Edit tour

Linux Analysis Report
kworker.elf

Overview

General Information

Sample name:kworker.elf
Analysis ID:1641113
MD5:4f376b4a0f8ceebe4237c5509996be49
SHA1:8e8aac1e95220dc2421aebf9dbcad4865bfeb60b
SHA256:a7cb11dd46b3c940a2e7a620f0f32cbabd885cb80b62c330fbbda577d95cfb2f
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1641113
Start date and time:2025-03-18 03:13:33 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 45s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:kworker.elf
Detection:MAL
Classification:mal48.linELF@0/0@2/0
Command:/tmp/kworker.elf
PID:5427
Exit Code:
Exit Code Info:
Killed:True
Standard Output:

Standard Error:
  • system is lnxubuntu20
  • kworker.elf (PID: 5427, Parent: 5353, MD5: 4f376b4a0f8ceebe4237c5509996be49) Arguments: /tmp/kworker.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: kworker.elfVirustotal: Detection: 18%Perma Link
Source: kworker.elfReversingLabs: Detection: 22%
Source: global trafficTCP traffic: 192.168.2.13:59014 -> 198.98.48.4:55689
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: unknownTCP traffic detected without corresponding DNS query: 198.98.48.4
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
Source: LOAD without section mappingsProgram segment: 0x400000
Source: classification engineClassification label: mal48.linELF@0/0@2/0
Source: kworker.elfSubmission file: segment LOAD with 7.6408 entropy (max. 8.0)
Source: kworker.elfSubmission file: segment LOAD with 7.9204 entropy (max. 8.0)
Source: /tmp/kworker.elf (PID: 5427)Queries kernel information via 'uname': Jump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1641113 Sample: kworker.elf Startdate: 18/03/2025 Architecture: LINUX Score: 48 8 198.98.48.4, 55689, 59014, 59016 PONYNETUS United States 2->8 10 daisy.ubuntu.com 2->10 12 Multi AV Scanner detection for submitted file 2->12 6 kworker.elf 2->6         started        signatures3 process4

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
kworker.elf18%VirustotalBrowse
kworker.elf22%ReversingLabsLinux.Trojan.VShell
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.24
truefalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    198.98.48.4
    unknownUnited States
    53667PONYNETUSfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    198.98.48.4har.elfGet hashmaliciousUnknownBrowse
    • 198.98.48.4:3232/ws
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    daisy.ubuntu.comsync.arm6.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    sync.arm5.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    .i.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    gigab.arm5.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    sync.x86.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    resgod.x86.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.24
    gigab.ppc.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    sshd.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    .i.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    .i.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    PONYNETUSarm.elfGet hashmaliciousMiraiBrowse
    • 107.189.4.201
    mpsl.elfGet hashmaliciousMiraiBrowse
    • 107.189.4.201
    arm7.elfGet hashmaliciousMiraiBrowse
    • 107.189.4.201
    Q3N5HdmTIp.exeGet hashmaliciousUnknownBrowse
    • 107.189.1.160
    Space.m68k.elfGet hashmaliciousMiraiBrowse
    • 209.141.59.9
    Space.x86.elfGet hashmaliciousUnknownBrowse
    • 209.141.59.9
    Space.ppc.elfGet hashmaliciousUnknownBrowse
    • 209.141.59.9
    Space.i686.elfGet hashmaliciousUnknownBrowse
    • 209.141.59.9
    Space.sh4.elfGet hashmaliciousUnknownBrowse
    • 209.141.59.9
    boatnet.mips.elfGet hashmaliciousMiraiBrowse
    • 209.141.36.93
    No context
    No context
    No created / dropped files found
    File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
    Entropy (8bit):7.920396771324358
    TrID:
    • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
    • ELF Executable and Linkable format (generic) (4004/1) 49.84%
    File name:kworker.elf
    File size:2'877'348 bytes
    MD5:4f376b4a0f8ceebe4237c5509996be49
    SHA1:8e8aac1e95220dc2421aebf9dbcad4865bfeb60b
    SHA256:a7cb11dd46b3c940a2e7a620f0f32cbabd885cb80b62c330fbbda577d95cfb2f
    SHA512:499325235e2a66856adef4c7978c61303ab8f0e2767ea2654e81a0ac6bb88cfb4cbe5579fc8be7400cf1f720835e37085a135591c41b8f773d73cd8ac4cb4b38
    SSDEEP:49152:nM/6zyU33rlPEvfJ5owG2PnfWrjppt9Jumc/hlGLKV2uS3CtPD1:M693rlPefrG2PfWjp/5c/lV2LStp
    TLSH:67D533F36DC107A1D3F52B9ED39A4EF0E9D25A5310401AF1E64F0AC86EFBB715262216
    File Content Preview:.ELF..............>.....P\......@...................@.8...........................@.......@..............~{.............................................+.+.....+.+.............Q.td.......................................................<;Sg!..........x...=

