Edit tour

Linux Analysis Report
Kloki.arm4.elf

Overview

General Information

Sample name:Kloki.arm4.elf
Analysis ID:1594506
MD5:cdb33d02d278650cf9471987e8381ed1
SHA1:c9c031a687931d46bf7f826ada46708a85b8656c
SHA256:81fa7637ba78c674c4742411f3aece085bb8b3452a9b9ac8fcbd4d86472b333e
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1594506
Start date and time:2025-01-19 03:51:09 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 12s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.arm4.elf
Detection:MAL
Classification:mal60.spre.linELF@0/0@1/0
Command:/tmp/Kloki.arm4.elf
PID:6269
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:
  • system is lnxubuntu20
  • sh (PID: 6297, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 6297, Parent: 1477, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • sh (PID: 6299, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
  • sh (PID: 6301, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 6301, Parent: 1477, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • sh (PID: 6302, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gdm3 New Fork (PID: 6305, Parent: 1320)
  • Default (PID: 6305, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6306, Parent: 1320)
  • Default (PID: 6306, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • cleanup
No yara matches
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-19T03:52:25.208492+010025000342Misc Attack83.222.191.9013566192.168.2.2342666TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Kloki.arm4.elfAvira: detected
Source: Kloki.arm4.elfVirustotal: Detection: 38%Perma Link
Source: Kloki.arm4.elfString: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffinitsystemctltelinitcatgrepshashbashzshcshkshdashfish
Source: global trafficTCP traffic: 192.168.2.23:51792 -> 83.222.251.105:13566
Source: global trafficTCP traffic: 192.168.2.23:41942 -> 83.222.52.36:13566
Source: global trafficTCP traffic: 192.168.2.23:56814 -> 83.222.175.31:13566
Source: global trafficTCP traffic: 192.168.2.23:47794 -> 83.222.255.142:13566
Source: global trafficTCP traffic: 192.168.2.23:47886 -> 83.222.162.242:13566
Source: global trafficTCP traffic: 192.168.2.23:42100 -> 83.222.9.187:13566
Source: global trafficTCP traffic: 192.168.2.23:53900 -> 83.222.164.6:13566
Source: global trafficTCP traffic: 192.168.2.23:41096 -> 83.222.80.148:13566
Source: global trafficTCP traffic: 192.168.2.23:36022 -> 83.222.206.8:13566
Source: global trafficTCP traffic: 192.168.2.23:36996 -> 83.222.163.195:13566
Source: global trafficTCP traffic: 192.168.2.23:48536 -> 83.222.69.29:13566
Source: global trafficTCP traffic: 192.168.2.23:53818 -> 83.222.199.151:13566
Source: global trafficTCP traffic: 192.168.2.23:49040 -> 83.222.112.184:13566
Source: global trafficTCP traffic: 192.168.2.23:49630 -> 83.222.171.53:13566
Source: global trafficTCP traffic: 192.168.2.23:47014 -> 83.222.149.134:13566
Source: global trafficTCP traffic: 192.168.2.23:52028 -> 83.222.253.144:13566
Source: global trafficTCP traffic: 192.168.2.23:54016 -> 83.222.240.49:13566
Source: global trafficTCP traffic: 192.168.2.23:58248 -> 83.222.180.159:13566
Source: global trafficTCP traffic: 192.168.2.23:39632 -> 83.222.80.179:13566
Source: global trafficTCP traffic: 192.168.2.23:52934 -> 83.222.45.242:13566
Source: global trafficTCP traffic: 192.168.2.23:37852 -> 83.222.165.55:13566
Source: global trafficTCP traffic: 192.168.2.23:38578 -> 83.222.173.73:13566
Source: global trafficTCP traffic: 192.168.2.23:39060 -> 83.222.61.253:13566
Source: global trafficTCP traffic: 192.168.2.23:50816 -> 83.222.222.12:13566
Source: global trafficTCP traffic: 192.168.2.23:37168 -> 83.222.6.129:13566
Source: global trafficTCP traffic: 192.168.2.23:57616 -> 83.222.207.75:13566
Source: global trafficTCP traffic: 192.168.2.23:46602 -> 83.222.158.150:13566
Source: global trafficTCP traffic: 192.168.2.23:55848 -> 83.222.226.14:13566
Source: global trafficTCP traffic: 192.168.2.23:41186 -> 83.222.78.142:13566
Source: global trafficTCP traffic: 192.168.2.23:39742 -> 83.222.68.227:13566
Source: global trafficTCP traffic: 192.168.2.23:58198 -> 83.222.20.65:13566
Source: global trafficTCP traffic: 192.168.2.23:51724 -> 83.222.116.4:13566
Source: global trafficTCP traffic: 192.168.2.23:36030 -> 83.222.114.40:13566
Source: global trafficTCP traffic: 192.168.2.23:33484 -> 83.222.163.194:13566
Source: global trafficTCP traffic: 192.168.2.23:46334 -> 83.222.220.209:13566
Source: global trafficTCP traffic: 192.168.2.23:48646 -> 83.222.180.129:13566
Source: global trafficTCP traffic: 192.168.2.23:34484 -> 83.222.8.97:13566
Source: global trafficTCP traffic: 192.168.2.23:53500 -> 83.222.203.69:13566
Source: global trafficTCP traffic: 192.168.2.23:55874 -> 83.222.95.169:13566
Source: global trafficTCP traffic: 192.168.2.23:49306 -> 83.222.81.101:13566
Source: global trafficTCP traffic: 192.168.2.23:38758 -> 83.222.42.32:13566
Source: global trafficTCP traffic: 192.168.2.23:58324 -> 83.222.176.201:13566
Source: global trafficTCP traffic: 192.168.2.23:49234 -> 83.222.183.146:13566
Source: global trafficTCP traffic: 192.168.2.23:51476 -> 83.222.215.5:13566
Source: global trafficTCP traffic: 192.168.2.23:52508 -> 83.222.32.27:13566
Source: global trafficTCP traffic: 192.168.2.23:60404 -> 83.222.233.53:13566
Source: global trafficTCP traffic: 192.168.2.23:42506 -> 83.222.92.93:13566
Source: global trafficTCP traffic: 192.168.2.23:56520 -> 83.222.57.206:13566
Source: global trafficTCP traffic: 192.168.2.23:55628 -> 83.222.133.221:13566
Source: global trafficTCP traffic: 192.168.2.23:43072 -> 83.222.144.97:13566
Source: global trafficTCP traffic: 192.168.2.23:36576 -> 83.222.174.68:13566
Source: global trafficTCP traffic: 192.168.2.23:54438 -> 83.222.227.182:13566
Source: global trafficTCP traffic: 192.168.2.23:37320 -> 83.222.166.174:13566
Source: global trafficTCP traffic: 192.168.2.23:58710 -> 83.222.251.5:13566
Source: global trafficTCP traffic: 192.168.2.23:42666 -> 83.222.191.90:13566
Source: /tmp/Kloki.arm4.elf (PID: 6269)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.23:42666
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.251.105
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.251.105
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.52.36
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.52.36
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.52.36
