Kingdom | 13768 | COGECO-PEER1CA | false | |
83.222.8.97 | unknown | Russian Federation | 25532 | MASTERHOST-ASMoscowRussiaRU | false | |
83.222.114.40 | unknown | Russian Federation | 42632 | MNOGOBYTE-ASMoscowRussiaRU | false | |
83.222.57.206 | unknown | Luxembourg | 8632 | LOL-ASluLU | false | |
83.222.176.201 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
83.222.180.129 | unknown | Bulgaria | 205872 | EXTRANET-ASBG | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
83.222.199.151 | Get hash | malicious | Unknown | Browse | ||
91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
secure-network-rebirthltd.ru | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
GCN-ASGCNAD-SofiaBulgariaBG | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
GCN-ASGCNAD-SofiaBulgariaBG | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MASTERHOST-ASMoscowRussiaRU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.058865395639803 |
TrID: |
|
File name: | Kloki.arm4.elf |
File size: | 66'908 bytes |
MD5: | cdb33d02d278650cf9471987e8381ed1 |
SHA1: | c9c031a687931d46bf7f826ada46708a85b8656c |
SHA256: | 81fa7637ba78c674c4742411f3aece085bb8b3452a9b9ac8fcbd4d86472b333e |
SHA512: | 7cd136a23fb25da336564fc73b96d2c0f3b50dbbb70d779cb57d57fbf76ab00602e13b1240e823e6f4162392b09be615c02573b7c539444035aeb925f39c511f |
SSDEEP: | 1536:4oW+Gx/9AHr6IfuW3WS7YdL/QzyEwSK8vnL:pW+GFIfn3F7YdkDwinL |
TLSH: | 57632981BD815A17C6D412BBFB6E428C372723A8D2DB7217DD226F11378A92F0D77642 |
File Content Preview: | .ELF...a..........(.........4...........4. ...(..........................................................5..........Q.td..................................-...L."...b:..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 66508 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0xe9c0 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x16a70 | 0xea70 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x16a84 | 0xea84 | 0x1320 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x18000 | 0x10000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x18008 | 0x10008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x18014 | 0x10014 | 0x378 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x1838c | 0x1038c | 0x3174 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x1038c | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0xfda4 | 0xfda4 | 6.1233 | 0x5 | R E | 0x8000 | .init .text .fini .rodata | |
LOAD | 0x10000 | 0x18000 | 0x18000 | 0x38c | 0x3500 | 2.8004 | 0x6 | RW | 0x8000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-19T03:52:25.208492+0100 | 2500034 | ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 | 2 | 83.222.191.90 | 13566 | 192.168.2.23 | 42666 | TCP |
- Total Packets: 136