    ELF header

    Class:ELF64
    Data:2's complement, little endian
    Version:1 (current)
    Machine:Advanced Micro Devices X86-64
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0xe75c50
    Flags:0x0
    ELF Header Size:64
    Program Header Offset:64
    Program Header Size:56
    Number of Program Headers:3
    Section Header Offset:0
    Section Header Size:0
    Number of Section Headers:0
    Header String Table Index:0
    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x4000000x4000000x10000x7b7e107.64080x6RW 0x1000
    LOAD0x00xbb80000xbb80000x2be72b0x2be72b7.92040x5R E0x1000
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

    Download Network PCAP: filteredfull

    • Total Packets: 122
    • 55689 undefined
    • 53 (DNS)
    TimestampSource PortDest PortSource IPDest IP
    Mar 18, 2025 03:14:20.994884014 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:20.999619007 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:20.999686003 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:21.000355959 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:21.001588106 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:21.002970934 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:21.004174948 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:21.005101919 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:21.006287098 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:21.007658958 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:21.008915901 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:21.472961903 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:21.473120928 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:21.475464106 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:21.476603031 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:21.480109930 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:21.481292963 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.531662941 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.531750917 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.534518957 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.535680056 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.539176941 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.540366888 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.636445045 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.636594057 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.639621973 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.641016006 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.644263029 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.645709038 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.920342922 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.926038980 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.926563025 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.931005001 CET5568959014198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.931058884 CET5901455689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.931210995 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.931257963 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.932161093 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.933907986 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.935830116 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.936784983 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.937483072 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:22.938529968 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.940525055 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:22.942167997 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.406435013 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.406712055 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.410409927 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.412375927 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.415110111 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.417011976 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.937514067 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.937783957 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.941461086 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.943424940 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.945441008 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.946121931 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.948101044 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.950171947 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.950222969 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.951181889 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.953164101 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.955080032 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.955836058 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.957112074 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:23.957855940 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.959801912 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:23.961860895 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.424384117 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.424525023 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.428256035 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.430027008 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.432858944 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.434715033 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.974462032 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.974592924 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.978276014 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.979939938 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.982343912 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.983043909 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.984529018 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.984652996 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.986515999 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.987060070 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.988277912 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:24.989248991 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.991266966 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:24.992933035 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:25.080617905 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:25.080709934 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:25.087560892 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:25.089288950 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:25.091475964 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:25.092214108 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:25.093375921 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:25.093944073 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:25.096092939 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:25.098084927 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:25.184815884 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:25.225313902 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:29.982573032 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:29.984647036 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:29.986453056 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:29.987303019 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:29.988545895 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:29.989223003 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:29.991041899 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:29.993177891 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:30.101485968 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:30.101658106 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:34.983190060 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:34.985963106 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:34.988109112 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:34.988300085 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:34.990586996 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:34.990601063 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:34.992943048 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:34.995269060 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:35.081506014 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:35.081605911 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:35.089648008 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:35.092097998 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:35.094266891 