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.52.36
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.175.31
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.255.142
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.175.31
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.255.142
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.255.142
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.255.142
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.162.242
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.9.187
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.164.6
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.162.242
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.9.187
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.80.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.164.6
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.206.8
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.80.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.163.195
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.206.8
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.29
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.163.195
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.199.151
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.29
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.112.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.199.151
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.171.53
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.112.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.149.134
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.171.53
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.253.144
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.149.134
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.240.49
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.180.159
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.253.144
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.240.49
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.180.159
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.80.179
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.45.242
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.165.55
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.80.179
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.45.242
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.165.55
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.173.73
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.173.73
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.173.73
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.61.253
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39258
Source: unknownNetwork traffic detected: HTTP traffic on port 39258 -> 443

System Summary

barindex
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1532, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 2302, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 4331, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6250, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6297, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6299, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6301, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6302, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6306, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffinitsystemctltelinitcatgrepshashbashzshcshkshdashfish
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1532, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1622, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1633, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 1983, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 2146, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 2302, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 4331, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6250, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6297, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6299, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6301, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6302, result: successfulJump to behavior
Source: /tmp/Kloki.arm4.elf (PID: 6275)SIGKILL sent: pid: 6306, result: successfulJump to behavior
Source: classification engineClassification label: mal60.spre.linELF@0/0@1/0
Source: /tmp/Kloki.arm4.elf (PID: 6269)Queries kernel information via 'uname': Jump to behavior
Source: Kloki.arm4.elf, 6269.1.00007ffdcfc93000.00007ffdcfcb4000.rw-.sdmp, Kloki.arm4.elf, 6271.1.00007ffdcfc93000.00007ffdcfcb4000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/Kloki.arm4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.arm4.elf
Source: Kloki.arm4.elf, 6269.1.000055d29601d000.000055d296192000.rw-.sdmp, Kloki.arm4.elf, 6271.1.000055d29601d000.000055d29614b000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: Kloki.arm4.elf, 6269.1.000055d29601d000.000055d296192000.rw-.sdmp, Kloki.arm4.elf, 6271.1.000055d29601d000.000055d29614b000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: Kloki.arm4.elf, 6269.1.00007ffdcfc93000.00007ffdcfcb4000.rw-.sdmp, Kloki.arm4.elf, 6271.1.00007ffdcfc93000.00007ffdcfcb4000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid AccountsWindows Management Instrumentation1
Scripting
Path InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol
Traffic DuplicationData Destruction
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1594506 Sample: Kloki.arm4.elf Startdate: 19/01/2025 Architecture: LINUX Score: 60 23 83.222.162.242, 13566, 47886 WAVENETLB Bulgaria 2->23 25 83.222.163.194, 13566, 33484 WAVENETLB Bulgaria 2->25 27 56 other IPs or domains 2->27 29 Antivirus / Scanner detection for submitted sample 2->29 31 Multi AV Scanner detection for submitted file 2->31 8 Kloki.arm4.elf 2->8         started        10 gnome-session-binary sh gsd-sharing 2->10         started        12 gnome-session-binary sh gsd-print-notifications 2->12         started        14 4 other processes 2->14 signatures3 process4 process5 16 Kloki.arm4.elf 8->16         started        18 Kloki.arm4.elf 8->18         started        process6 20 Kloki.arm4.elf 16->20         started        signatures7 33 Sample tries to kill multiple processes (SIGKILL) 20->33
SourceDetectionScannerLabelLink
