Edit tour

Linux Analysis Report
arm5.elf

Overview

General Information

Sample name:	arm5.elf
Analysis ID:	1612192
MD5:	0746172beb9c7c13b72d7fb6b7f88fa7
SHA1:	2c49387ecd9267d929e37794e9de08689d113d35
SHA256:	38e4d384edc7fd7b875df3d6cf74f2a877ac03164ee35f3afc5869ca1e66b397
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	72
Range:	0 - 100

Signatures

Multi AV Scanner detection for submitted file

Yara detected Mirai

Sample tries to kill multiple processes (SIGKILL)

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Executes the "rm" command used to delete files or directories

Sample contains only a LOAD segment without any section mappings

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1612192
Start date and time:	2025-02-11 16:14:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	arm5.elf
Detection:	MAL
Classification:	mal72.spre.troj.linELF@0/0@31/0

Warnings

VT rate limit hit for: qittler.ru

Runtime Messages

Command:	/tmp/arm5.elf
PID:	6248
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	The Peoples Bank of China.
Standard Error:

Process Tree

system is lnxubuntu20

arm5.elf (PID: 6248, Parent: 6173, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm5.elf

arm5.elf New Fork (PID: 6250, Parent: 6248)

arm5.elf New Fork (PID: 6252, Parent: 6250)

arm5.elf New Fork (PID: 6254, Parent: 6250)

arm5.elf New Fork (PID: 6255, Parent: 6250)

gdm3 New Fork (PID: 6280, Parent: 1320)

Default (PID: 6280, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

xfce4-session New Fork (PID: 6281, Parent: 1900)

dash New Fork (PID: 6285, Parent: 4331)

rm (PID: 6285, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.mN01bNIyH2 /tmp/tmp.GUsQp5IN0q /tmp/tmp.xJzRNdQozn

gdm3 New Fork (PID: 6286, Parent: 1320)

Default (PID: 6286, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

dash New Fork (PID: 6287, Parent: 4331)

rm (PID: 6287, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.mN01bNIyH2 /tmp/tmp.GUsQp5IN0q /tmp/tmp.xJzRNdQozn

xfce4-session New Fork (PID: 6288, Parent: 1900)

xfce4-session New Fork (PID: 6289, Parent: 1900)

rm (PID: 6289, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51

xfce4-session New Fork (PID: 6290, Parent: 1900)

xfdesktop (PID: 6290, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542

xfce4-session New Fork (PID: 6292, Parent: 1900)

xfce4-panel (PID: 6292, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec

xfce4-session New Fork (PID: 6294, Parent: 1900)

xfce4-session New Fork (PID: 6295, Parent: 1900)

xfce4-session New Fork (PID: 6296, Parent: 1900)

xfdesktop (PID: 6296, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542

xfce4-session New Fork (PID: 6298, Parent: 1900)

xfce4-panel (PID: 6298, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec

xfce4-session New Fork (PID: 6300, Parent: 1900)

xfwm4 (PID: 6300, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c

xfce4-session New Fork (PID: 6302, Parent: 1900)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6248.1.00007fb234017000.00007fb23402e000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6248.1.00007fb234017000.00007fb23402e000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6252.1.00007fb234017000.00007fb23402e000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6252.1.00007fb234017000.00007fb23402e000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Click to see the 1 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Stealing of Sensitive Information
• Remote Access Functionality

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: arm5.elf

ReversingLabs: Detection: 21%

Networking

Sends malformed DNS queries

Source: global traffic	DNS traffic detected: malformed DNS query: cats-master.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: cuttiecats.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: thekittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: kittlerer.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: polizei.su. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: kittlez.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: mykittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: qittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: newkittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: kittler.ru. [malformed]

Source: global traffic

TCP traffic: 192.168.2.23:41412 -> 185.93.89.106:34411

Source: /tmp/arm5.elf (PID: 6248)

Socket: 127.0.0.1:13301

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 26.92.169.207
Source: unknown	TCP traffic detected without corresponding DNS query: 144.211.26.246
Source: unknown	TCP traffic detected without corresponding DNS query: 26.92.169.207
Source: unknown	TCP traffic detected without corresponding DNS query: 202.166.24.248
Source: unknown	TCP traffic detected without corresponding DNS query: 144.211.26.246
Source: unknown	TCP traffic detected without corresponding DNS query: 105.60.187.57
Source: unknown	TCP traffic detected without corresponding DNS query: 202.166.24.248
Source: unknown	TCP traffic detected without corresponding DNS query: 79.46.216.70
Source: unknown	TCP traffic detected without corresponding DNS query: 53.60.160.42
Source: unknown	TCP traffic detected without corresponding DNS query: 117.16.6.227
Source: unknown	TCP traffic detected without corresponding DNS query: 43.150.191.9
Source: unknown	TCP traffic detected without corresponding DNS query: 79.46.216.70
Source: unknown	TCP traffic detected without corresponding DNS query: 117.16.6.227
Source: unknown	TCP traffic detected without corresponding DNS query: 105.60.187.57
Source: unknown	TCP traffic detected without corresponding DNS query: 53.60.160.42
Source: unknown	TCP traffic detected without corresponding DNS query: 43.150.191.9
Source: unknown	TCP traffic detected without corresponding DNS query: 98.140.33.160
Source: unknown	TCP traffic detected without corresponding DNS query: 16.167.81.62
Source: unknown	TCP traffic detected without corresponding DNS query: 98.140.33.160
Source: unknown	TCP traffic detected without corresponding DNS query: 167.62.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 16.167.81.62
Source: unknown	TCP traffic detected without corresponding DNS query: 170.42.244.206
Source: unknown	TCP traffic detected without corresponding DNS query: 167.62.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 208.72.26.71
Source: unknown	TCP traffic detected without corresponding DNS query: 170.42.244.206
Source: unknown	TCP traffic detected without corresponding DNS query: 99.30.153.50
Source: unknown	TCP traffic detected without corresponding DNS query: 208.72.26.71
Source: unknown	TCP traffic detected without corresponding DNS query: 99.30.153.50
Source: unknown	TCP traffic detected without corresponding DNS query: 16.16.209.147
Source: unknown	TCP traffic detected without corresponding DNS query: 16.16.209.147
Source: unknown	TCP traffic detected without corresponding DNS query: 218.3.233.6
Source: unknown	TCP traffic detected without corresponding DNS query: 218.3.233.6
Source: unknown	TCP traffic detected without corresponding DNS query: 5.151.128.199
Source: unknown	TCP traffic detected without corresponding DNS query: 126.72.67.98
Source: unknown	TCP traffic detected without corresponding DNS query: 5.151.128.199
Source: unknown	TCP traffic detected without corresponding DNS query: 126.72.67.98
Source: unknown	TCP traffic detected without corresponding DNS query: 61.242.211.222
Source: unknown	TCP traffic detected without corresponding DNS query: 61.242.211.222
Source: unknown	TCP traffic detected without corresponding DNS query: 6.87.201.42
Source: unknown	TCP traffic detected without corresponding DNS query: 6.87.201.42
Source: unknown	TCP traffic detected without corresponding DNS query: 144.243.56.90
Source: unknown	TCP traffic detected without corresponding DNS query: 144.243.56.90
Source: unknown	TCP traffic detected without corresponding DNS query: 94.169.42.205
Source: unknown	TCP traffic detected without corresponding DNS query: 94.169.42.205
Source: unknown	TCP traffic detected without corresponding DNS query: 126.233.193.89
Source: unknown	TCP traffic detected without corresponding DNS query: 126.233.193.89
Source: unknown	TCP traffic detected without corresponding DNS query: 161.160.34.37
Source: unknown	TCP traffic detected without corresponding DNS query: 130.196.164.188
Source: unknown	TCP traffic detected without corresponding DNS query: 161.160.34.37

Source: global traffic	DNS traffic detected: DNS query: kittlez.ru
Source: global traffic	DNS traffic detected: DNS query: qittler.ru
Source: global traffic	DNS traffic detected: DNS query: cats-master.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: cuttiecats.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: thekittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: kittlerer.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: polizei.su. [malformed]
Source: global traffic	DNS traffic detected: DNS query: kittlez.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: cats-master.ru
Source: global traffic	DNS traffic detected: DNS query: mykittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: cuttiecats.ru
Source: global traffic	DNS traffic detected: DNS query: qittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: newkittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: kittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: kittlerer.ru
Source: global traffic	DNS traffic detected: DNS query: gokittler.ru
Source: global traffic	DNS traffic detected: DNS query: mykittler.ru

Source: arm5.elf, 6248.1.00007fb234017000.00007fb23402e000.r-x.sdmp, arm5.elf, 6252.1.00007fb234017000.00007fb23402e000.r-x.sdmp, arm5.elf, 6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp	String found in binary or memory: http:///curl.sh
Source: arm5.elf, 6248.1.00007fb234017000.00007fb23402e000.r-x.sdmp, arm5.elf, 6252.1.00007fb234017000.00007fb23402e000.r-x.sdmp, arm5.elf, 6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp	String found in binary or memory: http:///wget.sh