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 19, 2025 03:52:24.872473955 CET | 51792 | 13566 | 192.168.2.23 | 83.222.251.105 |
Jan 19, 2025 03:52:24.877542973 CET | 13566 | 51792 | 83.222.251.105 | 192.168.2.23 |
Jan 19, 2025 03:52:24.877618074 CET | 51792 | 13566 | 192.168.2.23 | 83.222.251.105 |
Jan 19, 2025 03:52:24.877837896 CET | 41942 | 13566 | 192.168.2.23 | 83.222.52.36 |
Jan 19, 2025 03:52:24.882673979 CET | 13566 | 41942 | 83.222.52.36 | 192.168.2.23 |
Jan 19, 2025 03:52:24.882725954 CET | 41942 | 13566 | 192.168.2.23 | 83.222.52.36 |
Jan 19, 2025 03:52:24.886008024 CET | 41942 | 13566 | 192.168.2.23 | 83.222.52.36 |
Jan 19, 2025 03:52:24.890846014 CET | 13566 | 41942 | 83.222.52.36 | 192.168.2.23 |
Jan 19, 2025 03:52:24.891000032 CET | 41942 | 13566 | 192.168.2.23 | 83.222.52.36 |
Jan 19, 2025 03:52:24.904104948 CET | 56814 | 13566 | 192.168.2.23 | 83.222.175.31 |
Jan 19, 2025 03:52:24.907350063 CET | 47794 | 13566 | 192.168.2.23 | 83.222.255.142 |
Jan 19, 2025 03:52:24.908962011 CET | 13566 | 56814 | 83.222.175.31 | 192.168.2.23 |
Jan 19, 2025 03:52:24.909012079 CET | 56814 | 13566 | 192.168.2.23 | 83.222.175.31 |
Jan 19, 2025 03:52:24.912256002 CET | 13566 | 47794 | 83.222.255.142 | 192.168.2.23 |
Jan 19, 2025 03:52:24.912339926 CET | 47794 | 13566 | 192.168.2.23 | 83.222.255.142 |
Jan 19, 2025 03:52:24.922178984 CET | 47794 | 13566 | 192.168.2.23 | 83.222.255.142 |
Jan 19, 2025 03:52:24.927011013 CET | 13566 | 47794 | 83.222.255.142 | 192.168.2.23 |
Jan 19, 2025 03:52:24.927025080 CET | 13566 | 47794 | 83.222.255.142 | 192.168.2.23 |
Jan 19, 2025 03:52:24.927066088 CET | 47794 | 13566 | 192.168.2.23 | 83.222.255.142 |
Jan 19, 2025 03:52:24.948527098 CET | 47886 | 13566 | 192.168.2.23 | 83.222.162.242 |
Jan 19, 2025 03:52:24.950326920 CET | 42100 | 13566 | 192.168.2.23 | 83.222.9.187 |
Jan 19, 2025 03:52:24.952213049 CET | 53900 | 13566 | 192.168.2.23 | 83.222.164.6 |
Jan 19, 2025 03:52:24.953437090 CET | 13566 | 47886 | 83.222.162.242 | 192.168.2.23 |
Jan 19, 2025 03:52:24.953496933 CET | 47886 | 13566 | 192.168.2.23 | 83.222.162.242 |
Jan 19, 2025 03:52:24.955208063 CET | 13566 | 42100 | 83.222.9.187 | 192.168.2.23 |
Jan 19, 2025 03:52:24.955260992 CET | 42100 | 13566 | 192.168.2.23 | 83.222.9.187 |
Jan 19, 2025 03:52:24.955837011 CET | 41096 | 13566 | 192.168.2.23 | 83.222.80.148 |
Jan 19, 2025 03:52:24.957076073 CET | 13566 | 53900 | 83.222.164.6 | 192.168.2.23 |
Jan 19, 2025 03:52:24.957128048 CET | 53900 | 13566 | 192.168.2.23 | 83.222.164.6 |
Jan 19, 2025 03:52:24.959120989 CET | 36022 | 13566 | 192.168.2.23 | 83.222.206.8 |
Jan 19, 2025 03:52:24.960822105 CET | 13566 | 41096 | 83.222.80.148 | 192.168.2.23 |
Jan 19, 2025 03:52:24.960891008 CET | 41096 | 13566 | 192.168.2.23 | 83.222.80.148 |
Jan 19, 2025 03:52:24.962544918 CET | 36996 | 13566 | 192.168.2.23 | 83.222.163.195 |