Kloki.arm4.elf38%VirustotalBrowse
Kloki.arm4.elf100%AviraEXP/ELF.Mirai.W
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    83.222.171.53
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.20.65
    unknownRussian Federation
    25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.166.174
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.226.14
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.78.142
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.149.134
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.165.55
    unknownBulgaria
    31037WAVENETLBfalse
    83.222.206.8
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.180.159
    unknownBulgaria
    205872EXTRANET-ASBGfalse
    83.222.116.4
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.173.73
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.68.227
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    91.189.91.42
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse
    83.222.251.5
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.163.194
    unknownBulgaria
    31037WAVENETLBfalse
    83.222.163.195
    unknownBulgaria
    31037WAVENETLBfalse
    83.222.69.29
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.233.53
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.203.69
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.9.187
    unknownRussian Federation
    25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.6.129
    unknownRussian Federation
    25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.220.209
    unknownRussian Federation
    25159SONICDUO-ASRUfalse
    83.222.215.5
    unknownRussian Federation
    25159SONICDUO-ASRUfalse
    83.222.255.142
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.199.151
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.164.6
    unknownBulgaria
    31037WAVENETLBfalse
    83.222.80.148
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.222.12
    unknownRussian Federation
    25159SONICDUO-ASRUfalse
    83.222.133.221
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.81.101
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.174.68
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.42.32
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.227.182
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.112.184
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.207.75
    unknownRussian Federation
    6854SYNTERRA-ASRUfalse
    83.222.92.93
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.95.169
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.253.144
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.52.36
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.144.97
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.61.253
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.158.150
    unknownSwitzerland
    31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.80.179
    unknownRussian Federation
    16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    34.249.145.219
    unknownUnited States
    16509AMAZON-02USfalse
    83.222.32.27
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.175.31
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.45.242
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.183.146
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.191.90
    secure-network-rebirthltd.ruBulgaria
    43561NET1-ASBGfalse
    109.202.202.202
    unknownSwitzerland
    13030INIT7CHfalse
    83.222.162.242
    unknownBulgaria
    31037WAVENETLBfalse
    83.222.240.49
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.251.105
    unknownUnited Kingdom
    13768COGECO-PEER1CAfalse
    83.222.8.97
    unknownRussian Federation
    25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.114.40
    unknownRussian Federation
    42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.57.206
    unknownLuxembourg
    8632LOL-ASluLUfalse
    83.222.176.201
    unknownBulgaria
    12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.180.129
    unknownBulgaria
    205872EXTRANET-ASBGfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    83.222.199.151Kloki.spc.elfGet hashmaliciousUnknownBrowse
      91.189.91.42Kloki.arm6.elfGet hashmaliciousUnknownBrowse
        loki.x86.elfGet hashmaliciousUnknownBrowse
          Kloki.mips.elfGet hashmaliciousUnknownBrowse
            loki.arm7.elfGet hashmaliciousMiraiBrowse
              na.elfGet hashmaliciousPrometeiBrowse
                loki.arc.elfGet hashmaliciousUnknownBrowse
                  Kloki.arm5.elfGet hashmaliciousUnknownBrowse
                    Kloki.arm7.elfGet hashmaliciousMiraiBrowse
                      arm7.elfGet hashmaliciousUnknownBrowse
                        ppc.elfGet hashmaliciousUnknownBrowse
                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          secure-network-rebirthltd.ruKloki.m68k.elfGet hashmaliciousUnknownBrowse
                          • 83.222.191.90
                          Kloki.i686.elfGet hashmaliciousUnknownBrowse
                          • 83.222.191.90
                          loki.x86.elfGet hashmaliciousUnknownBrowse
                          • 83.222.191.90
                          Kloki.mips.elfGet hashmaliciousUnknownBrowse
                          • 83.222.191.90
                          loki.mips.elfGet hashmaliciousUnknownBrowse
                          • 83.222.191.90
                          Kloki.sh4.elfGet hashmaliciousUnknownBrowse
                          • 83.222.191.90
                          loki.arm7.elfGet hashmaliciousMiraiBrowse
                          • 83.222.191.90
                          Kloki.i486.elfGet hashmaliciousUnknownBrowse
                          • 83.222.191.90
                          Kloki.ppc.elfGet hashmaliciousUnknownBrowse
                          • 83.222.191.90
                          loki.mpsl.elfGet hashmaliciousUnknownBrowse
                          • 83.222.191.90
                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          GCN-ASGCNAD-SofiaBulgariaBGKloki.m68k.elfGet hashmaliciousUnknownBrowse
                          • 83.222.176.96
                          Kloki.i686.elfGet hashmaliciousUnknownBrowse
                          • 83.222.177.55
                          loki.x86.elfGet hashmaliciousUnknownBrowse
                          • 83.222.177.55