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39256
Source: unknown	Network traffic detected: HTTP traffic on port 39256 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 904, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1475, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1877, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1900, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2028, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2050, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2062, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2063, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2069, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2074, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2123, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2126, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 4437, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6232, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6252, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6254, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6281, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6285, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6288, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6289, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6290, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6291, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6292, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6293, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6294, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6295, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6296, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6297, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6298, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6299, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6300, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6301, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6302, result: successful	Jump to behavior

Source: LOAD without section mappings

Program segment: 0x8000

Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 904, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1475, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1877, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1900, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2028, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2050, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2062, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2063, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2069, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2074, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2123, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 2126, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 4437, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6232, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6252, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6254, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6281, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6285, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6288, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6289, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6290, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6291, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6292, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6293, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6294, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6295, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6296, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6297, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6298, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6299, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6300, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6301, result: successful	Jump to behavior
Source: /tmp/arm5.elf (PID: 6255)	SIGKILL sent: pid: 6302, result: successful	Jump to behavior

Source: classification engine

Classification label: mal72.spre.troj.linELF@0/0@31/0

Source: /usr/bin/dash (PID: 6285)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.mN01bNIyH2 /tmp/tmp.GUsQp5IN0q /tmp/tmp.xJzRNdQozn	Jump to behavior
Source: /usr/bin/dash (PID: 6287)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.mN01bNIyH2 /tmp/tmp.GUsQp5IN0q /tmp/tmp.xJzRNdQozn	Jump to behavior
Source: /usr/bin/xfce4-session (PID: 6289)	Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51	Jump to behavior

Source: arm5.elf	Submission file: segment LOAD with 7.8945 entropy (max. 8.0)
Source: arm5.elf	Submission file: segment LOAD with 7.9708 entropy (max. 8.0)

Source: /tmp/arm5.elf (PID: 6248)

Queries kernel information via 'uname':

Jump to behavior

Source: arm5.elf, 6248.1.00007ffdddb2b000.00007ffdddb4c000.rw-.sdmp, arm5.elf, 6252.1.00007ffdddb2b000.00007ffdddb4c000.rw-.sdmp, arm5.elf, 6254.1.00007ffdddb2b000.00007ffdddb4c000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm5.elf
Source: arm5.elf, 6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp	Binary or memory string: vmware
Source: arm5.elf, 6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp	Binary or memory string: vmware123
Source: arm5.elf, 6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp	Binary or memory string: / nE7jA%5mmicrobusinessPASSWORDmeinsmcms500adslnadamgiraff666666zoomadslsuperadminIs@dminikwbalpineasantepuconexantaquariotinitsunamivertex25ektks123inflectionip20anicuscADMINpermitpldtadminonexantdvr2580222Win1doW$true5432112341234JVC3500/24sitecom46ironport88888888uClinuxvolition2800tslinuxsecurityatlantis888888nCwMnJVGagbaby00000000openelec1111111kont2004rpitc123123696969362729atc456hp.comcycl3R0cks!letacla000000nosoup4u11111111Gin51mvf3mg3500merlin99999999admin1anni201322222mlusrlogin3333333adminpldtbbsd-clientchangeme2support123aerohiveadmin00vmware123utstartl789l3tm31nseiko2005tivonpw,ba23422222222admintrupt1789admdarkcusadminhighspeedascendMenarasysAdmin33333oracleanicust3333wbox123attackAscendAitbISP4eCiGadmin@mymifi2222222dPZb4GJTu9ROOMeins1988321piloucomcastsetupZmqVfoSIP333333michelangeloCOadmin123Zntslqblendervt100admin_1pfsensehellotest1my_DEMARCjvswitchezdvr7ujMko0root/ADMIN/adminlvjhadminlvjh1232010vstaxmhdpicruntop10qwertyQwestM0demqweasdzxguest123h2014071TANDBERGWprootarkeiachangemenowf00b@rarticawww9311supersurtiwkbadmintesthuigu309UsernetscreenpitaZz@23495859Root1password123fidel123annie2016asdfghdottietwe8ehomebatman123hackedwelcomeyellowD13hh[china123p@ssw0rdjordanhackmewagodasdec1patrickgforgeEminemspidermansparkypassword1shadowgatewaydiamondprincessflowerchelsearichardFootballpornsexycamarofalconwhorebigdogChongqingcuntmartin12121212bitchcheeseHustonsecretpassword123456789Metallicacowboy1999654321slipknotstarwarsCharlie1997daddyRootdragonhustonfuckmepussytrustno1cowboysfootballsmcadminsysadmvmwareprofensegamezlrkr0x123qwesuperuserIntraStackAsantecraftcrftpwfriendrootmeP@55w0rd!debugrainCisconsrootinformixmediatorqwe123db2fenc1ibmdb2forgotvideoinfobloxdb2inst1nagiosxiiclocktimelyenablediagdraytekdbadminsq!us3rglftpddiagdangerapcAlphanetworkswrgg15_di524adminHWapacheabcwebserverapache123arpwatchavinashaspbackupadminazzakhalelbackuppukcabasteriskbackupscmhealthbadservercactielliebackup1234cloudcbscbs123billsupermenbenutzerpasswortftp1234annie2013annie2015annie2012annie2014jvcepicrouter
Source: arm5.elf, 6248.1.0000557416b85000.0000557416cb3000.rw-.sdmp, arm5.elf, 6252.1.0000557416b85000.0000557416cb3000.rw-.sdmp, arm5.elf, 6254.1.0000557416b85000.0000557416cb3000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: arm5.elf, 6248.1.00007ffdddb2b000.00007ffdddb4c000.rw-.sdmp, arm5.elf, 6252.1.00007ffdddb2b000.00007ffdddb4c000.rw-.sdmp, arm5.elf, 6254.1.00007ffdddb2b000.00007ffdddb4c000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: arm5.elf, 6248.1.0000557416b85000.0000557416cb3000.rw-.sdmp, arm5.elf, 6252.1.0000557416b85000.0000557416cb3000.rw-.sdmp, arm5.elf, 6254.1.0000557416b85000.0000557416cb3000.rw-.sdmp	Binary or memory string: tU!/etc/qemu-binfmt/arm

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: 6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6248.1.00007fb234017000.00007fb23402e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6252.1.00007fb234017000.00007fb23402e000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: 6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6248.1.00007fb234017000.00007fb23402e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6252.1.00007fb234017000.00007fb23402e000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Obfuscated Files or Information	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
arm5.elf	21%	ReversingLabs	Linux.Trojan.Svirtu