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:35.094315052 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:35.096013069 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:35.096744061 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:35.098928928 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:35.100709915 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:35.173865080 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:35.173938036 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:38.977262974 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:38.982068062 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:39.982696056 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:39.984673023 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:39.986531019 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:39.987479925 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:39.988522053 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:39.989351034 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:39.991281986 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:39.993225098 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:40.101634979 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:40.101811886 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:44.983057976 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:44.984935045 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:44.986892939 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:44.987795115 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:44.988759041 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:44.989588976 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:44.991588116 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:44.993392944 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:45.080879927 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:45.081012011 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:45.087951899 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:45.090146065 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:45.092178106 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:45.092622042 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:45.094039917 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:45.094788074 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:45.096910954 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:45.098731995 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:45.173155069 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:45.173324108 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:49.983717918 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:49.986717939 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:49.988605976 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:49.989850044 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:49.991400957 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:49.992603064 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:49.994607925 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:49.997309923 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:50.117639065 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:50.117729902 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:50.215779066 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:50.215904951 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:54.017271042 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:54.022046089 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:54.983073950 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:54.985668898 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:54.987832069 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:54.988326073 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:54.990396023 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:54.990755081 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:54.993036985 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:54.995400906 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:55.080812931 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:55.080935001 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:55.082818985 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:55.082859039 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:55.091193914 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:55.094017982 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:55.095935106 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:55.096201897 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:55.098469019 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:55.098691940 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:55.100855112 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:55.103075027 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:55.173257113 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:55.217307091 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:59.983378887 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:59.985748053 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:59.988142967 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:59.988183022 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:59.990489960 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:14:59.990541935 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:59.994023085 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:14:59.995496035 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:00.117762089 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:00.117924929 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:04.983098030 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:04.985008001 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:04.986807108 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:04.987868071 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:04.988586903 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:04.989644051 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:04.991550922 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:04.993292093 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:05.080960035 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:05.081047058 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:05.082062960 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:05.082113981 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:05.088592052 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:05.090424061 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:05.092330933 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:05.093244076 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:05.094172955 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:05.095063925 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:05.096946955 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:05.098891020 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:05.173301935 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:05.173367977 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:06.011140108 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:06.011157990 CET5901655689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:06.016036987 CET5568959018198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:06.016077042 CET5901855689192.168.2.13198.98.48.4
    Mar 18, 2025 03:15:06.016433954 CET5568959016198.98.48.4192.168.2.13
    Mar 18, 2025 03:15:06.016488075 CET5901655689192.168.2.13198.98.48.4
    TimestampSource PortDest PortSource IPDest IP
    Mar 18, 2025 03:17:07.607614040 CET5808153192.168.2.138.8.8.8
    Mar 18, 2025 03:17:07.607670069 CET4217553192.168.2.138.8.8.8
    Mar 18, 2025 03:17:07.613643885 CET53580818.8.8.8192.168.2.13
    Mar 18, 2025 03:17:07.613925934 CET53421758.8.8.8192.168.2.13
    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Mar 18, 2025 03:17:07.607614040 CET192.168.2.138.8.8.80x2bffStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
    Mar 18, 2025 03:17:07.607670069 CET192.168.2.138.8.8.80x305cStandard query (0)daisy.ubuntu.com28IN (0x0001)false
    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Mar 18, 2025 03:17:07.613643885 CET8.8.8.8192.168.2.130x2bffNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
    Mar 18, 2025 03:17:07.613643885 CET8.8.8.8192.168.2.130x2bffNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

    System Behavior

    Start time (UTC):02:14:19
    Start date (UTC):18/03/2025
    Path:/tmp/kworker.elf
    Arguments:/tmp/kworker.elf
    File size:2877348 bytes
    MD5 hash:4f376b4a0f8ceebe4237c5509996be49