Jan 19, 2025 03:52:24.964000940 CET | 13566 | 36022 | 83.222.206.8 | 192.168.2.23 |
Jan 19, 2025 03:52:24.964055061 CET | 36022 | 13566 | 192.168.2.23 | 83.222.206.8 |
Jan 19, 2025 03:52:24.965857029 CET | 48536 | 13566 | 192.168.2.23 | 83.222.69.29 |
Jan 19, 2025 03:52:24.967407942 CET | 13566 | 36996 | 83.222.163.195 | 192.168.2.23 |
Jan 19, 2025 03:52:24.967463017 CET | 36996 | 13566 | 192.168.2.23 | 83.222.163.195 |
Jan 19, 2025 03:52:24.969419956 CET | 53818 | 13566 | 192.168.2.23 | 83.222.199.151 |
Jan 19, 2025 03:52:24.970741987 CET | 13566 | 48536 | 83.222.69.29 | 192.168.2.23 |
Jan 19, 2025 03:52:24.970791101 CET | 48536 | 13566 | 192.168.2.23 | 83.222.69.29 |
Jan 19, 2025 03:52:24.972165108 CET | 49040 | 13566 | 192.168.2.23 | 83.222.112.184 |
Jan 19, 2025 03:52:24.974307060 CET | 13566 | 53818 | 83.222.199.151 | 192.168.2.23 |
Jan 19, 2025 03:52:24.974361897 CET | 53818 | 13566 | 192.168.2.23 | 83.222.199.151 |
Jan 19, 2025 03:52:24.976465940 CET | 49630 | 13566 | 192.168.2.23 | 83.222.171.53 |
Jan 19, 2025 03:52:24.977154016 CET | 13566 | 49040 | 83.222.112.184 | 192.168.2.23 |
Jan 19, 2025 03:52:24.977202892 CET | 49040 | 13566 | 192.168.2.23 | 83.222.112.184 |
Jan 19, 2025 03:52:24.980680943 CET | 47014 | 13566 | 192.168.2.23 | 83.222.149.134 |
Jan 19, 2025 03:52:24.981283903 CET | 13566 | 49630 | 83.222.171.53 | 192.168.2.23 |
Jan 19, 2025 03:52:24.981336117 CET | 49630 | 13566 | 192.168.2.23 | 83.222.171.53 |
Jan 19, 2025 03:52:24.983352900 CET | 52028 | 13566 | 192.168.2.23 | 83.222.253.144 |
Jan 19, 2025 03:52:24.985532999 CET | 13566 | 47014 | 83.222.149.134 | 192.168.2.23 |
Jan 19, 2025 03:52:24.985589981 CET | 47014 | 13566 | 192.168.2.23 | 83.222.149.134 |
Jan 19, 2025 03:52:24.985773087 CET | 54016 | 13566 | 192.168.2.23 | 83.222.240.49 |
Jan 19, 2025 03:52:24.987670898 CET | 58248 | 13566 | 192.168.2.23 | 83.222.180.159 |
Jan 19, 2025 03:52:24.988219976 CET | 13566 | 52028 | 83.222.253.144 | 192.168.2.23 |
Jan 19, 2025 03:52:24.988274097 CET | 52028 | 13566 | 192.168.2.23 | 83.222.253.144 |
Jan 19, 2025 03:52:24.990603924 CET | 13566 | 54016 | 83.222.240.49 | 192.168.2.23 |
Jan 19, 2025 03:52:24.990674019 CET | 54016 | 13566 | 192.168.2.23 | 83.222.240.49 |
Jan 19, 2025 03:52:24.992676020 CET | 13566 | 58248 | 83.222.180.159 | 192.168.2.23 |
Jan 19, 2025 03:52:24.992734909 CET | 58248 | 13566 | 192.168.2.23 | 83.222.180.159 |
Jan 19, 2025 03:52:24.993937969 CET | 39632 | 13566 | 192.168.2.23 | 83.222.80.179 |
Jan 19, 2025 03:52:24.995594025 CET | 52934 | 13566 | 192.168.2.23 | 83.222.45.242 |
Jan 19, 2025 03:52:24.996824026 CET | 37852 | 13566 | 192.168.2.23 | 83.222.165.55 |
Jan 19, 2025 03:52:24.998838902 CET | 13566 | 39632 | 83.222.80.179 | 192.168.2.23 |
Jan 19, 2025 03:52:24.998953104 CET | 39632 | 13566 | 192.168.2.23 | 83.222.80.179 |