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
cuttiecats.ru	185.93.89.106	true	false	high
qittler.ru	185.93.89.106	true	true	unknown
mykittler.ru	185.93.89.106	true	false	high
cats-master.ru	185.93.89.106	true	false	high
kittlerer.ru	185.93.89.106	true	false	high
kittlez.ru	185.93.89.106	true	true	unknown
gokittler.ru	185.93.89.106	true	false	high
qittler.ru. [malformed]	unknown	unknown	false	high
kittler.ru. [malformed]	unknown	unknown	false	high
cats-master.ru. [malformed]	unknown	unknown	false	high
thekittler.ru. [malformed]	unknown	unknown	false	high
newkittler.ru. [malformed]	unknown	unknown	false	high
cuttiecats.ru. [malformed]	unknown	unknown	false	high
mykittler.ru. [malformed]	unknown	unknown	false	high
polizei.su. [malformed]	unknown	unknown	false	high
kittlerer.ru. [malformed]	unknown	unknown	false	high
kittlez.ru. [malformed]	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http:///wget.sh	arm5.elf, 6248.1.00007fb234017000.00007fb23402e000.r-x.sdmp, arm5.elf, 6252.1.00007fb234017000.00007fb23402e000.r-x.sdmp, arm5.elf, 6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp	false		high
http:///curl.sh	arm5.elf, 6248.1.00007fb234017000.00007fb23402e000.r-x.sdmp, arm5.elf, 6252.1.00007fb234017000.00007fb23402e000.r-x.sdmp, arm5.elf, 6254.1.00007fb234017000.00007fb23402e000.r-x.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
208.72.26.71	unknown	United States	20398	CNCS-ASUS	false
43.150.191.9	unknown	Japan	4249	LILLY-ASUS	false
6.87.201.42	unknown	United States	3356	LEVEL3US	false
144.243.56.90	unknown	United States	1239	SPRINTLINKUS	false
163.55.143.68	unknown	Japan	2497	IIJInternetInitiativeJapanIncJP	false
2.71.90.174	unknown	Sweden	44034	HI3GSE	false
97.243.145.120	unknown	United States	6167	CELLCO-PARTUS	false
144.211.26.246	unknown	United States	44453	INTERNEX-ASAT	false
209.195.218.73	unknown	United States	6493	BEACON-TECHNOLOGIES-ASUS	false
126.233.193.89	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
26.92.169.207	unknown	United States	7922	COMCAST-7922US	false
16.16.209.147	unknown	United States	unknown	unknown	false
52.177.122.39	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.249.145.219	unknown	United States	16509	AMAZON-02US	false
170.42.244.206	unknown	United States	264957	CoopercitrusCooperativadeProdutoresRuraisBR	false
218.3.233.6	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
94.169.42.205	unknown	Netherlands	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
79.46.216.70	unknown	Italy	3269	ASN-IBSNAZIT	false
105.60.187.57	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
70.48.27.15	unknown	Canada	577	BACOMCA	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false
161.160.34.37	unknown	United States	22284	AS22284-DOI-OPSUS	false
5.151.128.199	unknown	United Kingdom	42689	GLIDEGB	false
185.93.89.106	cuttiecats.ru	United Kingdom	200861	TS-EMEA-ASNGB	true
48.11.135.15	unknown	United States	2686	ATGS-MMD-ASUS	false
16.167.81.62	unknown	United States	unknown	unknown	false
130.196.164.188	unknown	United States	137	ASGARRConsortiumGARREU	false
61.242.211.222	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
202.166.24.248	unknown	Singapore	9506	SINGTEL-FIBRESingtelFibreBroadbandSG	false
126.72.67.98	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
167.62.46.90	unknown	Uruguay	6057	AdministracionNacionaldeTelecomunicacionesUY	false
98.140.33.160	unknown	United States	7029	WINDSTREAMUS	false
99.30.153.50	unknown	United States	7018	ATT-INTERNET4US	false
53.60.160.42	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
117.16.6.227	unknown	Korea Republic of	9754	CSU-ASCHOSUNUNIVERSITYKR	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
34.249.145.219	Aqua.sh4.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.ELF.Agent-DEO.856.29662.elf	Get hash	malicious	Unknown	Browse
	193.233.237.190-bot.arm-2025-02-03T15_36_11.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse
	spc.elf	Get hash	malicious	Mirai	Browse
	Fantazy.arm5.elf	Get hash	malicious	Unknown	Browse
	assailant.m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	ppc.elf	Get hash	malicious	Mirai, Moobot	Browse
	ppc.elf	Get hash	malicious	Mirai	Browse
	x86.elf	Get hash	malicious	Mirai, Gafgyt	Browse
91.189.91.42	dlr.m68k.elf	Get hash	malicious	Unknown	Browse
	dlr.mips.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	SecuriteInfo.com.Linux.Mirai.8843.1994.6083.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	185.93.89.101-mips-2025-02-11T10_20_14.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mykittler.ru	rep.m68k.elf	Get hash	malicious	Mirai	Browse	185.93.89.106
cuttiecats.ru	mpsl.elf	Get hash	malicious	Mirai	Browse	185.93.89.106
	rep.m68k.elf	Get hash	malicious	Mirai	Browse	185.93.89.106
	mips.elf	Get hash	malicious	Mirai	Browse	185.93.89.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNCS-ASUS	4aPMcY1H8b.elf	Get hash	malicious	Mirai	Browse	199.47.71.209
	d6VxNlHJjf	Get hash	malicious	Mirai	Browse	199.47.71.206
	r284sgFxwT	Get hash	malicious	Mirai	Browse	199.47.71.200
LEVEL3US	mpsl.elf	Get hash	malicious	Mirai	Browse	9.241.143.60
	185.93.89.101-x86-2025-02-11T10_20_14.elf	Get hash	malicious	Mirai	Browse	6.155.212.62
	splmpsl.elf	Get hash	malicious	Unknown	Browse	8.4.34.198
	nabsh4.elf	Get hash	malicious	Unknown	Browse	4.28.216.167
	nabppc.elf	Get hash	malicious	Unknown	Browse	9.181.211.40
	nklarm7.elf	Get hash	malicious	Unknown	Browse	4.171.153.19
	nabm68k.elf	Get hash	malicious	Unknown	Browse	167.75.1.122
	splarm7.elf	Get hash	malicious	Unknown	Browse	9.193.186.226
	nabarm.elf	Get hash	malicious	Unknown	Browse	4.235.22.223
	nabx86.elf	Get hash	malicious	Unknown	Browse	4.206.162.85
LILLY-ASUS	mpsl.elf	Get hash	malicious	Mirai	Browse	43.29.4.31
	https://doxnero.sg-azure.top/	Get hash	malicious	Unknown	Browse	43.159.99.102
	185.93.89.101-x86-2025-02-11T10_20_14.elf	Get hash	malicious	Mirai	Browse	40.30.13.206
	185.93.89.101-mips-2025-02-11T10_20_14.elf	Get hash	malicious	Mirai	Browse	40.185.48.7
	#U793e#U5de5#U5de5#U5177#U5408#U96c6V1.0 By alluv.exe	Get hash	malicious	Unknown	Browse	43.129.255.47
	https://xss-paylaternx-form.cz1.us.kg/	Get hash	malicious	Unknown	Browse	43.175.162.160
	https://danaclaim.layanan-official.web.id/	Get hash	malicious	Unknown	Browse	43.175.162.160
	splmpsl.elf	Get hash	malicious	Unknown	Browse	42.137.20.154
	nklarm7.elf	Get hash	malicious	Unknown	Browse	40.232.206.81
	nabx86.elf	Get hash	malicious	Unknown	Browse	40.193.204.75
SPRINTLINKUS	mpsl.elf	Get hash	malicious	Mirai	Browse	63.167.3.95
	185.93.89.101-x86-2025-02-11T10_20_14.elf	Get hash	malicious	Mirai	Browse	208.29.75.197
	nabppc.elf	Get hash	malicious	Unknown	Browse	208.10.195.146
	spc.elf	Get hash	malicious	Unknown	Browse	204.118.220.248
	sh4.elf	Get hash	malicious	Unknown	Browse	63.167.100.116
	nabspc.elf	Get hash	malicious	Unknown	Browse	144.238.75.144
	jklppc.elf	Get hash	malicious	Unknown	Browse	199.160.253.49
	nabarm5.elf	Get hash	malicious	Unknown	Browse	63.134.3.236
	nabarm7.elf	Get hash	malicious	Unknown	Browse	65.179.131.192
	nabmpsl.elf	Get hash	malicious	Unknown	Browse	63.188.7.99