                          Kloki.mips.elfGet hashmaliciousUnknownBrowse
                          • 83.222.174.216
                          loki.mips.elfGet hashmaliciousUnknownBrowse
                          • 83.222.175.167
                          Kloki.sh4.elfGet hashmaliciousUnknownBrowse
                          • 83.222.176.33
                          loki.arm7.elfGet hashmaliciousMiraiBrowse
                          • 83.222.177.157
                          Kloki.i486.elfGet hashmaliciousUnknownBrowse
                          • 83.222.173.11
                          Kloki.ppc.elfGet hashmaliciousUnknownBrowse
                          • 83.222.166.158
                          loki.mpsl.elfGet hashmaliciousUnknownBrowse
                          • 83.222.169.136
                          GCN-ASGCNAD-SofiaBulgariaBGKloki.m68k.elfGet hashmaliciousUnknownBrowse
                          • 83.222.176.96
                          Kloki.i686.elfGet hashmaliciousUnknownBrowse
                          • 83.222.177.55
                          loki.x86.elfGet hashmaliciousUnknownBrowse
                          • 83.222.177.55
                          Kloki.mips.elfGet hashmaliciousUnknownBrowse
                          • 83.222.174.216
                          loki.mips.elfGet hashmaliciousUnknownBrowse
                          • 83.222.175.167
                          Kloki.sh4.elfGet hashmaliciousUnknownBrowse
                          • 83.222.176.33
                          loki.arm7.elfGet hashmaliciousMiraiBrowse
                          • 83.222.177.157
                          Kloki.i486.elfGet hashmaliciousUnknownBrowse
                          • 83.222.173.11
                          Kloki.ppc.elfGet hashmaliciousUnknownBrowse
                          • 83.222.166.158
                          loki.mpsl.elfGet hashmaliciousUnknownBrowse
                          • 83.222.169.136
                          MASTERHOST-ASMoscowRussiaRUKloki.m68k.elfGet hashmaliciousUnknownBrowse
                          • 83.222.20.238
                          Kloki.i686.elfGet hashmaliciousUnknownBrowse
                          • 83.222.23.89
                          loki.x86.elfGet hashmaliciousUnknownBrowse
                          • 83.222.23.89
                          Kloki.mips.elfGet hashmaliciousUnknownBrowse
                          • 83.222.31.69
                          loki.mips.elfGet hashmaliciousUnknownBrowse
                          • 83.222.9.65
                          Kloki.sh4.elfGet hashmaliciousUnknownBrowse
                          • 83.222.28.56
                          loki.arm7.elfGet hashmaliciousMiraiBrowse
                          • 83.222.9.29
                          Kloki.i486.elfGet hashmaliciousUnknownBrowse
                          • 83.222.15.96
                          Kloki.ppc.elfGet hashmaliciousUnknownBrowse
                          • 83.222.17.204
                          loki.mpsl.elfGet hashmaliciousUnknownBrowse
                          • 83.222.5.145
                          No context
                          No context
                          No created / dropped files found
                          File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                          Entropy (8bit):6.058865395639803
                          TrID:
                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                          File name:Kloki.arm4.elf
                          File size:66'908 bytes
                          MD5:cdb33d02d278650cf9471987e8381ed1
                          SHA1:c9c031a687931d46bf7f826ada46708a85b8656c
                          SHA256:81fa7637ba78c674c4742411f3aece085bb8b3452a9b9ac8fcbd4d86472b333e
                          SHA512:7cd136a23fb25da336564fc73b96d2c0f3b50dbbb70d779cb57d57fbf76ab00602e13b1240e823e6f4162392b09be615c02573b7c539444035aeb925f39c511f
                          SSDEEP:1536:4oW+Gx/9AHr6IfuW3WS7YdL/QzyEwSK8vnL:pW+GFIfn3F7YdkDwinL
                          TLSH:57632981BD815A17C6D412BBFB6E428C372723A8D2DB7217DD226F11378A92F0D77642
                          File Content Preview:.ELF...a..........(.........4...........4. ...(..........................................................5..........Q.td..................................-...L."...b:..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                          ELF header

                          Class:ELF32
                          Data:2's complement, little endian
                          Version:1 (current)
                          Machine:ARM
                          Version Number:0x1
                          Type:EXEC (Executable file)
                          OS/ABI:ARM - ABI
                          ABI Version:0
                          Entry Point Address:0x8190
                          Flags:0x202
                          ELF Header Size:52
                          Program Header Offset:52
                          Program Header Size:32
                          Number of Program Headers:3
                          Section Header Offset:66508
                          Section Header Size:40
                          Number of Section Headers:10
                          Header String Table Index:9
                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                          NULL0x00x00x00x00x0000
                          .initPROGBITS0x80940x940x180x00x6AX004
                          .textPROGBITS0x80b00xb00xe9c00x00x6AX0016
                          .finiPROGBITS0x16a700xea700x140x00x6AX004
                          .rodataPROGBITS0x16a840xea840x13200x00x2A004
                          .ctorsPROGBITS0x180000x100000x80x00x3WA004
                          .dtorsPROGBITS0x180080x100080x80x00x3WA004
                          .dataPROGBITS0x180140x100140x3780x00x3WA004
                          .bssNOBITS0x1838c0x1038c0x31740x00x3WA004
                          .shstrtabSTRTAB0x00x1038c0x3e0x00x0001
                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                          LOAD0x00x80000x80000xfda40xfda46.12330x5R E0x8000.init .text .fini .rodata
                          LOAD0x100000x180000x180000x38c0x35002.80040x6RW 0x8000.ctors .dtors .data .bss