Jan 19, 2025 03:52:25.000466108 CET | 13566 | 52934 | 83.222.45.242 | 192.168.2.23 |
Jan 19, 2025 03:52:25.000574112 CET | 52934 | 13566 | 192.168.2.23 | 83.222.45.242 |
Jan 19, 2025 03:52:25.001679897 CET | 13566 | 37852 | 83.222.165.55 | 192.168.2.23 |
Jan 19, 2025 03:52:25.001766920 CET | 37852 | 13566 | 192.168.2.23 | 83.222.165.55 |
Jan 19, 2025 03:52:25.004606009 CET | 38578 | 13566 | 192.168.2.23 | 83.222.173.73 |
Jan 19, 2025 03:52:25.009834051 CET | 13566 | 38578 | 83.222.173.73 | 192.168.2.23 |
Jan 19, 2025 03:52:25.009897947 CET | 38578 | 13566 | 192.168.2.23 | 83.222.173.73 |
Jan 19, 2025 03:52:25.014877081 CET | 38578 | 13566 | 192.168.2.23 | 83.222.173.73 |
Jan 19, 2025 03:52:25.015252113 CET | 39060 | 13566 | 192.168.2.23 | 83.222.61.253 |
Jan 19, 2025 03:52:25.016130924 CET | 50816 | 13566 | 192.168.2.23 | 83.222.222.12 |
Jan 19, 2025 03:52:25.019762993 CET | 13566 | 38578 | 83.222.173.73 | 192.168.2.23 |
Jan 19, 2025 03:52:25.019823074 CET | 38578 | 13566 | 192.168.2.23 | 83.222.173.73 |
Jan 19, 2025 03:52:25.020061970 CET | 13566 | 39060 | 83.222.61.253 | 192.168.2.23 |
Jan 19, 2025 03:52:25.020139933 CET | 39060 | 13566 | 192.168.2.23 | 83.222.61.253 |
Jan 19, 2025 03:52:25.020994902 CET | 13566 | 50816 | 83.222.222.12 | 192.168.2.23 |
Jan 19, 2025 03:52:25.021044970 CET | 50816 | 13566 | 192.168.2.23 | 83.222.222.12 |
Jan 19, 2025 03:52:25.032804012 CET | 37168 | 13566 | 192.168.2.23 | 83.222.6.129 |
Jan 19, 2025 03:52:25.033679008 CET | 57616 | 13566 | 192.168.2.23 | 83.222.207.75 |
Jan 19, 2025 03:52:25.034744024 CET | 46602 | 13566 | 192.168.2.23 | 83.222.158.150 |
Jan 19, 2025 03:52:25.035636902 CET | 55848 | 13566 | 192.168.2.23 | 83.222.226.14 |
Jan 19, 2025 03:52:25.036642075 CET | 41186 | 13566 | 192.168.2.23 | 83.222.78.142 |
Jan 19, 2025 03:52:25.037655115 CET | 13566 | 37168 | 83.222.6.129 | 192.168.2.23 |
Jan 19, 2025 03:52:25.037714005 CET | 37168 | 13566 | 192.168.2.23 | 83.222.6.129 |
Jan 19, 2025 03:52:25.037946939 CET | 39742 | 13566 | 192.168.2.23 | 83.222.68.227 |
Jan 19, 2025 03:52:25.038588047 CET | 13566 | 57616 | 83.222.207.75 | 192.168.2.23 |
Jan 19, 2025 03:52:25.038640976 CET | 57616 | 13566 | 192.168.2.23 | 83.222.207.75 |
Jan 19, 2025 03:52:25.039602041 CET | 13566 | 46602 | 83.222.158.150 | 192.168.2.23 |
Jan 19, 2025 03:52:25.039654970 CET | 46602 | 13566 | 192.168.2.23 | 83.222.158.150 |
Jan 19, 2025 03:52:25.039938927 CET | 58198 | 13566 | 192.168.2.23 | 83.222.20.65 |
Jan 19, 2025 03:52:25.040489912 CET | 13566 | 55848 | 83.222.226.14 | 192.168.2.23 |
Jan 19, 2025 03:52:25.040546894 CET | 55848 | 13566 | 192.168.2.23 | 83.222.226.14 |
Jan 19, 2025 03:52:25.042479038 CET | 13566 | 41186 | 83.222.78.142 | 192.168.2.23 |
Jan 19, 2025 03:52:25.042612076 CET | 41186 | 13566 | 192.168.2.23 | 83.222.78.142 |