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, no section header
Entropy (8bit):	7.968778272469863
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	arm5.elf
File size:	39'496 bytes
MD5:	0746172beb9c7c13b72d7fb6b7f88fa7
SHA1:	2c49387ecd9267d929e37794e9de08689d113d35
SHA256:	38e4d384edc7fd7b875df3d6cf74f2a877ac03164ee35f3afc5869ca1e66b397
SHA512:	4c1236dcc0a04307c4244e9b1da2af6d51a3959f89a197faf993dbfa87bebc79a385cc18d4b29d514d150a27bb6a7c3f29b109ea07315cf99cefa7b6283e26f7
SSDEEP:	768:Ol1Sx8G5pW7SxgMtmigP/rI/QF3nVPjUjQIL7Uhyysuwc3UGq:OOxdjW7SxgemRLIg3nFU97Myy9fq
TLSH:	6B03E00254CCE078C6B504B7DC1DDBA4138E4A74E0B2218A5369947C7FE2F53BBAD9B9
File Content Preview:	.ELF...a..........(.........4...........4. ...(.........................H...........................[...[...........Q.td............................\...sfga........xl..xl......S..........?.E.h;.}...^..........fQ..r..M'...q\|I.#.!.2.........2.'0..N...c...J.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	ARM - ABI
ABI Version:	0
Entry Point Address:	0x387ac
Flags:	0x2
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0x8000	0x8000	0x1000	0x21c48	7.8945	0x6	RW	0x8000
LOAD	0x0	0x30000	0x30000	0x995b	0x995b	7.9708	0x5	R E	0x8000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 323
• 34411 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)
• 23 (Telnet)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 11, 2025 16:15:35.685193062 CET	43928	443	192.168.2.23	91.189.91.42
Feb 11, 2025 16:15:36.744298935 CET	34672	23	192.168.2.23	26.92.169.207
Feb 11, 2025 16:15:36.749051094 CET	45774	23	192.168.2.23	144.211.26.246
Feb 11, 2025 16:15:36.751552105 CET	23	34672	26.92.169.207	192.168.2.23
Feb 11, 2025 16:15:36.751859903 CET	34672	23	192.168.2.23	26.92.169.207
Feb 11, 2025 16:15:36.754908085 CET	49128	23	192.168.2.23	202.166.24.248
Feb 11, 2025 16:15:36.756953001 CET	23	45774	144.211.26.246	192.168.2.23
Feb 11, 2025 16:15:36.757069111 CET	45774	23	192.168.2.23	144.211.26.246
Feb 11, 2025 16:15:36.760251045 CET	45914	23	192.168.2.23	105.60.187.57
Feb 11, 2025 16:15:36.760379076 CET	41412	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:36.763164043 CET	23	49128	202.166.24.248	192.168.2.23
Feb 11, 2025 16:15:36.763206005 CET	49128	23	192.168.2.23	202.166.24.248
Feb 11, 2025 16:15:36.765863895 CET	60884	23	192.168.2.23	79.46.216.70
Feb 11, 2025 16:15:36.772479057 CET	37600	23	192.168.2.23	53.60.160.42
Feb 11, 2025 16:15:36.776926041 CET	49374	23	192.168.2.23	117.16.6.227
Feb 11, 2025 16:15:36.781272888 CET	53870	23	192.168.2.23	43.150.191.9
Feb 11, 2025 16:15:36.788147926 CET	23	45914	105.60.187.57	192.168.2.23
Feb 11, 2025 16:15:36.788155079 CET	34411	41412	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:36.788176060 CET	23	60884	79.46.216.70	192.168.2.23
Feb 11, 2025 16:15:36.788194895 CET	23	37600	53.60.160.42	192.168.2.23
Feb 11, 2025 16:15:36.788199902 CET	23	49374	117.16.6.227	192.168.2.23
Feb 11, 2025 16:15:36.788692951 CET	60884	23	192.168.2.23	79.46.216.70
Feb 11, 2025 16:15:36.788702965 CET	41412	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:36.788714886 CET	49374	23	192.168.2.23	117.16.6.227
Feb 11, 2025 16:15:36.788724899 CET	45914	23	192.168.2.23	105.60.187.57
Feb 11, 2025 16:15:36.788732052 CET	37600	23	192.168.2.23	53.60.160.42
Feb 11, 2025 16:15:36.788923025 CET	23	53870	43.150.191.9	192.168.2.23
Feb 11, 2025 16:15:36.792089939 CET	53870	23	192.168.2.23	43.150.191.9
Feb 11, 2025 16:15:36.843175888 CET	44264	23	192.168.2.23	98.140.33.160
Feb 11, 2025 16:15:36.847215891 CET	41412	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:36.849541903 CET	34788	23	192.168.2.23	16.167.81.62
Feb 11, 2025 16:15:36.850084066 CET	23	44264	98.140.33.160	192.168.2.23
Feb 11, 2025 16:15:36.850153923 CET	44264	23	192.168.2.23	98.140.33.160
Feb 11, 2025 16:15:36.852401972 CET	34411	41412	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:36.852478027 CET	41412	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:36.855915070 CET	48252	23	192.168.2.23	167.62.46.90
Feb 11, 2025 16:15:36.857171059 CET	23	34788	16.167.81.62	192.168.2.23
Feb 11, 2025 16:15:36.857361078 CET	34788	23	192.168.2.23	16.167.81.62
Feb 11, 2025 16:15:36.860321999 CET	52298	23	192.168.2.23	170.42.244.206
Feb 11, 2025 16:15:36.860703945 CET	34411	41412	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:36.863462925 CET	23	48252	167.62.46.90	192.168.2.23
Feb 11, 2025 16:15:36.863522053 CET	48252	23	192.168.2.23	167.62.46.90
Feb 11, 2025 16:15:36.864231110 CET	41970	23	192.168.2.23	208.72.26.71
Feb 11, 2025 16:15:36.867244959 CET	23	52298	170.42.244.206	192.168.2.23
Feb 11, 2025 16:15:36.867289066 CET	52298	23	192.168.2.23	170.42.244.206
Feb 11, 2025 16:15:36.868248940 CET	33230	23	192.168.2.23	99.30.153.50
Feb 11, 2025 16:15:36.871206045 CET	23	41970	208.72.26.71	192.168.2.23
Feb 11, 2025 16:15:36.873750925 CET	41970	23	192.168.2.23	208.72.26.71
Feb 11, 2025 16:15:36.875216007 CET	23	33230	99.30.153.50	192.168.2.23
Feb 11, 2025 16:15:36.881434917 CET	33230	23	192.168.2.23	99.30.153.50
Feb 11, 2025 16:15:36.951821089 CET	46596	23	192.168.2.23	16.16.209.147
Feb 11, 2025 16:15:36.959070921 CET	23	46596	16.16.209.147	192.168.2.23
Feb 11, 2025 16:15:36.960004091 CET	46596	23	192.168.2.23	16.16.209.147
Feb 11, 2025 16:15:36.972198009 CET	52844	23	192.168.2.23	218.3.233.6
Feb 11, 2025 16:15:36.979525089 CET	23	52844	218.3.233.6	192.168.2.23
Feb 11, 2025 16:15:36.984183073 CET	52844	23	192.168.2.23	218.3.233.6
Feb 11, 2025 16:15:36.995331049 CET	42430	23	192.168.2.23	5.151.128.199
Feb 11, 2025 16:15:37.000902891 CET	55524	23	192.168.2.23	126.72.67.98
Feb 11, 2025 16:15:37.001596928 CET	23	42430	5.151.128.199	192.168.2.23
Feb 11, 2025 16:15:37.001652956 CET	42430	23	192.168.2.23	5.151.128.199
Feb 11, 2025 16:15:37.005785942 CET	23	55524	126.72.67.98	192.168.2.23
Feb 11, 2025 16:15:37.008430004 CET	55524	23	192.168.2.23	126.72.67.98
Feb 11, 2025 16:15:37.012222052 CET	39168	23	192.168.2.23	61.242.211.222
Feb 11, 2025 16:15:37.019644976 CET	23	39168	61.242.211.222	192.168.2.23
Feb 11, 2025 16:15:37.020401955 CET	39168	23	192.168.2.23	61.242.211.222
Feb 11, 2025 16:15:37.037553072 CET	35822	23	192.168.2.23	6.87.201.42
Feb 11, 2025 16:15:37.042489052 CET	23	35822	6.87.201.42	192.168.2.23
Feb 11, 2025 16:15:37.042634964 CET	35822	23	192.168.2.23	6.87.201.42
Feb 11, 2025 16:15:37.042824030 CET	35972	23	192.168.2.23	144.243.56.90
Feb 11, 2025 16:15:37.051594973 CET	23	35972	144.243.56.90	192.168.2.23
Feb 11, 2025 16:15:37.056509972 CET	35972	23	192.168.2.23	144.243.56.90
Feb 11, 2025 16:15:37.063606977 CET	56232	23	192.168.2.23	94.169.42.205
Feb 11, 2025 16:15:37.068665028 CET	23	56232	94.169.42.205	192.168.2.23
Feb 11, 2025 16:15:37.068715096 CET	56232	23	192.168.2.23	94.169.42.205
Feb 11, 2025 16:15:37.070138931 CET	39748	23	192.168.2.23	126.233.193.89
Feb 11, 2025 16:15:37.075112104 CET	23	39748	126.233.193.89	192.168.2.23
Feb 11, 2025 16:15:37.075299025 CET	39748	23	192.168.2.23	126.233.193.89
Feb 11, 2025 16:15:37.076849937 CET	58410	23	192.168.2.23	161.160.34.37
Feb 11, 2025 16:15:37.080180883 CET	53386	23	192.168.2.23	130.196.164.188
Feb 11, 2025 16:15:37.081829071 CET	23	58410	161.160.34.37	192.168.2.23
Feb 11, 2025 16:15:37.081976891 CET	58410	23	192.168.2.23	161.160.34.37
Feb 11, 2025 16:15:37.084992886 CET	23	53386	130.196.164.188	192.168.2.23
Feb 11, 2025 16:15:37.085844040 CET	60850	23	192.168.2.23	2.71.90.174
Feb 11, 2025 16:15:37.085866928 CET	53386	23	192.168.2.23	130.196.164.188
Feb 11, 2025 16:15:37.090286016 CET	58068	23	192.168.2.23	97.243.145.120
Feb 11, 2025 16:15:37.090948105 CET	23	60850	2.71.90.174	192.168.2.23
Feb 11, 2025 16:15:37.090998888 CET	60850	23	192.168.2.23	2.71.90.174
Feb 11, 2025 16:15:37.094630003 CET	39256	443	192.168.2.23	34.249.145.219
Feb 11, 2025 16:15:37.094857931 CET	57548	23	192.168.2.23	70.48.27.15
Feb 11, 2025 16:15:37.095087051 CET	23	58068	97.243.145.120	192.168.2.23
Feb 11, 2025 16:15:37.095134974 CET	58068	23	192.168.2.23	97.243.145.120
Feb 11, 2025 16:15:37.099761963 CET	23	57548	70.48.27.15	192.168.2.23
Feb 11, 2025 16:15:37.099879980 CET	57548	23	192.168.2.23	70.48.27.15
Feb 11, 2025 16:15:37.100063086 CET	46776	23	192.168.2.23	209.195.218.73
Feb 11, 2025 16:15:37.104826927 CET	23	46776	209.195.218.73	192.168.2.23
Feb 11, 2025 16:15:37.104933023 CET	46776	23	192.168.2.23	209.195.218.73
Feb 11, 2025 16:15:37.106386900 CET	42600	23	192.168.2.23	48.11.135.15
Feb 11, 2025 16:15:37.111135960 CET	23	42600	48.11.135.15	192.168.2.23
Feb 11, 2025 16:15:37.111337900 CET	42600	23	192.168.2.23	48.11.135.15
Feb 11, 2025 16:15:37.114567995 CET	37568	23	192.168.2.23	52.177.122.39
Feb 11, 2025 16:15:37.119371891 CET	23	37568	52.177.122.39	192.168.2.23
Feb 11, 2025 16:15:37.119482994 CET	37568	23	192.168.2.23	52.177.122.39
Feb 11, 2025 16:15:37.146146059 CET	443	39256	34.249.145.219	192.168.2.23
Feb 11, 2025 16:15:37.186157942 CET	35696	23	192.168.2.23	163.55.143.68
Feb 11, 2025 16:15:37.190898895 CET	23	35696	163.55.143.68	192.168.2.23
Feb 11, 2025 16:15:37.190958977 CET	35696	23	192.168.2.23	163.55.143.68
Feb 11, 2025 16:15:37.407593966 CET	37568	23	192.168.2.23	52.177.122.39
Feb 11, 2025 16:15:37.407593966 CET	53386	23	192.168.2.23	130.196.164.188
Feb 11, 2025 16:15:37.407597065 CET	42600	23	192.168.2.23	48.11.135.15
Feb 11, 2025 16:15:37.407599926 CET	35696	23	192.168.2.23	163.55.143.68
Feb 11, 2025 16:15:37.407599926 CET	46776	23	192.168.2.23	209.195.218.73
Feb 11, 2025 16:15:37.407599926 CET	57548	23	192.168.2.23	70.48.27.15
Feb 11, 2025 16:15:37.407599926 CET	39748	23	192.168.2.23	126.233.193.89
Feb 11, 2025 16:15:37.407601118 CET	58410	23	192.168.2.23	161.160.34.37
Feb 11, 2025 16:15:37.407601118 CET	60850	23	192.168.2.23	2.71.90.174
Feb 11, 2025 16:15:37.407619953 CET	58068	23	192.168.2.23	97.243.145.120
Feb 11, 2025 16:15:37.407622099 CET	39168	23	192.168.2.23	61.242.211.222
Feb 11, 2025 16:15:37.407623053 CET	56232	23	192.168.2.23	94.169.42.205
Feb 11, 2025 16:15:37.407627106 CET	35972	23	192.168.2.23	144.243.56.90
Feb 11, 2025 16:15:37.407629967 CET	35822	23	192.168.2.23	6.87.201.42
Feb 11, 2025 16:15:37.407633066 CET	55524	23	192.168.2.23	126.72.67.98
Feb 11, 2025 16:15:37.407646894 CET	42430	23	192.168.2.23	5.151.128.199
Feb 11, 2025 16:15:37.407661915 CET	33230	23	192.168.2.23	99.30.153.50
Feb 11, 2025 16:15:37.407661915 CET	46596	23	192.168.2.23	16.16.209.147
Feb 11, 2025 16:15:37.407661915 CET	52844	23	192.168.2.23	218.3.233.6
Feb 11, 2025 16:15:37.407663107 CET	41970	23	192.168.2.23	208.72.26.71
Feb 11, 2025 16:15:37.407663107 CET	52298	23	192.168.2.23	170.42.244.206
Feb 11, 2025 16:15:37.407689095 CET	34788	23	192.168.2.23	16.167.81.62
Feb 11, 2025 16:15:37.407691956 CET	53870	23	192.168.2.23	43.150.191.9
Feb 11, 2025 16:15:37.407691956 CET	48252	23	192.168.2.23	167.62.46.90
Feb 11, 2025 16:15:37.407692909 CET	44264	23	192.168.2.23	98.140.33.160
Feb 11, 2025 16:15:37.407711029 CET	37600	23	192.168.2.23	53.60.160.42
Feb 11, 2025 16:15:37.407711029 CET	60884	23	192.168.2.23	79.46.216.70
Feb 11, 2025 16:15:37.407711029 CET	45914	23	192.168.2.23	105.60.187.57
Feb 11, 2025 16:15:37.407712936 CET	45774	23	192.168.2.23	144.211.26.246
Feb 11, 2025 16:15:37.407723904 CET	49374	23	192.168.2.23	117.16.6.227
Feb 11, 2025 16:15:37.407723904 CET	49128	23	192.168.2.23	202.166.24.248
Feb 11, 2025 16:15:37.407732010 CET	34672	23	192.168.2.23	26.92.169.207
Feb 11, 2025 16:15:37.413111925 CET	34411	41412	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:37.413191080 CET	41412	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:37.413369894 CET	41412	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:37.413847923 CET	23	42600	48.11.135.15	192.168.2.23
Feb 11, 2025 16:15:37.413853884 CET	23	35696	163.55.143.68	192.168.2.23
Feb 11, 2025 16:15:37.413866043 CET	23	37568	52.177.122.39	192.168.2.23
Feb 11, 2025 16:15:37.413872957 CET	23	53386	130.196.164.188	192.168.2.23
Feb 11, 2025 16:15:37.413877010 CET	23	46776	209.195.218.73	192.168.2.23
Feb 11, 2025 16:15:37.413945913 CET	35696	23	192.168.2.23	163.55.143.68
Feb 11, 2025 16:15:37.413945913 CET	37568	23	192.168.2.23	52.177.122.39
Feb 11, 2025 16:15:37.413945913 CET	53386	23	192.168.2.23	130.196.164.188
Feb 11, 2025 16:15:37.413949013 CET	46776	23	192.168.2.23	209.195.218.73
Feb 11, 2025 16:15:37.413952112 CET	42600	23	192.168.2.23	48.11.135.15
Feb 11, 2025 16:15:37.414304972 CET	23	57548	70.48.27.15	192.168.2.23
Feb 11, 2025 16:15:37.414309978 CET	23	39748	126.233.193.89	192.168.2.23
Feb 11, 2025 16:15:37.414343119 CET	57548	23	192.168.2.23	70.48.27.15
Feb 11, 2025 16:15:37.414343119 CET	39748	23	192.168.2.23	126.233.193.89
Feb 11, 2025 16:15:37.414464951 CET	23	58068	97.243.145.120	192.168.2.23