                          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                          Download Network PCAP: filteredfull

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2025-01-19T03:52:25.208492+01002500034ET COMPROMISED Known Compromised or Hostile Host Traffic group 18283.222.191.9013566192.168.2.2342666TCP
                          • Total Packets: 136
                          • 13566 undefined
                          • 443 (HTTPS)
                          • 80 (HTTP)
                          • 53 (DNS)
                          TimestampSource PortDest PortSource IPDest IP
                          Jan 19, 2025 03:52:24.872473955 CET5179213566192.168.2.2383.222.251.105
                          Jan 19, 2025 03:52:24.877542973 CET135665179283.222.251.105192.168.2.23
                          Jan 19, 2025 03:52:24.877618074 CET5179213566192.168.2.2383.222.251.105
                          Jan 19, 2025 03:52:24.877837896 CET4194213566192.168.2.2383.222.52.36
                          Jan 19, 2025 03:52:24.882673979 CET135664194283.222.52.36192.168.2.23
                          Jan 19, 2025 03:52:24.882725954 CET4194213566192.168.2.2383.222.52.36
                          Jan 19, 2025 03:52:24.886008024 CET4194213566192.168.2.2383.222.52.36
                          Jan 19, 2025 03:52:24.890846014 CET135664194283.222.52.36192.168.2.23
                          Jan 19, 2025 03:52:24.891000032 CET4194213566192.168.2.2383.222.52.36
                          Jan 19, 2025 03:52:24.904104948 CET5681413566192.168.2.2383.222.175.31
                          Jan 19, 2025 03:52:24.907350063 CET4779413566192.168.2.2383.222.255.142
                          Jan 19, 2025 03:52:24.908962011 CET135665681483.222.175.31192.168.2.23
                          Jan 19, 2025 03:52:24.909012079 CET5681413566192.168.2.2383.222.175.31
                          Jan 19, 2025 03:52:24.912256002 CET135664779483.222.255.142192.168.2.23
                          Jan 19, 2025 03:52:24.912339926 CET4779413566192.168.2.2383.222.255.142
                          Jan 19, 2025 03:52:24.922178984 CET4779413566192.168.2.2383.222.255.142
                          Jan 19, 2025 03:52:24.927011013 CET135664779483.222.255.142192.168.2.23
                          Jan 19, 2025 03:52:24.927025080 CET135664779483.222.255.142192.168.2.23
                          Jan 19, 2025 03:52:24.927066088 CET4779413566192.168.2.2383.222.255.142
                          Jan 19, 2025 03:52:24.948527098 CET4788613566192.168.2.2383.222.162.242
                          Jan 19, 2025 03:52:24.950326920 CET4210013566192.168.2.2383.222.9.187
                          Jan 19, 2025 03:52:24.952213049 CET5390013566192.168.2.2383.222.164.6
                          Jan 19, 2025 03:52:24.953437090 CET135664788683.222.162.242192.168.2.23
                          Jan 19, 2025 03:52:24.953496933 CET4788613566192.168.2.2383.222.162.242
                          Jan 19, 2025 03:52:24.955208063 CET135664210083.222.9.187192.168.2.23
                          Jan 19, 2025 03:52:24.955260992 CET4210013566192.168.2.2383.222.9.187
                          Jan 19, 2025 03:52:24.955837011 CET4109613566192.168.2.2383.222.80.148
                          Jan 19, 2025 03:52:24.957076073 CET135665390083.222.164.6192.168.2.23
                          Jan 19, 2025 03:52:24.957128048 CET5390013566192.168.2.2383.222.164.6
                          Jan 19, 2025 03:52:24.959120989 CET3602213566192.168.2.2383.222.206.8
                          Jan 19, 2025 03:52:24.960822105 CET135664109683.222.80.148192.168.2.23
                          Jan 19, 2025 03:52:24.960891008 CET4109613566192.168.2.2383.222.80.148
                          Jan 19, 2025 03:52:24.962544918 CET3699613566192.168.2.2383.222.163.195
                          Jan 19, 2025 03:52:24.964000940 CET135663602283.222.206.8192.168.2.23
                          Jan 19, 2025 03:52:24.964055061 CET3602213566192.168.2.2383.222.206.8
                          Jan 19, 2025 03:52:24.965857029 CET4853613566192.168.2.2383.222.69.29
                          Jan 19, 2025 03:52:24.967407942 CET135663699683.222.163.195192.168.2.23
                          Jan 19, 2025 03:52:24.967463017 CET3699613566192.168.2.2383.222.163.195
                          Jan 19, 2025 03:52:24.969419956 CET5381813566192.168.2.2383.222.199.151
                          Jan 19, 2025 03:52:24.970741987 CET135664853683.222.69.29192.168.2.23
                          Jan 19, 2025 03:52:24.970791101 CET4853613566192.168.2.2383.222.69.29
                          Jan 19, 2025 03:52:24.972165108 CET4904013566192.168.2.2383.222.112.184
                          Jan 19, 2025 03:52:24.974307060 CET135665381883.222.199.151192.168.2.23
                          Jan 19, 2025 03:52:24.974361897 CET5381813566192.168.2.2383.222.199.151
                          Jan 19, 2025 03:52:24.976465940 CET4963013566192.168.2.2383.222.171.53
                          Jan 19, 2025 03:52:24.977154016 CET135664904083.222.112.184192.168.2.23
                          Jan 19, 2025 03:52:24.977202892 CET4904013566192.168.2.2383.222.112.184
                          Jan 19, 2025 03:52:24.980680943 CET4701413566192.168.2.2383.222.149.134
                          Jan 19, 2025 03:52:24.981283903 CET135664963083.222.171.53192.168.2.23
                          Jan 19, 2025 03:52:24.981336117 CET4963013566192.168.2.2383.222.171.53
                          Jan 19, 2025 03:52:24.983352900 CET5202813566192.168.2.2383.222.253.144
                          Jan 19, 2025 03:52:24.985532999 CET135664701483.222.149.134192.168.2.23
                          Jan 19, 2025 03:52:24.985589981 CET4701413566192.168.2.2383.222.149.134
                          Jan 19, 2025 03:52:24.985773087 CET5401613566192.168.2.2383.222.240.49
                          Jan 19, 2025 03:52:24.987670898 CET5824813566192.168.2.2383.222.180.159
                          Jan 19, 2025 03:52:24.988219976 CET135665202883.222.253.144192.168.2.23
                          Jan 19, 2025 03:52:24.988274097 CET5202813566192.168.2.2383.222.253.144
                          Jan 19, 2025 03:52:24.990603924 CET135665401683.222.240.49192.168.2.23
                          Jan 19, 2025 03:52:24.990674019 CET5401613566192.168.2.2383.222.240.49
                          Jan 19, 2025 03:52:24.992676020 CET135665824883.222.180.159192.168.2.23