Jan 19, 2025 03:52:25.043443918 CET | 13566 | 39742 | 83.222.68.227 | 192.168.2.23 |
Jan 19, 2025 03:52:25.043500900 CET | 39742 | 13566 | 192.168.2.23 | 83.222.68.227 |
Jan 19, 2025 03:52:25.044719934 CET | 13566 | 58198 | 83.222.20.65 | 192.168.2.23 |
Jan 19, 2025 03:52:25.044806004 CET | 58198 | 13566 | 192.168.2.23 | 83.222.20.65 |
Jan 19, 2025 03:52:25.044836998 CET | 58198 | 13566 | 192.168.2.23 | 83.222.20.65 |
Jan 19, 2025 03:52:25.045377970 CET | 51724 | 13566 | 192.168.2.23 | 83.222.116.4 |
Jan 19, 2025 03:52:25.047287941 CET | 36030 | 13566 | 192.168.2.23 | 83.222.114.40 |
Jan 19, 2025 03:52:25.049860001 CET | 13566 | 58198 | 83.222.20.65 | 192.168.2.23 |
Jan 19, 2025 03:52:25.049916983 CET | 58198 | 13566 | 192.168.2.23 | 83.222.20.65 |
Jan 19, 2025 03:52:25.050255060 CET | 13566 | 51724 | 83.222.116.4 | 192.168.2.23 |
Jan 19, 2025 03:52:25.050379038 CET | 51724 | 13566 | 192.168.2.23 | 83.222.116.4 |
Jan 19, 2025 03:52:25.052167892 CET | 13566 | 36030 | 83.222.114.40 | 192.168.2.23 |
Jan 19, 2025 03:52:25.052232027 CET | 36030 | 13566 | 192.168.2.23 | 83.222.114.40 |
Jan 19, 2025 03:52:25.076719999 CET | 33484 | 13566 | 192.168.2.23 | 83.222.163.194 |
Jan 19, 2025 03:52:25.081656933 CET | 13566 | 33484 | 83.222.163.194 | 192.168.2.23 |
Jan 19, 2025 03:52:25.081731081 CET | 33484 | 13566 | 192.168.2.23 | 83.222.163.194 |
Jan 19, 2025 03:52:25.085426092 CET | 46334 | 13566 | 192.168.2.23 | 83.222.220.209 |
Jan 19, 2025 03:52:25.090270042 CET | 13566 | 46334 | 83.222.220.209 | 192.168.2.23 |
Jan 19, 2025 03:52:25.090326071 CET | 46334 | 13566 | 192.168.2.23 | 83.222.220.209 |
Jan 19, 2025 03:52:25.090682983 CET | 46334 | 13566 | 192.168.2.23 | 83.222.220.209 |
Jan 19, 2025 03:52:25.092812061 CET | 48646 | 13566 | 192.168.2.23 | 83.222.180.129 |
Jan 19, 2025 03:52:25.093123913 CET | 39258 | 443 | 192.168.2.23 | 34.249.145.219 |
Jan 19, 2025 03:52:25.095555067 CET | 13566 | 46334 | 83.222.220.209 | 192.168.2.23 |
Jan 19, 2025 03:52:25.095616102 CET | 46334 | 13566 | 192.168.2.23 | 83.222.220.209 |
Jan 19, 2025 03:52:25.097728968 CET | 13566 | 48646 | 83.222.180.129 | 192.168.2.23 |
Jan 19, 2025 03:52:25.097800970 CET | 48646 | 13566 | 192.168.2.23 | 83.222.180.129 |
Jan 19, 2025 03:52:25.110728979 CET | 48646 | 13566 | 192.168.2.23 | 83.222.180.129 |
Jan 19, 2025 03:52:25.115633965 CET | 13566 | 48646 | 83.222.180.129 | 192.168.2.23 |
Jan 19, 2025 03:52:25.115708113 CET | 48646 | 13566 | 192.168.2.23 | 83.222.180.129 |
Jan 19, 2025 03:52:25.130090952 CET | 34484 | 13566 | 192.168.2.23 | 83.222.8.97 |
Jan 19, 2025 03:52:25.133135080 CET | 53500 | 13566 | 192.168.2.23 | 83.222.203.69 |
Jan 19, 2025 03:52:25.135071039 CET | 13566 | 34484 | 83.222.8.97 | 192.168.2.23 |
Jan 19, 2025 03:52:25.135139942 CET | 34484 | 13566 | 192.168.2.23 | 83.222.8.97 |