Feb 11, 2025 16:15:37.414470911 CET	23	39168	61.242.211.222	192.168.2.23
Feb 11, 2025 16:15:37.414480925 CET	23	58410	161.160.34.37	192.168.2.23
Feb 11, 2025 16:15:37.414486885 CET	23	35972	144.243.56.90	192.168.2.23
Feb 11, 2025 16:15:37.414491892 CET	23	60850	2.71.90.174	192.168.2.23
Feb 11, 2025 16:15:37.414496899 CET	23	35822	6.87.201.42	192.168.2.23
Feb 11, 2025 16:15:37.414515018 CET	39168	23	192.168.2.23	61.242.211.222
Feb 11, 2025 16:15:37.414531946 CET	35972	23	192.168.2.23	144.243.56.90
Feb 11, 2025 16:15:37.414539099 CET	58068	23	192.168.2.23	97.243.145.120
Feb 11, 2025 16:15:37.414540052 CET	60850	23	192.168.2.23	2.71.90.174
Feb 11, 2025 16:15:37.414540052 CET	58410	23	192.168.2.23	161.160.34.37
Feb 11, 2025 16:15:37.414552927 CET	23	56232	94.169.42.205	192.168.2.23
Feb 11, 2025 16:15:37.414557934 CET	23	55524	126.72.67.98	192.168.2.23
Feb 11, 2025 16:15:37.414562941 CET	23	42430	5.151.128.199	192.168.2.23
Feb 11, 2025 16:15:37.414573908 CET	23	33230	99.30.153.50	192.168.2.23
Feb 11, 2025 16:15:37.414578915 CET	23	46596	16.16.209.147	192.168.2.23
Feb 11, 2025 16:15:37.414582968 CET	23	52844	218.3.233.6	192.168.2.23
Feb 11, 2025 16:15:37.414608955 CET	56232	23	192.168.2.23	94.169.42.205
Feb 11, 2025 16:15:37.414611101 CET	55524	23	192.168.2.23	126.72.67.98
Feb 11, 2025 16:15:37.414613962 CET	35822	23	192.168.2.23	6.87.201.42
Feb 11, 2025 16:15:37.414613962 CET	42430	23	192.168.2.23	5.151.128.199
Feb 11, 2025 16:15:37.414628029 CET	33230	23	192.168.2.23	99.30.153.50
Feb 11, 2025 16:15:37.414628029 CET	46596	23	192.168.2.23	16.16.209.147
Feb 11, 2025 16:15:37.414628029 CET	52844	23	192.168.2.23	218.3.233.6
Feb 11, 2025 16:15:37.414648056 CET	23	41970	208.72.26.71	192.168.2.23
Feb 11, 2025 16:15:37.414654016 CET	23	52298	170.42.244.206	192.168.2.23
Feb 11, 2025 16:15:37.414659023 CET	23	34788	16.167.81.62	192.168.2.23
Feb 11, 2025 16:15:37.414663076 CET	23	53870	43.150.191.9	192.168.2.23
Feb 11, 2025 16:15:37.414668083 CET	23	48252	167.62.46.90	192.168.2.23
Feb 11, 2025 16:15:37.414673090 CET	23	44264	98.140.33.160	192.168.2.23
Feb 11, 2025 16:15:37.414678097 CET	23	45774	144.211.26.246	192.168.2.23
Feb 11, 2025 16:15:37.414681911 CET	23	60884	79.46.216.70	192.168.2.23
Feb 11, 2025 16:15:37.414696932 CET	34788	23	192.168.2.23	16.167.81.62
Feb 11, 2025 16:15:37.414697886 CET	48252	23	192.168.2.23	167.62.46.90
Feb 11, 2025 16:15:37.414701939 CET	52298	23	192.168.2.23	170.42.244.206
Feb 11, 2025 16:15:37.414702892 CET	41970	23	192.168.2.23	208.72.26.71
Feb 11, 2025 16:15:37.414721966 CET	44264	23	192.168.2.23	98.140.33.160
Feb 11, 2025 16:15:37.414721966 CET	53870	23	192.168.2.23	43.150.191.9
Feb 11, 2025 16:15:37.414729118 CET	45774	23	192.168.2.23	144.211.26.246
Feb 11, 2025 16:15:37.414737940 CET	60884	23	192.168.2.23	79.46.216.70
Feb 11, 2025 16:15:37.414778948 CET	23	45914	105.60.187.57	192.168.2.23
Feb 11, 2025 16:15:37.414784908 CET	23	37600	53.60.160.42	192.168.2.23
Feb 11, 2025 16:15:37.414788961 CET	23	49374	117.16.6.227	192.168.2.23
Feb 11, 2025 16:15:37.414798021 CET	23	49128	202.166.24.248	192.168.2.23
Feb 11, 2025 16:15:37.414803028 CET	23	34672	26.92.169.207	192.168.2.23
Feb 11, 2025 16:15:37.414827108 CET	45914	23	192.168.2.23	105.60.187.57
Feb 11, 2025 16:15:37.414844990 CET	49374	23	192.168.2.23	117.16.6.227
Feb 11, 2025 16:15:37.414848089 CET	37600	23	192.168.2.23	53.60.160.42
Feb 11, 2025 16:15:37.414860010 CET	34672	23	192.168.2.23	26.92.169.207
Feb 11, 2025 16:15:37.414875984 CET	49128	23	192.168.2.23	202.166.24.248
Feb 11, 2025 16:15:38.437822104 CET	41470	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:38.442671061 CET	34411	41470	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:38.442737103 CET	41470	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:38.443614960 CET	41470	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:38.448455095 CET	34411	41470	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:38.448563099 CET	41470	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:38.453422070 CET	34411	41470	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:39.073059082 CET	34411	41470	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:39.073137999 CET	41470	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:39.073208094 CET	41470	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:40.082958937 CET	41472	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:40.087776899 CET	34411	41472	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:40.087902069 CET	41472	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:40.090020895 CET	41472	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:40.094789982 CET	34411	41472	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:40.094856024 CET	41472	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:40.099622965 CET	34411	41472	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:48.186855078 CET	443	39256	34.249.145.219	192.168.2.23
Feb 11, 2025 16:15:48.186937094 CET	39256	443	192.168.2.23	34.249.145.219
Feb 11, 2025 16:15:50.095330954 CET	41472	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:50.100227118 CET	34411	41472	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:50.268655062 CET	34411	41472	185.93.89.106	192.168.2.23
Feb 11, 2025 16:15:50.268759966 CET	41472	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:15:52.066917896 CET	42516	80	192.168.2.23	109.202.202.202
Feb 11, 2025 16:15:56.162341118 CET	43928	443	192.168.2.23	91.189.91.42
Feb 11, 2025 16:16:26.513933897 CET	34411	41472	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:26.514082909 CET	41472	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:26.518871069 CET	34411	41472	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:27.527141094 CET	41474	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:27.531960011 CET	34411	41474	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:27.532037020 CET	41474	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:27.533018112 CET	41474	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:27.539805889 CET	34411	41474	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:27.539911985 CET	41474	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:27.544646978 CET	34411	41474	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:29.195384979 CET	34411	41474	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:29.195668936 CET	41474	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:29.200550079 CET	34411	41474	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:30.206790924 CET	41476	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:30.213445902 CET	34411	41476	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:30.213512897 CET	41476	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:30.214337111 CET	41476	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:30.219196081 CET	34411	41476	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:30.219254017 CET	41476	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:30.224069118 CET	34411	41476	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:31.835621119 CET	34411	41476	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:31.835788965 CET	41476	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:31.840641022 CET	34411	41476	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:32.850083113 CET	41478	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:32.855010033 CET	34411	41478	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:32.855135918 CET	41478	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:32.856213093 CET	41478	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:32.861006021 CET	34411	41478	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:32.861160040 CET	41478	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:32.865937948 CET	34411	41478	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:34.490806103 CET	34411	41478	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:34.490969896 CET	41478	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:34.495793104 CET	34411	41478	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:35.504873037 CET	41480	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:35.509650946 CET	34411	41480	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:35.509717941 CET	41480	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:35.510974884 CET	41480	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:35.517565966 CET	34411	41480	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:35.517643929 CET	41480	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:35.522419930 CET	34411	41480	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:37.116795063 CET	43928	443	192.168.2.23	91.189.91.42
Feb 11, 2025 16:16:37.146454096 CET	34411	41480	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:37.147361994 CET	41480	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:37.157533884 CET	34411	41480	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:38.159425020 CET	41482	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:38.164289951 CET	34411	41482	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:38.164370060 CET	41482	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:38.165271044 CET	41482	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:38.170109034 CET	34411	41482	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:38.170557976 CET	41482	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:38.175354958 CET	34411	41482	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:39.831746101 CET	34411	41482	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:39.831974983 CET	41482	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:39.836827993 CET	34411	41482	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:40.841969013 CET	41484	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:40.846894026 CET	34411	41484	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:40.847021103 CET	41484	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:40.848022938 CET	41484	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:40.852833033 CET	34411	41484	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:40.852929115 CET	41484	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:40.857774973 CET	34411	41484	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:42.491910934 CET	34411	41484	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:42.492305040 CET	41484	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:42.497075081 CET	34411	41484	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:43.506637096 CET	41486	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:43.511483908 CET	34411	41486	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:43.511553049 CET	41486	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:43.512911081 CET	41486	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:43.517699957 CET	34411	41486	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:43.517786026 CET	41486	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:43.522650003 CET	34411	41486	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:45.129195929 CET	34411	41486	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:45.129378080 CET	41486	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:45.134218931 CET	34411	41486	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:46.138637066 CET	41488	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:46.143448114 CET	34411	41488	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:46.143595934 CET	41488	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:46.144759893 CET	41488	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:46.149552107 CET	34411	41488	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:46.149622917 CET	41488	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:46.154437065 CET	34411	41488	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:47.752294064 CET	34411	41488	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:47.752531052 CET	41488	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:47.757359982 CET	34411	41488	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:48.766292095 CET	41490	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:48.771382093 CET	34411	41490	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:48.771518946 CET	41490	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:48.772392035 CET	41490	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:48.777170897 CET	34411	41490	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:48.777214050 CET	41490	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:48.781958103 CET	34411	41490	