                          Jan 19, 2025 03:52:24.992734909 CET5824813566192.168.2.2383.222.180.159
                          Jan 19, 2025 03:52:24.993937969 CET3963213566192.168.2.2383.222.80.179
                          Jan 19, 2025 03:52:24.995594025 CET5293413566192.168.2.2383.222.45.242
                          Jan 19, 2025 03:52:24.996824026 CET3785213566192.168.2.2383.222.165.55
                          Jan 19, 2025 03:52:24.998838902 CET135663963283.222.80.179192.168.2.23
                          Jan 19, 2025 03:52:24.998953104 CET3963213566192.168.2.2383.222.80.179
                          Jan 19, 2025 03:52:25.000466108 CET135665293483.222.45.242192.168.2.23
                          Jan 19, 2025 03:52:25.000574112 CET5293413566192.168.2.2383.222.45.242
                          Jan 19, 2025 03:52:25.001679897 CET135663785283.222.165.55192.168.2.23
                          Jan 19, 2025 03:52:25.001766920 CET3785213566192.168.2.2383.222.165.55
                          Jan 19, 2025 03:52:25.004606009 CET3857813566192.168.2.2383.222.173.73
                          Jan 19, 2025 03:52:25.009834051 CET135663857883.222.173.73192.168.2.23
                          Jan 19, 2025 03:52:25.009897947 CET3857813566192.168.2.2383.222.173.73
                          Jan 19, 2025 03:52:25.014877081 CET3857813566192.168.2.2383.222.173.73
                          Jan 19, 2025 03:52:25.015252113 CET3906013566192.168.2.2383.222.61.253
                          Jan 19, 2025 03:52:25.016130924 CET5081613566192.168.2.2383.222.222.12
                          Jan 19, 2025 03:52:25.019762993 CET135663857883.222.173.73192.168.2.23
                          Jan 19, 2025 03:52:25.019823074 CET3857813566192.168.2.2383.222.173.73
                          Jan 19, 2025 03:52:25.020061970 CET135663906083.222.61.253192.168.2.23
                          Jan 19, 2025 03:52:25.020139933 CET3906013566192.168.2.2383.222.61.253
                          Jan 19, 2025 03:52:25.020994902 CET135665081683.222.222.12192.168.2.23
                          Jan 19, 2025 03:52:25.021044970 CET5081613566192.168.2.2383.222.222.12
                          Jan 19, 2025 03:52:25.032804012 CET3716813566192.168.2.2383.222.6.129
                          Jan 19, 2025 03:52:25.033679008 CET5761613566192.168.2.2383.222.207.75
                          Jan 19, 2025 03:52:25.034744024 CET4660213566192.168.2.2383.222.158.150
                          Jan 19, 2025 03:52:25.035636902 CET5584813566192.168.2.2383.222.226.14
                          Jan 19, 2025 03:52:25.036642075 CET4118613566192.168.2.2383.222.78.142
                          Jan 19, 2025 03:52:25.037655115 CET135663716883.222.6.129192.168.2.23
                          Jan 19, 2025 03:52:25.037714005 CET3716813566192.168.2.2383.222.6.129
                          Jan 19, 2025 03:52:25.037946939 CET3974213566192.168.2.2383.222.68.227
                          Jan 19, 2025 03:52:25.038588047 CET135665761683.222.207.75192.168.2.23
                          Jan 19, 2025 03:52:25.038640976 CET5761613566192.168.2.2383.222.207.75
                          Jan 19, 2025 03:52:25.039602041 CET135664660283.222.158.150192.168.2.23
                          Jan 19, 2025 03:52:25.039654970 CET4660213566192.168.2.2383.222.158.150
                          Jan 19, 2025 03:52:25.039938927 CET5819813566192.168.2.2383.222.20.65
                          Jan 19, 2025 03:52:25.040489912 CET135665584883.222.226.14192.168.2.23
                          Jan 19, 2025 03:52:25.040546894 CET5584813566192.168.2.2383.222.226.14
                          Jan 19, 2025 03:52:25.042479038 CET135664118683.222.78.142192.168.2.23
                          Jan 19, 2025 03:52:25.042612076 CET4118613566192.168.2.2383.222.78.142
                          Jan 19, 2025 03:52:25.043443918 CET135663974283.222.68.227192.168.2.23
                          Jan 19, 2025 03:52:25.043500900 CET3974213566192.168.2.2383.222.68.227
                          Jan 19, 2025 03:52:25.044719934 CET135665819883.222.20.65192.168.2.23
                          Jan 19, 2025 03:52:25.044806004 CET5819813566192.168.2.2383.222.20.65
                          Jan 19, 2025 03:52:25.044836998 CET5819813566192.168.2.2383.222.20.65
                          Jan 19, 2025 03:52:25.045377970 CET5172413566192.168.2.2383.222.116.4
                          Jan 19, 2025 03:52:25.047287941 CET3603013566192.168.2.2383.222.114.40
                          Jan 19, 2025 03:52:25.049860001 CET135665819883.222.20.65192.168.2.23
                          Jan 19, 2025 03:52:25.049916983 CET5819813566192.168.2.2383.222.20.65
                          Jan 19, 2025 03:52:25.050255060 CET135665172483.222.116.4192.168.2.23
                          Jan 19, 2025 03:52:25.050379038 CET5172413566192.168.2.2383.222.116.4
                          Jan 19, 2025 03:52:25.052167892 CET135663603083.222.114.40192.168.2.23
                          Jan 19, 2025 03:52:25.052232027 CET3603013566192.168.2.2383.222.114.40
                          Jan 19, 2025 03:52:25.076719999 CET3348413566192.168.2.2383.222.163.194
                          Jan 19, 2025 03:52:25.081656933 CET135663348483.222.163.194192.168.2.23
                          Jan 19, 2025 03:52:25.081731081 CET3348413566192.168.2.2383.222.163.194
                          Jan 19, 2025 03:52:25.085426092 CET4633413566192.168.2.2383.222.220.209
                          Jan 19, 2025 03:52:25.090270042 CET135664633483.222.220.209192.168.2.23
                          Jan 19, 2025 03:52:25.090326071 CET4633413566192.168.2.2383.222.220.209
                          Jan 19, 2025 03:52:25.090682983 CET4633413566192.168.2.2383.222.220.209
                          Jan 19, 2025 03:52:25.092812061 CET4864613566192.168.2.2383.222.180.129
                          Jan 19, 2025 03:52:25.093123913 CET39258443192.168.2.2334.249.145.219
                          Jan 19, 2025 03:52:25.095555067 CET135664633483.222.220.209192.168.2.23
                          Jan 19, 2025 03:52:25.095616102 CET4633413566192.168.2.2383.222.220.209
                          Jan 19, 2025 03:52:25.097728968 CET135664864683.222.180.129192.168.2.23
                          Jan 19, 2025 03:52:25.097800970 CET4864613566192.168.2.2383.222.180.129
                          Jan 19, 2025 03:52:25.110728979 CET4864613566192.168.2.2383.222.180.129
                          Jan 19, 2025 03:52:25.115633965 CET135664864683.222.180.129192.168.2.23
                          Jan 19, 2025 03:52:25.115708113 CET4864613566192.168.2.2383.222.180.129
                          Jan 19, 2025 03:52:25.130090952 CET3448413566192.168.2.2383.222.8.97
                          Jan 19, 2025 03:52:25.133135080 CET5350013566192.168.2.2383.222.203.69
                          Jan 19, 2025 03:52:25.135071039 CET135663448483.222.8.97192.168.2.23
                          Jan 19, 2025 03:52:25.135139942 CET3448413566192.168.2.2383.222.8.97
                          Jan 19, 2025 03:52:25.138011932 CET135665350083.222.203.69192.168.2.23
                          Jan 19, 2025 03:52:25.138070107 CET5350013566192.168.2.2383.222.203.69
                          Jan 19, 2025 03:52:25.138967991 CET4433925834.249.145.219192.168.2.23
                          Jan 19, 2025 03:52:25.142231941 CET5587413566192.168.2.2383.222.95.169
                          Jan 19, 2025 03:52:25.145289898 CET4930613566192.168.2.2383.222.81.101
                          Jan 19, 2025 03:52:25.147084951 CET135665587483.222.95.169192.168.2.23
                          Jan 19, 2025 03:52:25.147134066 CET5587413566192.168.2.2383.222.95.169
                          Jan 19, 2025 03:52:25.147329092 CET3875813566192.168.2.2383.222.42.32
                          Jan 19, 2025 03:52:25.149277925 CET5832413566192.168.2.2383.222.176.201
                          Jan 19, 2025 03:52:25.150109053 CET135664930683.222.81.101192.168.2.23
                          Jan 19, 2025 03:52:25.150152922 CET4930613566192.168.2.2383.222.81.101
                          Jan 19, 2025 03:52:25.151361942 CET4923413566192.168.2.2383.222.183.146
                          Jan 19, 2025 03:52:25.152211905 CET135663875883.222.42.32192.168.2.23
                          Jan 19, 2025 03:52:25.152262926 CET3875813566192.168.2.2383.222.42.32
                          Jan 19, 2025 03:52:25.153505087 CET5147613566192.168.2.2383.222.215.5
                          Jan 19, 2025 03:52:25.154180050 CET135665832483.222.176.201192.168.2.23
                          Jan 19, 2025 03:52:25.154221058 CET5832413566192.168.2.2383.222.176.201
                          Jan 19, 2025 03:52:25.155220032 CET5250813566192.168.2.2383.222.32.27
                          Jan 19, 2025 03:52:25.156255007 CET135664923483.222.183.146192.168.2.23
                          Jan 19, 2025 03:52:25.156315088 CET4923413566192.168.2.2383.222.183.146
                          Jan 19, 2025 03:52:25.156992912 CET6040413566192.168.2.2383.222.233.53
                          Jan 19, 2025 03:52:25.158318043 CET135665147683.222.215.5192.168.2.23
                          Jan 19, 2025 03:52:25.158365965 CET5147613566192.168.2.2383.222.215.5
                          Jan 19, 2025 03:52:25.160010099 CET135665250883.222.32.27192.168.2.23
                          Jan 19, 2025 03:52:25.160067081 CET5250813566192.168.2.2383.222.32.27
                          Jan 19, 2025 03:52:25.161784887 CET135666040483.222.233.53192.168.2.23
                          Jan 19, 2025 03:52:25.161842108 CET6040413566192.168.2.2383.222.233.53
                          Jan 19, 2025 03:52:25.162614107 CET4250613566192.168.2.2383.222.92.93
                          Jan 19, 2025 03:52:25.164938927 CET5652013566192.168.2.2383.222.57.206
                          Jan 19, 2025 03:52:25.167512894 CET135664250683.222.92.93192.168.2.23
                          Jan 19, 2025 03:52:25.167572021 CET4250613566192.168.2.2383.222.92.93
                          Jan 19, 2025 03:52:25.169743061 CET135665652083.222.57.206192.168.2.23
                          Jan 19, 2025 03:52:25.169792891 CET5652013566192.168.2.2383.222.57.206
                          Jan 19, 2025 03:52:25.171066999 CET5562813566192.168.2.2383.222.133.221
                          Jan 19, 2025 03:52:25.175962925 CET135665562883.222.133.221192.168.2.23
                          Jan 19, 2025 03:52:25.176024914 CET5562813566192.168.2.2383.222.133.221
                          Jan 19, 2025 03:52:25.176373959 CET4307213566192.168.2.2383.222.144.97
                          Jan 19, 2025 03:52:25.178447962 CET3657613566192.168.2.2383.222.174.68
                          Jan 19, 2025 03:52:25.181197882 CET135664307283.222.144.97192.168.2.23
                          Jan 19, 2025 03:52:25.181215048 CET5443813566192.168.2.2383.222.227.182
                          Jan 19, 2025 03:52:25.181248903 CET4307213566192.168.2.2383.222.144.97
                          Jan 19, 2025 03:52:25.183296919 CET135663657683.222.174.68192.168.2.23
                          Jan 19, 2025 03:52:25.183342934 CET3657613566192.168.2.2383.222.174.68
                          Jan 19, 2025 03:52:25.183703899 CET3732013566192.168.2.2383.222.166.174
                          Jan 19, 2025 03:52:25.185789108 CET5871013566192.168.2.2383.222.251.5
                          Jan 19, 2025 03:52:25.186075926 CET135665443883.222.227.182192.168.2.23
                          Jan 19, 2025 03:52:25.186125994 CET5443813566192.168.2.2383.222.227.182
                          Jan 19, 2025 03:52:25.188524961 CET135663732083.222.166.174192.168.2.23
                          Jan 19, 2025 03:52:25.188575983 CET3732013566192.168.2.2383.222.166.174
                          Jan 19, 2025 03:52:25.190644979 CET135665871083.222.251.5192.168.2.23
                          Jan 19, 2025 03:52:25.190706968 CET5871013566192.168.2.2383.222.251.5
                          Jan 19, 2025 03:52:25.203547001 CET4266613566192.168.2.2383.222.191.90
                          Jan 19, 2025 03:52:25.208492041 CET135664266683.222.191.90192.168.2.23
                          Jan 19, 2025 03:52:25.208563089 CET4266613566192.168.2.2383.222.191.90
                          Jan 19, 2025 03:52:25.214273930 CET4266613566192.168.2.2383.222.191.90
                          Jan 19, 2025 03:52:25.219173908 CET135664266683.222.191.90192.168.2.23
                          Jan 19, 2025 03:52:25.219228983 CET4266613566192.168.2.2383.222.191.90
                          Jan 19, 2025 03:52:25.224085093 CET135664266683.222.191.90192.168.2.23
                          Jan 19, 2025 03:52:35.222944975 CET4266613566192.168.2.2383.222.191.90
                          Jan 19, 2025 03:52:35.228728056 CET135664266683.222.191.90192.168.2.23
                          Jan 19, 2025 03:52:35.434390068 CET135664266683.222.191.90192.168.2.23
                          Jan 19, 2025 03:52:35.434568882 CET4266613566192.168.2.2383.222.191.90
                          Jan 19, 2025 03:52:35.809431076 CET135664266683.222.191.90192.168.2.23
                          Jan 19, 2025 03:52:35.809494972 CET4266613566192.168.2.2383.222.191.90
                          Jan 19, 2025 03:52:37.067358971 CET4433925834.249.145.219192.168.2.23
                          Jan 19, 2025 03:52:37.067528009 CET39258443192.168.2.2334.249.145.219
                          Jan 19, 2025 03:52:41.026026011 CET4251680192.168.2.23109.202.202.202
                          Jan 19, 2025 03:52:43.073879957 CET43928443192.168.2.2391.189.91.42
                          Jan 19, 2025 03:53:24.027992964 CET43928443192.168.2.2391.189.91.42
                          Jan 19, 2025 03:53:35.854701042 CET4266613566192.168.2.2383.222.191.90
                          Jan 19, 2025 03:53:35.861358881 CET135664266683.222.191.90192.168.2.23
                          Jan 19, 2025 03:53:36.053762913 CET135664266683.222.191.90192.168.2.23
                          Jan 19, 2025 03:53:36.054265976 CET4266613566192.168.2.2383.222.191.90
                          Jan 19, 2025 03:53:36.809412003 CET135664266683.222.191.90192.168.2.23
                          Jan 19, 2025 03:53:36.809848070 CET4266613566192.168.2.2383.222.191.90
                          TimestampSource PortDest PortSource IPDest IP
                          Jan 19, 2025 03:52:25.191862106 CET5028753192.168.2.238.8.8.8
                          Jan 19, 2025 03:52:25.201950073 CET53502878.8.8.8192.168.2.23
                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Jan 19, 2025 03:52:25.191862106 CET192.168.2.238.8.8.80x82b2Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Jan 19, 2025 03:52:25.201950073 CET8.8.8.8192.168.2.230x82b2No error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

                          System Behavior

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/tmp/Kloki.arm4.elf
                          Arguments:/tmp/Kloki.arm4.elf
                          File size:4956856 bytes
                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/tmp/Kloki.arm4.elf
                          Arguments:-
                          File size:4956856 bytes
                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/tmp/Kloki.arm4.elf
                          Arguments:-
                          File size:4956856 bytes
                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/tmp/Kloki.arm4.elf
                          Arguments:-
                          File size:4956856 bytes
                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/usr/libexec/gnome-session-binary
                          Arguments:-
                          File size:334664 bytes
                          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/bin/sh
                          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                          File size:129816 bytes
                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/usr/libexec/gsd-sharing
                          Arguments:/usr/libexec/gsd-sharing
                          File size:35424 bytes
                          MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/usr/libexec/gnome-session-binary
                          Arguments:-
                          File size:334664 bytes
                          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/bin/sh
                          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
                          File size:129816 bytes
                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/usr/libexec/gnome-session-binary
                          Arguments:-
                          File size:334664 bytes
                          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/bin/sh
                          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                          File size:129816 bytes
                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/usr/libexec/gsd-print-notifications
                          Arguments:/usr/libexec/gsd-print-notifications
                          File size:51840 bytes
                          MD5 hash:71539698aa691718cee775d6b9450ae2

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/usr/libexec/gnome-session-binary
                          Arguments:-
                          File size:334664 bytes
                          MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                          Start time (UTC):02:52:24
                          Start date (UTC):19/01/2025
                          Path:/bin/sh
                          Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                          File size:129816 bytes
                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                          Start time (UTC):02:52:25
                          Start date (UTC):19/01/2025
                          Path:/usr/sbin/gdm3
                          Arguments:-
                          File size:453296 bytes
                          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                          Start time (UTC):02:52:25
                          Start date (UTC):19/01/2025
                          Path:/etc/gdm3/PrimeOff/Default
                          Arguments:/etc/gdm3/PrimeOff/Default
                          File size:129816 bytes
                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                          Start time (UTC):02:52:25
                          Start date (UTC):19/01/2025
                          Path:/usr/sbin/gdm3
                          Arguments:-
                          File size:453296 bytes
                          MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                          Start time (UTC):02:52:25
                          Start date (UTC):19/01/2025
                          Path:/etc/gdm3/PrimeOff/Default
                          Arguments:/etc/gdm3/PrimeOff/Default
                          File size:129816 bytes
                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c