Jan 19, 2025 03:52:25.138011932 CET | 13566 | 53500 | 83.222.203.69 | 192.168.2.23 |
Jan 19, 2025 03:52:25.138070107 CET | 53500 | 13566 | 192.168.2.23 | 83.222.203.69 |
Jan 19, 2025 03:52:25.138967991 CET | 443 | 39258 | 34.249.145.219 | 192.168.2.23 |
Jan 19, 2025 03:52:25.142231941 CET | 55874 | 13566 | 192.168.2.23 | 83.222.95.169 |
Jan 19, 2025 03:52:25.145289898 CET | 49306 | 13566 | 192.168.2.23 | 83.222.81.101 |
Jan 19, 2025 03:52:25.147084951 CET | 13566 | 55874 | 83.222.95.169 | 192.168.2.23 |
Jan 19, 2025 03:52:25.147134066 CET | 55874 | 13566 | 192.168.2.23 | 83.222.95.169 |
Jan 19, 2025 03:52:25.147329092 CET | 38758 | 13566 | 192.168.2.23 | 83.222.42.32 |
Jan 19, 2025 03:52:25.149277925 CET | 58324 | 13566 | 192.168.2.23 | 83.222.176.201 |
Jan 19, 2025 03:52:25.150109053 CET | 13566 | 49306 | 83.222.81.101 | 192.168.2.23 |
Jan 19, 2025 03:52:25.150152922 CET | 49306 | 13566 | 192.168.2.23 | 83.222.81.101 |
Jan 19, 2025 03:52:25.151361942 CET | 49234 | 13566 | 192.168.2.23 | 83.222.183.146 |
Jan 19, 2025 03:52:25.152211905 CET | 13566 | 38758 | 83.222.42.32 | 192.168.2.23 |
Jan 19, 2025 03:52:25.152262926 CET | 38758 | 13566 | 192.168.2.23 | 83.222.42.32 |
Jan 19, 2025 03:52:25.153505087 CET | 51476 | 13566 | 192.168.2.23 | 83.222.215.5 |
Jan 19, 2025 03:52:25.154180050 CET | 13566 | 58324 | 83.222.176.201 | 192.168.2.23 |
Jan 19, 2025 03:52:25.154221058 CET | 58324 | 13566 | 192.168.2.23 | 83.222.176.201 |
Jan 19, 2025 03:52:25.155220032 CET | 52508 | 13566 | 192.168.2.23 | 83.222.32.27 |
Jan 19, 2025 03:52:25.156255007 CET | 13566 | 49234 | 83.222.183.146 | 192.168.2.23 |
Jan 19, 2025 03:52:25.156315088 CET | 49234 | 13566 | 192.168.2.23 | 83.222.183.146 |
Jan 19, 2025 03:52:25.156992912 CET | 60404 | 13566 | 192.168.2.23 | 83.222.233.53 |
Jan 19, 2025 03:52:25.158318043 CET | 13566 | 51476 | 83.222.215.5 | 192.168.2.23 |
Jan 19, 2025 03:52:25.158365965 CET | 51476 | 13566 | 192.168.2.23 | 83.222.215.5 |
Jan 19, 2025 03:52:25.160010099 CET | 13566 | 52508 | 83.222.32.27 | 192.168.2.23 |
Jan 19, 2025 03:52:25.160067081 CET | 52508 | 13566 | 192.168.2.23 | 83.222.32.27 |
Jan 19, 2025 03:52:25.161784887 CET | 13566 | 60404 | 83.222.233.53 | 192.168.2.23 |
Jan 19, 2025 03:52:25.161842108 CET | 60404 | 13566 | 192.168.2.23 | 83.222.233.53 |
Jan 19, 2025 03:52:25.162614107 CET | 42506 | 13566 | 192.168.2.23 | 83.222.92.93 |
Jan 19, 2025 03:52:25.164938927 CET | 56520 | 13566 | 192.168.2.23 | 83.222.57.206 |
Jan 19, 2025 03:52:25.167512894 CET | 13566 | 42506 | 83.222.92.93 | 192.168.2.23 |
Jan 19, 2025 03:52:25.167572021 CET | 42506 | 13566 | 192.168.2.23 | 83.222.92.93 |
Jan 19, 2025 03:52:25.169743061 CET | 13566 | 56520 | 83.222.57.206 | 192.168.2.23 |
Jan 19, 2025 03:52:25.169792891 CET | 56520 | 13566 | 192.168.2.23 | 83.222.57.206 |