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:50.395155907 CET	34411	41490	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:50.395282030 CET	41490	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:50.400165081 CET	34411	41490	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:51.404639959 CET	41492	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:51.409441948 CET	34411	41492	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:51.409595013 CET	41492	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:51.411721945 CET	41492	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:51.416580915 CET	34411	41492	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:51.416650057 CET	41492	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:51.421494007 CET	34411	41492	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:53.035785913 CET	34411	41492	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:53.035984993 CET	41492	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:53.040810108 CET	34411	41492	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:54.051039934 CET	41494	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:54.058875084 CET	34411	41494	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:54.059077024 CET	41494	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:54.059982061 CET	41494	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:54.067006111 CET	34411	41494	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:54.067163944 CET	41494	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:54.072671890 CET	34411	41494	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:55.696120024 CET	34411	41494	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:55.696259022 CET	41494	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:55.701113939 CET	34411	41494	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:56.708973885 CET	41496	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:56.713843107 CET	34411	41496	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:56.713938951 CET	41496	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:56.714905024 CET	41496	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:56.719839096 CET	34411	41496	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:56.719916105 CET	41496	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:56.724656105 CET	34411	41496	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:58.363769054 CET	34411	41496	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:58.363946915 CET	41496	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:58.368802071 CET	34411	41496	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:59.376099110 CET	41498	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:59.380888939 CET	34411	41498	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:59.381006002 CET	41498	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:59.381968021 CET	41498	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:59.386776924 CET	34411	41498	185.93.89.106	192.168.2.23
Feb 11, 2025 16:16:59.386840105 CET	41498	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:16:59.391663074 CET	34411	41498	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:01.006042004 CET	34411	41498	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:01.006211996 CET	41498	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:01.014089108 CET	34411	41498	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:02.014859915 CET	41500	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:02.019682884 CET	34411	41500	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:02.019953966 CET	41500	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:02.021267891 CET	41500	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:02.026108980 CET	34411	41500	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:02.026268959 CET	41500	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:02.031025887 CET	34411	41500	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:03.647119999 CET	34411	41500	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:03.647274971 CET	41500	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:03.652050972 CET	34411	41500	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:04.656120062 CET	41502	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:04.660927057 CET	34411	41502	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:04.661020994 CET	41502	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:04.662182093 CET	41502	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:04.666991949 CET	34411	41502	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:04.667079926 CET	41502	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:04.671906948 CET	34411	41502	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:06.332756042 CET	34411	41502	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:06.332916975 CET	41502	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:06.337752104 CET	34411	41502	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:07.341960907 CET	41504	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:07.346829891 CET	34411	41504	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:07.346949100 CET	41504	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:07.347718954 CET	41504	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:07.352576971 CET	34411	41504	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:07.352629900 CET	41504	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:07.357455015 CET	34411	41504	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:08.971448898 CET	34411	41504	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:08.971657038 CET	41504	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:08.976428986 CET	34411	41504	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:09.981700897 CET	41506	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:09.986502886 CET	34411	41506	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:09.986589909 CET	41506	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:09.987392902 CET	41506	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:09.992186069 CET	34411	41506	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:09.992274046 CET	41506	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:09.997215033 CET	34411	41506	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:11.614191055 CET	34411	41506	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:11.614351034 CET	41506	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:11.620641947 CET	34411	41506	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:12.777312040 CET	41508	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:12.782084942 CET	34411	41508	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:12.782186031 CET	41508	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:12.783905029 CET	41508	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:12.788615942 CET	34411	41508	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:12.789038897 CET	41508	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:12.793800116 CET	34411	41508	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:14.409096956 CET	34411	41508	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:14.409305096 CET	41508	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:14.415513992 CET	34411	41508	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:15.419279099 CET	41510	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:15.424118996 CET	34411	41510	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:15.424184084 CET	41510	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:15.425414085 CET	41510	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:15.430269003 CET	34411	41510	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:15.430319071 CET	41510	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:15.435123920 CET	34411	41510	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:17.054024935 CET	34411	41510	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:17.054248095 CET	41510	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:17.059050083 CET	34411	41510	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:18.067655087 CET	41512	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:18.072537899 CET	34411	41512	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:18.072596073 CET	41512	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:18.073484898 CET	41512	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:18.078392029 CET	34411	41512	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:18.078444004 CET	41512	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:18.083290100 CET	34411	41512	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:19.692351103 CET	34411	41512	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:19.692517996 CET	41512	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:19.697810888 CET	34411	41512	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:20.701064110 CET	41514	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:20.705852985 CET	34411	41514	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:20.705921888 CET	41514	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:20.706619978 CET	41514	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:20.711386919 CET	34411	41514	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:20.711436033 CET	41514	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:20.716278076 CET	34411	41514	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:22.366341114 CET	34411	41514	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:22.366508007 CET	41514	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:22.371357918 CET	34411	41514	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:23.375128031 CET	41516	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:23.379937887 CET	34411	41516	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:23.380002975 CET	41516	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:23.380848885 CET	41516	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:23.385638952 CET	34411	41516	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:23.385704994 CET	41516	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:23.390491962 CET	34411	41516	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:25.003496885 CET	34411	41516	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:25.003657103 CET	41516	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:25.009660006 CET	34411	41516	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:26.012516022 CET	41518	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:26.017414093 CET	34411	41518	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:26.017504930 CET	41518	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:26.018181086 CET	41518	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:26.023086071 CET	34411	41518	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:26.023237944 CET	41518	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:26.028103113 CET	34411	41518	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:27.645595074 CET	34411	41518	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:27.645776033 CET	41518	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:27.653476954 CET	34411	41518	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:28.658243895 CET	41520	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:28.663144112 CET	34411	41520	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:28.663213968 CET	41520	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:28.663947105 CET	41520	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:28.668771982 CET	34411	41520	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:28.668838978 CET	41520	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:28.673646927 CET	34411	41520	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:30.286549091 CET	34411	41520	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:30.286704063 CET	41520	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:30.292171955 CET	34411	41520	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:31.299221039 CET	41522	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:31.304003954 CET	34411	41522	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:31.304069996 CET	41522	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:31.304889917 CET	41522	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:31.309809923 CET	34411	41522	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:31.309861898 CET	41522	