Jan 19, 2025 03:52:25.171066999 CET | 55628 | 13566 | 192.168.2.23 | 83.222.133.221 |
Jan 19, 2025 03:52:25.175962925 CET | 13566 | 55628 | 83.222.133.221 | 192.168.2.23 |
Jan 19, 2025 03:52:25.176024914 CET | 55628 | 13566 | 192.168.2.23 | 83.222.133.221 |
Jan 19, 2025 03:52:25.176373959 CET | 43072 | 13566 | 192.168.2.23 | 83.222.144.97 |
Jan 19, 2025 03:52:25.178447962 CET | 36576 | 13566 | 192.168.2.23 | 83.222.174.68 |
Jan 19, 2025 03:52:25.181197882 CET | 13566 | 43072 | 83.222.144.97 | 192.168.2.23 |
Jan 19, 2025 03:52:25.181215048 CET | 54438 | 13566 | 192.168.2.23 | 83.222.227.182 |
Jan 19, 2025 03:52:25.181248903 CET | 43072 | 13566 | 192.168.2.23 | 83.222.144.97 |
Jan 19, 2025 03:52:25.183296919 CET | 13566 | 36576 | 83.222.174.68 | 192.168.2.23 |
Jan 19, 2025 03:52:25.183342934 CET | 36576 | 13566 | 192.168.2.23 | 83.222.174.68 |
Jan 19, 2025 03:52:25.183703899 CET | 37320 | 13566 | 192.168.2.23 | 83.222.166.174 |
Jan 19, 2025 03:52:25.185789108 CET | 58710 | 13566 | 192.168.2.23 | 83.222.251.5 |
Jan 19, 2025 03:52:25.186075926 CET | 13566 | 54438 | 83.222.227.182 | 192.168.2.23 |
Jan 19, 2025 03:52:25.186125994 CET | 54438 | 13566 | 192.168.2.23 | 83.222.227.182 |
Jan 19, 2025 03:52:25.188524961 CET | 13566 | 37320 | 83.222.166.174 | 192.168.2.23 |
Jan 19, 2025 03:52:25.188575983 CET | 37320 | 13566 | 192.168.2.23 | 83.222.166.174 |
Jan 19, 2025 03:52:25.190644979 CET | 13566 | 58710 | 83.222.251.5 | 192.168.2.23 |
Jan 19, 2025 03:52:25.190706968 CET | 58710 | 13566 | 192.168.2.23 | 83.222.251.5 |
Jan 19, 2025 03:52:25.203547001 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Jan 19, 2025 03:52:25.208492041 CET | 13566 | 42666 | 83.222.191.90 | 192.168.2.23 |
Jan 19, 2025 03:52:25.208563089 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Jan 19, 2025 03:52:25.214273930 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Jan 19, 2025 03:52:25.219173908 CET | 13566 | 42666 | 83.222.191.90 | 192.168.2.23 |
Jan 19, 2025 03:52:25.219228983 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Jan 19, 2025 03:52:25.224085093 CET | 13566 | 42666 | 83.222.191.90 | 192.168.2.23 |
Jan 19, 2025 03:52:35.222944975 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Jan 19, 2025 03:52:35.228728056 CET | 13566 | 42666 | 83.222.191.90 | 192.168.2.23 |
Jan 19, 2025 03:52:35.434390068 CET | 13566 | 42666 | 83.222.191.90 | 192.168.2.23 |
Jan 19, 2025 03:52:35.434568882 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Jan 19, 2025 03:52:35.809431076 CET | 13566 | 42666 | 83.222.191.90 | 192.168.2.23 |
Jan 19, 2025 03:52:35.809494972 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Jan 19, 2025 03:52:37.067358971 CET | 443 | 39258 | 34.249.145.219 | 192.168.2.23 |
Jan 19, 2025 03:52:37.067528009 CET | 39258 | 443 | 192.168.2.23 | 34.249.145.219 |