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:31.314613104 CET	34411	41522	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:32.925591946 CET	34411	41522	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:32.925795078 CET	41522	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:32.931056976 CET	34411	41522	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:33.934169054 CET	41524	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:33.938963890 CET	34411	41524	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:33.939028025 CET	41524	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:33.939713001 CET	41524	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:33.944453955 CET	34411	41524	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:33.944500923 CET	41524	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:33.949253082 CET	34411	41524	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:35.565951109 CET	34411	41524	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:35.566111088 CET	41524	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:35.570966959 CET	34411	41524	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:36.575059891 CET	41526	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:36.579809904 CET	34411	41526	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:36.579871893 CET	41526	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:36.580540895 CET	41526	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:36.585309029 CET	34411	41526	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:36.585376024 CET	41526	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:36.592557907 CET	34411	41526	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:38.208240986 CET	34411	41526	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:38.208476067 CET	41526	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:38.213243008 CET	34411	41526	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:39.221493006 CET	41528	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:39.226290941 CET	34411	41528	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:39.226386070 CET	41528	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:39.227361917 CET	41528	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:39.232146025 CET	34411	41528	185.93.89.106	192.168.2.23
Feb 11, 2025 16:17:39.232208967 CET	41528	34411	192.168.2.23	185.93.89.106
Feb 11, 2025 16:17:39.237011909 CET	34411	41528	185.93.89.106	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 11, 2025 16:15:36.742966890 CET	36502	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:15:36.758378029 CET	53	36502	8.8.8.8	192.168.2.23
Feb 11, 2025 16:15:38.418766975 CET	33489	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:15:38.436825991 CET	53	33489	8.8.8.8	192.168.2.23
Feb 11, 2025 16:15:40.075082064 CET	45217	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:15:40.082087994 CET	53	45217	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:27.516406059 CET	48609	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:27.526568890 CET	53	48609	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:30.197721004 CET	60666	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:30.206243038 CET	53	60666	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:32.842289925 CET	46220	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:32.849422932 CET	53	46220	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:35.493585110 CET	39431	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:35.504266024 CET	53	39431	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:38.152122021 CET	49497	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:38.158695936 CET	53	49497	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:40.835016966 CET	59958	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:40.841234922 CET	53	59958	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:43.495151997 CET	41952	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:43.506002903 CET	53	41952	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:46.131829977 CET	39825	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:46.138017893 CET	53	39825	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:48.755338907 CET	37559	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:48.765625954 CET	53	37559	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:51.397710085 CET	57920	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:51.404033899 CET	53	57920	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:54.038686037 CET	42097	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:54.050297022 CET	53	42097	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:56.698275089 CET	51929	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:56.708466053 CET	53	51929	8.8.8.8	192.168.2.23
Feb 11, 2025 16:16:59.365765095 CET	42246	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:16:59.375544071 CET	53	42246	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:02.008181095 CET	56218	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:02.014380932 CET	53	56218	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:04.649493933 CET	34961	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:04.655564070 CET	53	34961	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:07.334959030 CET	54201	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:07.341478109 CET	53	54201	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:09.974900007 CET	40951	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:09.981178999 CET	53	40951	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:12.616360903 CET	59539	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:12.776524067 CET	53	59539	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:15.412348032 CET	45466	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:15.418716908 CET	53	45466	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:18.056334972 CET	34760	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:18.066983938 CET	53	34760	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:20.694349051 CET	42702	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:20.700608015 CET	53	42702	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:23.368402004 CET	58074	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:23.374560118 CET	53	58074	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:26.005328894 CET	58405	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:26.012105942 CET	53	58405	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:28.647464037 CET	56233	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:28.657726049 CET	53	56233	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:31.288386106 CET	55156	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:31.298844099 CET	53	55156	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:33.927428007 CET	60064	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:33.933805943 CET	53	60064	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:36.568133116 CET	40354	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:36.574604034 CET	53	40354	8.8.8.8	192.168.2.23
Feb 11, 2025 16:17:39.210309029 CET	53100	53	192.168.2.23	8.8.8.8
Feb 11, 2025 16:17:39.220870018 CET	53	53100	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 11, 2025 16:15:36.742966890 CET	192.168.2.23	8.8.8.8	0x3519	Standard query (0)	kittlez.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:15:38.418766975 CET	192.168.2.23	8.8.8.8	0x89b8	Standard query (0)	kittlez.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:15:40.075082064 CET	192.168.2.23	8.8.8.8	0xa8f8	Standard query (0)	kittlez.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:16:27.516406059 CET	192.168.2.23	8.8.8.8	0x1041	Standard query (0)	qittler.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:16:30.197721004 CET	192.168.2.23	8.8.8.8	0x34ca	Standard query (0)	cats-master.ru. [malformed]	256	462	false
Feb 11, 2025 16:16:32.842289925 CET	192.168.2.23	8.8.8.8	0x2d12	Standard query (0)	cats-master.ru. [malformed]	256	464	false
Feb 11, 2025 16:16:35.493585110 CET	192.168.2.23	8.8.8.8	0xed7	Standard query (0)	cuttiecats.ru. [malformed]	256	467	false
Feb 11, 2025 16:16:38.152122021 CET	192.168.2.23	8.8.8.8	0x7d03	Standard query (0)	thekittler.ru. [malformed]	256	470	false
Feb 11, 2025 16:16:40.835016966 CET	192.168.2.23	8.8.8.8	0xbad3	Standard query (0)	kittlerer.ru. [malformed]	256	472	false
Feb 11, 2025 16:16:43.495151997 CET	192.168.2.23	8.8.8.8	0x524f	Standard query (0)	polizei.su. [malformed]	256	475	false
Feb 11, 2025 16:16:46.131829977 CET	192.168.2.23	8.8.8.8	0x6519	Standard query (0)	kittlez.ru. [malformed]	256	478	false
Feb 11, 2025 16:16:48.755338907 CET	192.168.2.23	8.8.8.8	0xbce	Standard query (0)	cats-master.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:16:51.397710085 CET	192.168.2.23	8.8.8.8	0xb131	Standard query (0)	mykittler.ru. [malformed]	256	483	false
Feb 11, 2025 16:16:54.038686037 CET	192.168.2.23	8.8.8.8	0x8e43	Standard query (0)	kittlerer.ru. [malformed]	256	486	false
Feb 11, 2025 16:16:56.698275089 CET	192.168.2.23	8.8.8.8	0x35af	Standard query (0)	cuttiecats.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:16:59.365765095 CET	192.168.2.23	8.8.8.8	0x46db	Standard query (0)	cuttiecats.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:17:02.008181095 CET	192.168.2.23	8.8.8.8	0x64f2	Standard query (0)	kittlez.ru. [malformed]	256	494	false
Feb 11, 2025 16:17:04.649493933 CET	192.168.2.23	8.8.8.8	0xdcf3	Standard query (0)	kittlez.ru. [malformed]	256	496	false
Feb 11, 2025 16:17:07.334959030 CET	192.168.2.23	8.8.8.8	0x131b	Standard query (0)	qittler.ru. [malformed]	256	499	false
Feb 11, 2025 16:17:09.974900007 CET	192.168.2.23	8.8.8.8	0x60cd	Standard query (0)	newkittler.ru. [malformed]	256	501	false
Feb 11, 2025 16:17:12.616360903 CET	192.168.2.23	8.8.8.8	0xe10a	Standard query (0)	kittlez.ru. [malformed]	256	504	false
Feb 11, 2025 16:17:15.412348032 CET	192.168.2.23	8.8.8.8	0xc174	Standard query (0)	kittler.ru. [malformed]	256	507	false
Feb 11, 2025 16:17:18.056334972 CET	192.168.2.23	8.8.8.8	0x2a9e	Standard query (0)	kittlerer.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:17:20.694349051 CET	192.168.2.23	8.8.8.8	0x9a9f	Standard query (0)	cats-master.ru. [malformed]	256	256	false
Feb 11, 2025 16:17:23.368402004 CET	192.168.2.23	8.8.8.8	0x29a4	Standard query (0)	kittler.ru. [malformed]	256	259	false
Feb 11, 2025 16:17:26.005328894 CET	192.168.2.23	8.8.8.8	0x8b51	Standard query (0)	polizei.su. [malformed]	256	262	false
Feb 11, 2025 16:17:28.647464037 CET	192.168.2.23	8.8.8.8	0x9511	Standard query (0)	gokittler.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:17:31.288386106 CET	192.168.2.23	8.8.8.8	0x598d	Standard query (0)	gokittler.ru	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:17:33.927428007 CET	192.168.2.23	8.8.8.8	0xeff1	Standard query (0)	kittler.ru. [malformed]	256	269	false
Feb 11, 2025 16:17:36.568133116 CET	192.168.2.23	8.8.8.8	0x977f	Standard query (0)	qittler.ru. [malformed]	256	272	false
Feb 11, 2025 16:17:39.210309029 CET	192.168.2.23	8.8.8.8	0xcc43	Standard query (0)	mykittler.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Feb 11, 2025 16:15:36.758378029 CET	8.8.8.8	192.168.2.23	0x3519	No error (0)	kittlez.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:15:38.436825991 CET	8.8.8.8	192.168.2.23	0x89b8	No error (0)	kittlez.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:15:40.082087994 CET	8.8.8.8	192.168.2.23	0xa8f8	No error (0)	kittlez.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:16:27.526568890 CET	8.8.8.8	192.168.2.23	0x1041	No error (0)	qittler.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:16:48.765625954 CET	8.8.8.8	192.168.2.23	0xbce	No error (0)	cats-master.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:16:56.708466053 CET	8.8.8.8	192.168.2.23	0x35af	No error (0)	cuttiecats.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:16:59.375544071 CET	8.8.8.8	192.168.2.23	0x46db	No error (0)	cuttiecats.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:17:18.066983938 CET	8.8.8.8	192.168.2.23	0x2a9e	No error (0)	kittlerer.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:17:28.657726049 CET	8.8.8.8	192.168.2.23	0x9511	No error (0)	gokittler.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:17:31.298844099 CET	8.8.8.8	192.168.2.23	0x598d	No error (0)	gokittler.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 11, 2025 16:17:39.220870018 CET	8.8.8.8	192.168.2.23	0xcc43	No error (0)	mykittler.ru	185.93.89.106	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: arm5.elf PID: 6248, Parent PID: 6173

General

Start time (UTC):	15:15:34
Start date (UTC):	11/02/2025
Path:	/tmp/arm5.elf
Arguments:	/tmp/arm5.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

File Activities

File Opened

File Read

File Moved

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Socket Connecting

Chronological Activities

Analysis Process: arm5.elf PID: 6250, Parent PID: 6248

General

Start time (UTC):	15:15:34
Start date (UTC):	11/02/2025
Path:	/tmp/arm5.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Process Activities

Process Forked

Thread Sleep

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: arm5.elf PID: 6252, Parent PID: 6250

General

Start time (UTC):	15:15:34
Start date (UTC):	11/02/2025
Path:	/tmp/arm5.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Thread Sleep

Chronological Activities

Analysis Process: arm5.elf PID: 6254, Parent PID: 6250

General

Start time (UTC):	15:15:35
Start date (UTC):	11/02/2025
Path:	/tmp/arm5.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Process Activities

Prctl Requested

Thread Sleep

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: arm5.elf PID: 6255, Parent PID: 6250

General

Start time (UTC):	15:15:35
Start date (UTC):	11/02/2025
Path:	/tmp/arm5.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

File Activities

File Opened

Directory Enumerated

Process Activities

Signal Sent

Prctl Requested

Thread Sleep

Chronological Activities

Analysis Process: gdm3 PID: 6280, Parent PID: 1320

General

Start time (UTC):	15:15:35
Start date (UTC):	11/02/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: Default PID: 6280, Parent PID: 1320

General

Start time (UTC):	15:15:35
Start date (UTC):	11/02/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: xfce4-session PID: 6281, Parent PID: 1900

General

Start time (UTC):	15:15:35
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: dash PID: 6285, Parent PID: 4331

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6285, Parent PID: 4331

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.mN01bNIyH2 /tmp/tmp.GUsQp5IN0q /tmp/tmp.xJzRNdQozn
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gdm3 PID: 6286, Parent PID: 1320

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: Default PID: 6286, Parent PID: 1320

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: dash PID: 6287, Parent PID: 4331

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6287, Parent PID: 4331

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.mN01bNIyH2 /tmp/tmp.GUsQp5IN0q /tmp/tmp.xJzRNdQozn
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

File Activities

File Opened

File Deleted

File Read

Chronological Activities

Analysis Process: xfce4-session PID: 6288, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: xfce4-session PID: 6289, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6289, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/rm
Arguments:	rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

File Activities

File Opened

Chronological Activities

Analysis Process: xfce4-session PID: 6290, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: xfdesktop PID: 6290, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfdesktop
Arguments:	xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
File size:	473520 bytes
MD5 hash:	dfb13e1581f80065dcea16f2476f16f2

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: xfce4-session PID: 6292, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: xfce4-panel PID: 6292, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-panel
Arguments:	xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: xfce4-session PID: 6294, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: xfce4-session PID: 6295, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: xfce4-session PID: 6296, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: xfdesktop PID: 6296, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfdesktop
Arguments:	xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
File size:	473520 bytes
MD5 hash:	dfb13e1581f80065dcea16f2476f16f2

File Activities

File Opened

Chronological Activities

Analysis Process: xfce4-session PID: 6298, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: xfce4-panel PID: 6298, Parent PID: 1900

General

Start time (UTC):	15:15:36
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-panel
Arguments:	xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

File Activities

File Opened

Chronological Activities

Analysis Process: xfce4-session PID: 6300, Parent PID: 1900

General

Start time (UTC):	15:15:37
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: xfwm4 PID: 6300, Parent PID: 1900

General

Start time (UTC):	15:15:37
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfwm4
Arguments:	xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
File size:	420424 bytes
MD5 hash:	59defa3c00cc30d85ed77b738d55e9da

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: xfce4-session PID: 6302, Parent PID: 1900

General

Start time (UTC):	15:15:37
Start date (UTC):	11/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report arm5.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: arm5.elf PID: 6248, Parent PID: 6173

General

File Activities

File Opened

File Read

File Moved

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Socket Connecting

Chronological Activities

Analysis Process: arm5.elf PID: 6250, Parent PID: 6248

General

Linux Analysis Report
arm5.elf