Jan 19, 2025 03:52:41.026026011 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Jan 19, 2025 03:52:43.073879957 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Jan 19, 2025 03:53:24.027992964 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Jan 19, 2025 03:53:35.854701042 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Jan 19, 2025 03:53:35.861358881 CET | 13566 | 42666 | 83.222.191.90 | 192.168.2.23 |
Jan 19, 2025 03:53:36.053762913 CET | 13566 | 42666 | 83.222.191.90 | 192.168.2.23 |
Jan 19, 2025 03:53:36.054265976 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Jan 19, 2025 03:53:36.809412003 CET | 13566 | 42666 | 83.222.191.90 | 192.168.2.23 |
Jan 19, 2025 03:53:36.809848070 CET | 42666 | 13566 | 192.168.2.23 | 83.222.191.90 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 19, 2025 03:52:25.191862106 CET | 50287 | 53 | 192.168.2.23 | 8.8.8.8 |
Jan 19, 2025 03:52:25.201950073 CET | 53 | 50287 | 8.8.8.8 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 19, 2025 03:52:25.191862106 CET | 192.168.2.23 | 8.8.8.8 | 0x82b2 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 19, 2025 03:52:25.201950073 CET | 8.8.8.8 | 192.168.2.23 | 0x82b2 | No error (0) | 83.222.191.90 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /tmp/Kloki.arm4.elf |
Arguments: | /tmp/Kloki.arm4.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /tmp/Kloki.arm4.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /tmp/Kloki.arm4.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /tmp/Kloki.arm4.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gsd-sharing |
Arguments: | /usr/libexec/gsd-sharing |
File size: | 35424 bytes |
MD5 hash: | e29d9025d98590fbb69f89fdbd4438b3 |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gsd-print-notifications |
Arguments: | /usr/libexec/gsd-print-notifications |
File size: | 51840 bytes |
MD5 hash: | 71539698aa691718cee775d6b9450ae2 |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 02:52:24 |
Start date (UTC): | 19/01/2025 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:52:25 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/sbin/gdm3 |
Arguments: | - |
File size: | 453296 bytes |
MD5 hash: | 2492e2d8d34f9377e3e530a61a15674f |
Start time (UTC): | 02:52:25 |
Start date (UTC): | 19/01/2025 |
Path: | /etc/gdm3/PrimeOff/Default |
Arguments: | /etc/gdm3/PrimeOff/Default |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:52:25 |
Start date (UTC): | 19/01/2025 |
Path: | /usr/sbin/gdm3 |
Arguments: | - |
File size: | 453296 bytes |
MD5 hash: | 2492e2d8d34f9377e3e530a61a15674f |
Start time (UTC): | 02:52:25 |
Start date (UTC): | 19/01/2025 |
Path: | /etc/gdm3/PrimeOff/Default |
Arguments: | /etc/gdm3/PrimeOff/Default |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |