Edit tour

Linux Analysis Report
sync.x86_64.elf

Overview

General Information

Sample name:	sync.x86_64.elf
Analysis ID:	1642611
MD5:	e939e62e1ce131e61880337553176627
SHA1:	fc2ec6db32115de7eda4e40ccbf9533a2848e3df
SHA256:	5a7ef198e52f919f25fc13cf2e1624eb454e16262ff5d24d2d4d14f72dad6335
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	72
Range:	0 - 100

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Performs DNS TXT record lookups

Sample deletes itself

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sleeps for long times indicative of sandbox evasion

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1642611
Start date and time:	2025-03-19 08:47:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	sync.x86_64.elf
Detection:	MAL
Classification:	mal72.evad.linELF@0/0@79/0

Runtime Messages

Command:	/tmp/sync.x86_64.elf
PID:	6229
Exit Code:	1
Exit Code Info:
Killed:	False
Standard Output:	sync
Standard Error:

Process Tree

system is lnxubuntu20

sync.x86_64.elf (PID: 6229, Parent: 6152, MD5: e939e62e1ce131e61880337553176627) Arguments: /tmp/sync.x86_64.elf

sync.x86_64.elf New Fork (PID: 6230, Parent: 6229)

sync.x86_64.elf New Fork (PID: 6231, Parent: 6230)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
sync.x86_64.elf	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x8308:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
sync.x86_64.elf	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x8b23:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
sync.x86_64.elf	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x6312:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0xa32c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
sync.x86_64.elf	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xb12e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
sync.x86_64.elf	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x86e3:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
sync.x86_64.elf	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x89ae:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
Click to see the 1 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6229.1.0000000000400000.000000000040e000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x8308:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
6229.1.0000000000400000.000000000040e000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x8b23:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
6229.1.0000000000400000.000000000040e000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x6312:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0xa32c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
6229.1.0000000000400000.000000000040e000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xb12e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
6229.1.0000000000400000.000000000040e000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x86e3:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
6229.1.0000000000400000.000000000040e000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x89ae:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
Click to see the 1 entries

Suricata Signatures

ET MALWARE Potential DNS Command and Control via TXT queries

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-19T08:48:37.666549+0100	2013514	1	A Network Trojan was detected	192.168.2.23	38767	1.1.1.1	53	UDP

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• HIPS / PFW / Operating System Protection Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: sync.x86_64.elf

ReversingLabs: Detection: 47%

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.23:38767 -> 1.1.1.1:53

Source: global traffic

TCP traffic: 192.168.2.23:41000 -> 185.194.205.79:61005

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown

DNS traffic detected: query: dnsresolve.socialgains.cf replaycode: Name error (3)

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.205.79

Source: global traffic

DNS traffic detected: DNS query: dnsresolve.socialgains.cf

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: sync.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.000000000040e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16

Source: classification engine

Classification label: mal72.evad.linELF@0/0@79/0

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/sync.x86_64.elf (PID: 6229)

File: /tmp/sync.x86_64.elf

Jump to behavior

Source: /tmp/sync.x86_64.elf (PID: 6231)	Sleeps longer then 60s: 60.0s			Jump to behavior
Source: /tmp/sync.x86_64.elf (PID: 6231)	Sleeps longer then 60s: 60.0s			Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Performs DNS TXT record lookups

Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
sync.x86_64.elf	47%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dnsresolve.socialgains.cf	unknown	unknown	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.194.205.79	unknown	France	204145	HTSENSEFR	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.194.205.79	sync.m68k.elf	Get hash	malicious	Mirai	Browse
	sync.mipsel.elf	Get hash	malicious	Unknown	Browse
	sync.arm5.elf	Get hash	malicious	Unknown	Browse
	sync.arm7.elf	Get hash	malicious	Unknown	Browse
	sync.sparc.elf	Get hash	malicious	Unknown	Browse
	sync.powerpc.elf	Get hash	malicious	Unknown	Browse
	sync.superh.elf	Get hash	malicious	Unknown	Browse
	sync.sh4.elf	Get hash	malicious	Unknown	Browse
	sync.arm7.elf	Get hash	malicious	Unknown	Browse
	sync.arm5.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	na.elf	Get hash	malicious	Prometei	Browse
	sync.m68k.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	sync.powerpc.elf	Get hash	malicious	Unknown	Browse
	sync.arm6.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
91.189.91.42	na.elf	Get hash	malicious	Prometei	Browse
	sync.m68k.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	sync.powerpc.elf	Get hash	malicious	Unknown	Browse
	sync.arm6.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sync.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sync.mipsel.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sync.powerpc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sync.arm6.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
CANONICAL-ASGB	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sync.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sync.mipsel.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sync.powerpc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sync.arm6.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
HTSENSEFR	sync.m68k.elf	Get hash	malicious	Mirai	Browse	185.194.205.79
	sync.mipsel.elf	Get hash	malicious	Unknown	Browse	185.194.205.79
	sync.arm5.elf	Get hash	malicious	Unknown	Browse	185.194.205.79
	sync.arm7.elf	Get hash	malicious	Unknown	Browse	185.194.205.79
	sync.sparc.elf	Get hash	malicious	Unknown	Browse	185.194.205.79
	sync.powerpc.elf	Get hash	malicious	Unknown	Browse	185.194.205.79
	sync.superh.elf	Get hash	malicious	Unknown	Browse	185.194.205.79
	sync.sh4.elf	Get hash	malicious	Unknown	Browse	185.194.205.79
	sync.arm7.elf	Get hash	malicious	Unknown	Browse	185.194.205.79
	sync.arm5.elf	Get hash	malicious	Unknown	Browse	185.194.205.79
INIT7CH	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	sync.m68k.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	sync.powerpc.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	sync.arm6.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.286435804414477
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	sync.x86_64.elf
File size:	56'816 bytes
MD5:	e939e62e1ce131e61880337553176627
SHA1:	fc2ec6db32115de7eda4e40ccbf9533a2848e3df
SHA256:	5a7ef198e52f919f25fc13cf2e1624eb454e16262ff5d24d2d4d14f72dad6335
SHA512:	2c9a2bc3e5220ea91cc3547ac328dc6cd07a96d0bedab808718088321e927606e0e6703ec5ac24d005eaa6666ea0cfd2513b88c86c6b50e640a8abf8a19ef918
SSDEEP:	768:eUwOpOCYdbgvZ6jrmJpYndcm07+MlkflLZilmusOJDSkhaytbX0C3CkAG+I6DgS:Twuf8MR6jXdcD7+Ml4lYmDrOtbX7l+B
TLSH:	4C436C532251C0FCCAA5C2B80A6FF236E12371BC1124B22BB7E4FF566E99D361E5E154
File Content Preview:	.ELF..............>.......@.....@.......p...........@.8...@.......................@.......@...............................................P.......P.....8.......p...............Q.td....................................................H...._........H........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	56176
Section Header Size:	64
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	1
.text	PROGBITS	0x400100	0x100	0xb4b6	0x0	0x6	AX	16
.fini	PROGBITS	0x40b5b6	0xb5b6	0xe	0x0	0x6	AX	1
.rodata	PROGBITS	0x40b5e0	0xb5e0	0x2010	0x0	0x2	A	32
.ctors	PROGBITS	0x50d5f8	0xd5f8	0x10	0x0	0x3	WA	8
.dtors	PROGBITS	0x50d608	0xd608	0x10	0x0	0x3	WA	8
.data	PROGBITS	0x50d620	0xd620	0x510	0x0	0x3	WA	32
.bss	NOBITS	0x50db40	0xdb30	0xec28	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0xdb30	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xd5f0	0xd5f0	6.3720	0x5	R E	0x100000	.init .text .fini .rodata
LOAD	0xd5f8	0x50d5f8	0x50d5f8	0x538	0xf170	2.8674	0x6	RW	0x100000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-19T08:48:37.666549+0100	2013514	ET MALWARE Potential DNS Command and Control via TXT queries	1	192.168.2.23	38767	1.1.1.1	53	UDP

Network Port Distribution

Total Packets: 149
• 61005 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 19, 2025 08:48:03.130445004 CET	43928	443	192.168.2.23	91.189.91.42
Mar 19, 2025 08:48:08.761603117 CET	42836	443	192.168.2.23	91.189.91.43
Mar 19, 2025 08:48:09.529576063 CET	42516	80	192.168.2.23	109.202.202.202
Mar 19, 2025 08:48:09.747109890 CET	41000	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:09.752152920 CET	61005	41000	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:09.752214909 CET	41000	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:09.752233028 CET	41000	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:09.756863117 CET	61005	41000	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:11.564630985 CET	61005	41000	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:11.564836979 CET	41000	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:11.570462942 CET	61005	41000	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:17.667474031 CET	41002	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:17.672662973 CET	61005	41002	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:17.672753096 CET	41002	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:17.672810078 CET	41002	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:17.677560091 CET	61005	41002	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:19.473196030 CET	61005	41002	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:19.473599911 CET	41002	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:19.478256941 CET	61005	41002	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:24.631607056 CET	43928	443	192.168.2.23	91.189.91.42
Mar 19, 2025 08:48:25.805093050 CET	41004	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:25.810014963 CET	61005	41004	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:25.810108900 CET	41004	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:25.810169935 CET	41004	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:25.814858913 CET	61005	41004	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:27.579771042 CET	61005	41004	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:27.580230951 CET	41004	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:27.585052967 CET	61005	41004	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:33.712407112 CET	41006	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:33.717233896 CET	61005	41006	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:33.717329025 CET	41006	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:33.717329025 CET	41006	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:33.722110033 CET	61005	41006	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:34.870035887 CET	42836	443	192.168.2.23	91.189.91.43
Mar 19, 2025 08:48:35.521801949 CET	61005	41006	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:35.522022009 CET	41006	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:35.526669979 CET	61005	41006	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:38.965421915 CET	42516	80	192.168.2.23	109.202.202.202
Mar 19, 2025 08:48:41.844696045 CET	41008	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:41.849474907 CET	61005	41008	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:41.849648952 CET	41008	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:41.849680901 CET	41008	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:41.854345083 CET	61005	41008	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:41.854451895 CET	41008	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:41.859155893 CET	61005	41008	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:43.627206087 CET	61005	41008	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:43.627371073 CET	41008	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:43.632128954 CET	61005	41008	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:49.763262033 CET	41010	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:49.768075943 CET	61005	41010	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:49.768222094 CET	41010	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:49.768256903 CET	41010	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:49.772914886 CET	61005	41010	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:51.550158024 CET	61005	41010	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:51.550458908 CET	41010	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:51.555300951 CET	61005	41010	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:57.894515038 CET	41012	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:57.899641991 CET	61005	41012	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:57.899776936 CET	41012	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:57.899811983 CET	41012	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:57.905196905 CET	61005	41012	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:59.674185991 CET	61005	41012	185.194.205.79	192.168.2.23
Mar 19, 2025 08:48:59.674532890 CET	41012	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:48:59.679279089 CET	61005	41012	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:05.585797071 CET	43928	443	192.168.2.23	91.189.91.42
Mar 19, 2025 08:49:06.203002930 CET	41014	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:06.207828999 CET	61005	41014	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:06.207962990 CET	41014	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:06.207962990 CET	41014	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:06.212647915 CET	61005	41014	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:07.972070932 CET	61005	41014	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:07.972326994 CET	41014	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:07.977159977 CET	61005	41014	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:14.489597082 CET	41016	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:14.497185946 CET	61005	41016	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:14.497330904 CET	41016	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:14.497351885 CET	41016	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:14.503809929 CET	61005	41016	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:14.503896952 CET	41016	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:14.511559963 CET	61005	41016	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:16.285134077 CET	61005	41016	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:16.285487890 CET	41016	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:16.290304899 CET	61005	41016	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:22.731436014 CET	41018	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:22.736259937 CET	61005	41018	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:22.736354113 CET	41018	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:22.736391068 CET	41018	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:22.741175890 CET	61005	41018	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:24.505454063 CET	61005	41018	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:24.505852938 CET	41018	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:24.510974884 CET	61005	41018	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:30.821099043 CET	41020	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:30.826852083 CET	61005	41020	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:30.826935053 CET	41020	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:30.826963902 CET	41020	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:30.832182884 CET	61005	41020	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:32.629143000 CET	61005	41020	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:32.629314899 CET	41020	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:32.634083986 CET	61005	41020	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:38.855843067 CET	41022	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:38.860857964 CET	61005	41022	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:38.861012936 CET	41022	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:38.861027956 CET	41022	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:38.865720034 CET	61005	41022	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:40.628526926 CET	61005	41022	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:40.628972054 CET	41022	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:40.633958101 CET	61005	41022	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:46.950712919 CET	41024	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:46.955960989 CET	61005	41024	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:46.956060886 CET	41024	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:46.956104994 CET	41024	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:46.960800886 CET	61005	41024	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:46.960865974 CET	41024	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:46.965675116 CET	61005	41024	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:48.722425938 CET	61005	41024	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:48.722717047 CET	41024	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:48.727540970 CET	61005	41024	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:55.100595951 CET	41026	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:55.105356932 CET	61005	41026	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:55.105462074 CET	41026	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:55.105485916 CET	41026	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:55.110963106 CET	61005	41026	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:56.894104004 CET	61005	41026	185.194.205.79	192.168.2.23
Mar 19, 2025 08:49:56.894387960 CET	41026	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:49:56.899130106 CET	61005	41026	185.194.205.79	192.168.2.23
Mar 19, 2025 08:50:03.024138927 CET	41028	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:50:03.029810905 CET	61005	41028	185.194.205.79	192.168.2.23
Mar 19, 2025 08:50:03.029927969 CET	41028	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:50:03.029964924 CET	41028	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:50:03.034838915 CET	61005	41028	185.194.205.79	192.168.2.23
Mar 19, 2025 08:50:04.803268909 CET	61005	41028	185.194.205.79	192.168.2.23
Mar 19, 2025 08:50:04.803536892 CET	41028	61005	192.168.2.23	185.194.205.79
Mar 19, 2025 08:50:04.808187962 CET	61005	41028	185.194.205.79	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 19, 2025 08:48:04.605710983 CET	37831	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:04.638267040 CET	53	37831	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:05.639931917 CET	35510	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:05.668294907 CET	53	35510	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:06.669682980 CET	53913	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:06.684730053 CET	53	53913	8.8.8.8	192.168.2.23
Mar 19, 2025 08:48:07.686773062 CET	52236	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:07.715429068 CET	53	52236	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:08.717263937 CET	43009	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:08.745457888 CET	53	43009	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:12.566644907 CET	35025	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:12.581796885 CET	53	35025	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:13.583683968 CET	55626	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:13.600351095 CET	53	55626	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:14.602588892 CET	47089	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:14.617536068 CET	53	47089	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:15.620223999 CET	46491	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:48:15.646120071 CET	53	46491	1.1.1.1	192.168.2.23
Mar 19, 2025 08:48:16.649076939 CET	39183	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:16.665005922 CET	53	39183	8.8.8.8	192.168.2.23
Mar 19, 2025 08:48:20.476660967 CET	35770	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:48:20.583995104 CET	53	35770	1.0.0.1	192.168.2.23
Mar 19, 2025 08:48:21.587522030 CET	49320	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:21.602334023 CET	53	49320	8.8.8.8	192.168.2.23
Mar 19, 2025 08:48:22.605321884 CET	32979	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:22.620640039 CET	53	32979	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:23.623660088 CET	40518	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:23.782687902 CET	53	40518	8.8.8.8	192.168.2.23
Mar 19, 2025 08:48:24.786350012 CET	34166	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:24.802361012 CET	53	34166	8.8.8.8	192.168.2.23
Mar 19, 2025 08:48:28.583009005 CET	37415	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:48:28.607367039 CET	53	37415	1.1.1.1	192.168.2.23
Mar 19, 2025 08:48:29.609879017 CET	40628	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:29.625273943 CET	53	40628	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:30.627511978 CET	59554	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:48:30.651973963 CET	53	59554	1.0.0.1	192.168.2.23
Mar 19, 2025 08:48:31.654465914 CET	41528	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:48:31.679142952 CET	53	41528	1.1.1.1	192.168.2.23
Mar 19, 2025 08:48:32.681586027 CET	52459	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:32.710241079 CET	53	52459	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:36.524976969 CET	53976	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:48:36.663484097 CET	53	53976	1.0.0.1	192.168.2.23
Mar 19, 2025 08:48:37.666548967 CET	38767	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:48:37.788336992 CET	53	38767	1.1.1.1	192.168.2.23
Mar 19, 2025 08:48:38.791229010 CET	45410	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:38.806847095 CET	53	45410	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:39.808737040 CET	44168	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:39.825077057 CET	53	44168	8.8.8.8	192.168.2.23
Mar 19, 2025 08:48:40.827061892 CET	53783	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:40.842726946 CET	53	53783	8.8.8.8	192.168.2.23
Mar 19, 2025 08:48:44.630014896 CET	58491	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:48:44.656486988 CET	53	58491	1.1.1.1	192.168.2.23
Mar 19, 2025 08:48:45.658869028 CET	44835	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:48:45.684196949 CET	53	44835	1.1.1.1	192.168.2.23
Mar 19, 2025 08:48:46.686834097 CET	40752	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:48:46.713011026 CET	53	40752	1.1.1.1	192.168.2.23
Mar 19, 2025 08:48:47.714997053 CET	35501	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:48:47.729727983 CET	53	35501	8.8.4.4	192.168.2.23
Mar 19, 2025 08:48:48.732383966 CET	50391	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:48.761290073 CET	53	50391	8.8.8.8	192.168.2.23
Mar 19, 2025 08:48:52.552553892 CET	55697	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:48:52.577157974 CET	53	55697	1.0.0.1	192.168.2.23
Mar 19, 2025 08:48:53.579061031 CET	40141	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:48:53.701169968 CET	53	40141	1.1.1.1	192.168.2.23
Mar 19, 2025 08:48:54.704623938 CET	60414	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:48:54.845716953 CET	53	60414	1.0.0.1	192.168.2.23
Mar 19, 2025 08:48:55.849344015 CET	44908	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:55.866839886 CET	53	44908	8.8.8.8	192.168.2.23
Mar 19, 2025 08:48:56.869492054 CET	57618	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:48:56.892488956 CET	53	57618	8.8.8.8	192.168.2.23
Mar 19, 2025 08:49:00.677386045 CET	40929	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:00.814676046 CET	53	40929	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:01.817854881 CET	47385	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:01.923752069 CET	53	47385	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:02.926712990 CET	34242	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:03.046031952 CET	53	34242	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:04.050473928 CET	47710	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:04.076690912 CET	53	47710	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:05.079425097 CET	44192	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:05.201030016 CET	53	44192	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:08.974719048 CET	33635	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:49:08.990969896 CET	53	33635	8.8.4.4	192.168.2.23
Mar 19, 2025 08:49:09.994390965 CET	54310	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:10.114635944 CET	53	54310	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:11.116950989 CET	35761	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:49:11.336961985 CET	53	35761	8.8.4.4	192.168.2.23
Mar 19, 2025 08:49:12.339263916 CET	38127	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:12.460315943 CET	53	38127	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:13.462558031 CET	33661	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:13.487585068 CET	53	33661	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:17.288260937 CET	48973	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:17.312901974 CET	53	48973	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:18.315871954 CET	45489	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:18.435117960 CET	53	45489	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:19.437973976 CET	56914	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:19.558959961 CET	53	56914	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:20.561593056 CET	57511	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:49:20.593116999 CET	53	57511	8.8.8.8	192.168.2.23
Mar 19, 2025 08:49:21.595092058 CET	46759	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:21.729749918 CET	53	46759	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:25.508735895 CET	43100	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:49:25.524247885 CET	53	43100	8.8.4.4	192.168.2.23
Mar 19, 2025 08:49:26.527160883 CET	59570	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:26.629156113 CET	53	59570	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:27.632441998 CET	39710	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:49:27.647365093 CET	53	39710	8.8.4.4	192.168.2.23
Mar 19, 2025 08:49:28.649940014 CET	38445	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:49:28.678529024 CET	53	38445	8.8.8.8	192.168.2.23
Mar 19, 2025 08:49:29.681694984 CET	45516	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:29.818943024 CET	53	45516	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:33.631985903 CET	33968	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:49:33.664458990 CET	53	33968	8.8.4.4	192.168.2.23
Mar 19, 2025 08:49:34.666867018 CET	34381	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:49:34.682251930 CET	53	34381	8.8.8.8	192.168.2.23
Mar 19, 2025 08:49:35.684866905 CET	49377	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:35.709124088 CET	53	49377	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:36.711015940 CET	35013	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:49:36.728077888 CET	53	35013	8.8.4.4	192.168.2.23
Mar 19, 2025 08:49:37.729721069 CET	40136	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:37.854268074 CET	53	40136	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:41.632230997 CET	57262	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:41.663239002 CET	53	57262	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:42.666168928 CET	50920	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:42.787257910 CET	53	50920	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:43.790510893 CET	37525	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:43.816864014 CET	53	37525	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:44.819881916 CET	40700	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:49:44.834822893 CET	53	40700	8.8.8.8	192.168.2.23
Mar 19, 2025 08:49:45.837764978 CET	42065	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:45.948385954 CET	53	42065	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:49.724466085 CET	55757	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:49.861443043 CET	53	55757	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:50.864392996 CET	37349	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:51.022062063 CET	53	37349	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:52.025156021 CET	57495	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:49:52.051256895 CET	53	57495	8.8.4.4	192.168.2.23
Mar 19, 2025 08:49:53.054497004 CET	33898	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:49:53.079587936 CET	53	33898	1.1.1.1	192.168.2.23
Mar 19, 2025 08:49:54.082209110 CET	43574	53	192.168.2.23	8.8.4.4
Mar 19, 2025 08:49:54.098892927 CET	53	43574	8.8.4.4	192.168.2.23
Mar 19, 2025 08:49:57.897433043 CET	40894	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:49:57.921873093 CET	53	40894	1.0.0.1	192.168.2.23
Mar 19, 2025 08:49:58.924354076 CET	42879	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:49:58.940360069 CET	53	42879	8.8.8.8	192.168.2.23
Mar 19, 2025 08:49:59.942660093 CET	44097	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:49:59.957710981 CET	53	44097	8.8.8.8	192.168.2.23
Mar 19, 2025 08:50:00.960279942 CET	55573	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:50:00.989021063 CET	53	55573	8.8.8.8	192.168.2.23
Mar 19, 2025 08:50:01.992511034 CET	41220	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:50:02.021416903 CET	53	41220	8.8.8.8	192.168.2.23
Mar 19, 2025 08:50:05.806417942 CET	51237	53	192.168.2.23	8.8.8.8
Mar 19, 2025 08:50:05.821243048 CET	53	51237	8.8.8.8	192.168.2.23
Mar 19, 2025 08:50:06.823811054 CET	42281	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:50:06.943214893 CET	53	42281	1.0.0.1	192.168.2.23
Mar 19, 2025 08:50:07.946310043 CET	48617	53	192.168.2.23	1.0.0.1
Mar 19, 2025 08:50:08.068707943 CET	53	48617	1.0.0.1	192.168.2.23
Mar 19, 2025 08:50:09.071116924 CET	49137	53	192.168.2.23	1.1.1.1
Mar 19, 2025 08:50:09.096609116 CET	53	49137	1.1.1.1	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 19, 2025 08:48:04.605710983 CET	192.168.2.23	8.8.4.4	0xd0fb	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:05.639931917 CET	192.168.2.23	8.8.4.4	0xd0fb	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:06.669682980 CET	192.168.2.23	8.8.8.8	0xd0fb	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:07.686773062 CET	192.168.2.23	8.8.4.4	0xd0fb	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:08.717263937 CET	192.168.2.23	8.8.4.4	0xd0fb	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:12.566644907 CET	192.168.2.23	8.8.4.4	0x65b	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:13.583683968 CET	192.168.2.23	8.8.4.4	0x65b	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:14.602588892 CET	192.168.2.23	8.8.4.4	0x65b	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:15.620223999 CET	192.168.2.23	1.1.1.1	0x65b	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:16.649076939 CET	192.168.2.23	8.8.8.8	0x65b	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:20.476660967 CET	192.168.2.23	1.0.0.1	0x8017	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:21.587522030 CET	192.168.2.23	8.8.8.8	0x8017	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:22.605321884 CET	192.168.2.23	8.8.4.4	0x8017	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:23.623660088 CET	192.168.2.23	8.8.8.8	0x8017	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:24.786350012 CET	192.168.2.23	8.8.8.8	0x8017	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:28.583009005 CET	192.168.2.23	1.1.1.1	0xe401	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:29.609879017 CET	192.168.2.23	8.8.4.4	0xe401	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:30.627511978 CET	192.168.2.23	1.0.0.1	0xe401	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:31.654465914 CET	192.168.2.23	1.1.1.1	0xe401	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:32.681586027 CET	192.168.2.23	8.8.4.4	0xe401	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:36.524976969 CET	192.168.2.23	1.0.0.1	0x6e33	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:37.666548967 CET	192.168.2.23	1.1.1.1	0x6e33	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:38.791229010 CET	192.168.2.23	8.8.4.4	0x6e33	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:39.808737040 CET	192.168.2.23	8.8.8.8	0x6e33	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:40.827061892 CET	192.168.2.23	8.8.8.8	0x6e33	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:44.630014896 CET	192.168.2.23	1.1.1.1	0xf80a	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:45.658869028 CET	192.168.2.23	1.1.1.1	0xf80a	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:46.686834097 CET	192.168.2.23	1.1.1.1	0xf80a	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:47.714997053 CET	192.168.2.23	8.8.4.4	0xf80a	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:48.732383966 CET	192.168.2.23	8.8.8.8	0xf80a	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:52.552553892 CET	192.168.2.23	1.0.0.1	0xbc23	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:53.579061031 CET	192.168.2.23	1.1.1.1	0xbc23	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:54.704623938 CET	192.168.2.23	1.0.0.1	0xbc23	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:55.849344015 CET	192.168.2.23	8.8.8.8	0xbc23	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:48:56.869492054 CET	192.168.2.23	8.8.8.8	0xbc23	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:00.677386045 CET	192.168.2.23	1.1.1.1	0x707	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:01.817854881 CET	192.168.2.23	1.1.1.1	0x707	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:02.926712990 CET	192.168.2.23	1.1.1.1	0x707	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:04.050473928 CET	192.168.2.23	1.1.1.1	0x707	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:05.079425097 CET	192.168.2.23	1.0.0.1	0x707	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:08.974719048 CET	192.168.2.23	8.8.4.4	0xfd99	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:09.994390965 CET	192.168.2.23	1.0.0.1	0xfd99	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:11.116950989 CET	192.168.2.23	8.8.4.4	0xfd99	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:12.339263916 CET	192.168.2.23	1.0.0.1	0xfd99	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:13.462558031 CET	192.168.2.23	1.0.0.1	0xfd99	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:17.288260937 CET	192.168.2.23	1.1.1.1	0x389f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:18.315871954 CET	192.168.2.23	1.0.0.1	0x389f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:19.437973976 CET	192.168.2.23	1.1.1.1	0x389f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:20.561593056 CET	192.168.2.23	8.8.8.8	0x389f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:21.595092058 CET	192.168.2.23	1.0.0.1	0x389f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:25.508735895 CET	192.168.2.23	8.8.4.4	0x5537	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:26.527160883 CET	192.168.2.23	1.1.1.1	0x5537	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:27.632441998 CET	192.168.2.23	8.8.4.4	0x5537	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:28.649940014 CET	192.168.2.23	8.8.8.8	0x5537	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:29.681694984 CET	192.168.2.23	1.1.1.1	0x5537	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:33.631985903 CET	192.168.2.23	8.8.4.4	0x3dc2	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:34.666867018 CET	192.168.2.23	8.8.8.8	0x3dc2	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:35.684866905 CET	192.168.2.23	1.1.1.1	0x3dc2	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:36.711015940 CET	192.168.2.23	8.8.4.4	0x3dc2	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:37.729721069 CET	192.168.2.23	1.1.1.1	0x3dc2	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:41.632230997 CET	192.168.2.23	1.0.0.1	0x7f79	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:42.666168928 CET	192.168.2.23	1.0.0.1	0x7f79	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:43.790510893 CET	192.168.2.23	1.1.1.1	0x7f79	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:44.819881916 CET	192.168.2.23	8.8.8.8	0x7f79	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:45.837764978 CET	192.168.2.23	1.1.1.1	0x7f79	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:49.724466085 CET	192.168.2.23	1.0.0.1	0x2e93	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:50.864392996 CET	192.168.2.23	1.1.1.1	0x2e93	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:52.025156021 CET	192.168.2.23	8.8.4.4	0x2e93	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:53.054497004 CET	192.168.2.23	1.1.1.1	0x2e93	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:54.082209110 CET	192.168.2.23	8.8.4.4	0x2e93	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:57.897433043 CET	192.168.2.23	1.0.0.1	0xcd89	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:58.924354076 CET	192.168.2.23	8.8.8.8	0xcd89	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:49:59.942660093 CET	192.168.2.23	8.8.8.8	0xcd89	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:50:00.960279942 CET	192.168.2.23	8.8.8.8	0xcd89	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:50:01.992511034 CET	192.168.2.23	8.8.8.8	0xcd89	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:50:05.806417942 CET	192.168.2.23	8.8.8.8	0x4bdf	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:50:06.823811054 CET	192.168.2.23	1.0.0.1	0x4bdf	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:50:07.946310043 CET	192.168.2.23	1.0.0.1	0x4bdf	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 19, 2025 08:50:09.071116924 CET	192.168.2.23	1.1.1.1	0x4bdf	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 19, 2025 08:48:04.638267040 CET	8.8.4.4	192.168.2.23	0xd0fb	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:05.668294907 CET	8.8.4.4	192.168.2.23	0xd0fb	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:06.684730053 CET	8.8.8.8	192.168.2.23	0xd0fb	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:07.715429068 CET	8.8.4.4	192.168.2.23	0xd0fb	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:08.745457888 CET	8.8.4.4	192.168.2.23	0xd0fb	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:12.581796885 CET	8.8.4.4	192.168.2.23	0x65b	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:13.600351095 CET	8.8.4.4	192.168.2.23	0x65b	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:14.617536068 CET	8.8.4.4	192.168.2.23	0x65b	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:15.646120071 CET	1.1.1.1	192.168.2.23	0x65b	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:16.665005922 CET	8.8.8.8	192.168.2.23	0x65b	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:20.583995104 CET	1.0.0.1	192.168.2.23	0x8017	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:21.602334023 CET	8.8.8.8	192.168.2.23	0x8017	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:22.620640039 CET	8.8.4.4	192.168.2.23	0x8017	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:23.782687902 CET	8.8.8.8	192.168.2.23	0x8017	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:24.802361012 CET	8.8.8.8	192.168.2.23	0x8017	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:28.607367039 CET	1.1.1.1	192.168.2.23	0xe401	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:29.625273943 CET	8.8.4.4	192.168.2.23	0xe401	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:30.651973963 CET	1.0.0.1	192.168.2.23	0xe401	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:31.679142952 CET	1.1.1.1	192.168.2.23	0xe401	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:32.710241079 CET	8.8.4.4	192.168.2.23	0xe401	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:36.663484097 CET	1.0.0.1	192.168.2.23	0x6e33	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:37.788336992 CET	1.1.1.1	192.168.2.23	0x6e33	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:38.806847095 CET	8.8.4.4	192.168.2.23	0x6e33	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:39.825077057 CET	8.8.8.8	192.168.2.23	0x6e33	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:40.842726946 CET	8.8.8.8	192.168.2.23	0x6e33	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:44.656486988 CET	1.1.1.1	192.168.2.23	0xf80a	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:45.684196949 CET	1.1.1.1	192.168.2.23	0xf80a	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:46.713011026 CET	1.1.1.1	192.168.2.23	0xf80a	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:47.729727983 CET	8.8.4.4	192.168.2.23	0xf80a	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:48.761290073 CET	8.8.8.8	192.168.2.23	0xf80a	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:52.577157974 CET	1.0.0.1	192.168.2.23	0xbc23	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:53.701169968 CET	1.1.1.1	192.168.2.23	0xbc23	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:54.845716953 CET	1.0.0.1	192.168.2.23	0xbc23	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:55.866839886 CET	8.8.8.8	192.168.2.23	0xbc23	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:48:56.892488956 CET	8.8.8.8	192.168.2.23	0xbc23	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:00.814676046 CET	1.1.1.1	192.168.2.23	0x707	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:01.923752069 CET	1.1.1.1	192.168.2.23	0x707	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:03.046031952 CET	1.1.1.1	192.168.2.23	0x707	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:04.076690912 CET	1.1.1.1	192.168.2.23	0x707	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:05.201030016 CET	1.0.0.1	192.168.2.23	0x707	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:08.990969896 CET	8.8.4.4	192.168.2.23	0xfd99	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:10.114635944 CET	1.0.0.1	192.168.2.23	0xfd99	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:11.336961985 CET	8.8.4.4	192.168.2.23	0xfd99	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:12.460315943 CET	1.0.0.1	192.168.2.23	0xfd99	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:13.487585068 CET	1.0.0.1	192.168.2.23	0xfd99	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:17.312901974 CET	1.1.1.1	192.168.2.23	0x389f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:18.435117960 CET	1.0.0.1	192.168.2.23	0x389f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:19.558959961 CET	1.1.1.1	192.168.2.23	0x389f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:20.593116999 CET	8.8.8.8	192.168.2.23	0x389f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:21.729749918 CET	1.0.0.1	192.168.2.23	0x389f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:25.524247885 CET	8.8.4.4	192.168.2.23	0x5537	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:26.629156113 CET	1.1.1.1	192.168.2.23	0x5537	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:27.647365093 CET	8.8.4.4	192.168.2.23	0x5537	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:28.678529024 CET	8.8.8.8	192.168.2.23	0x5537	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:29.818943024 CET	1.1.1.1	192.168.2.23	0x5537	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:33.664458990 CET	8.8.4.4	192.168.2.23	0x3dc2	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:34.682251930 CET	8.8.8.8	192.168.2.23	0x3dc2	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:35.709124088 CET	1.1.1.1	192.168.2.23	0x3dc2	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:36.728077888 CET	8.8.4.4	192.168.2.23	0x3dc2	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:37.854268074 CET	1.1.1.1	192.168.2.23	0x3dc2	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:41.663239002 CET	1.0.0.1	192.168.2.23	0x7f79	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:42.787257910 CET	1.0.0.1	192.168.2.23	0x7f79	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:43.816864014 CET	1.1.1.1	192.168.2.23	0x7f79	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:44.834822893 CET	8.8.8.8	192.168.2.23	0x7f79	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:45.948385954 CET	1.1.1.1	192.168.2.23	0x7f79	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:49.861443043 CET	1.0.0.1	192.168.2.23	0x2e93	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:51.022062063 CET	1.1.1.1	192.168.2.23	0x2e93	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:52.051256895 CET	8.8.4.4	192.168.2.23	0x2e93	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:53.079587936 CET	1.1.1.1	192.168.2.23	0x2e93	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:54.098892927 CET	8.8.4.4	192.168.2.23	0x2e93	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:57.921873093 CET	1.0.0.1	192.168.2.23	0xcd89	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:58.940360069 CET	8.8.8.8	192.168.2.23	0xcd89	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:49:59.957710981 CET	8.8.8.8	192.168.2.23	0xcd89	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:50:00.989021063 CET	8.8.8.8	192.168.2.23	0xcd89	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:50:02.021416903 CET	8.8.8.8	192.168.2.23	0xcd89	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:50:05.821243048 CET	8.8.8.8	192.168.2.23	0x4bdf	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:50:06.943214893 CET	1.0.0.1	192.168.2.23	0x4bdf	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:50:08.068707943 CET	1.0.0.1	192.168.2.23	0x4bdf	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 19, 2025 08:50:09.096609116 CET	1.1.1.1	192.168.2.23	0x4bdf	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false

System Behavior

Analysis Process: sync.x86_64.elf PID: 6229, Parent PID: 6152

General

Start time (UTC):	07:48:04
Start date (UTC):	19/03/2025
Path:	/tmp/sync.x86_64.elf
Arguments:	/tmp/sync.x86_64.elf
File size:	56816 bytes
MD5 hash:	e939e62e1ce131e61880337553176627

File Activities

File Opened

File Deleted

Directory Deleted

Process Activities

Process Forked

Prctl Requested

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: sync.x86_64.elf PID: 6230, Parent PID: 6229

General

Start time (UTC):	07:48:04
Start date (UTC):	19/03/2025
Path:	/tmp/sync.x86_64.elf
Arguments:	-
File size:	56816 bytes
MD5 hash:	e939e62e1ce131e61880337553176627

Process Activities

Process Forked

Thread Sleep

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: sync.x86_64.elf PID: 6231, Parent PID: 6230

General

Start time (UTC):	07:48:04
Start date (UTC):	19/03/2025
Path:	/tmp/sync.x86_64.elf
Arguments:	-
File size:	56816 bytes
MD5 hash:	e939e62e1ce131e61880337553176627

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report sync.x86_64.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: sync.x86_64.elf PID: 6229, Parent PID: 6152

General

File Activities

File Opened

File Deleted

Directory Deleted

Process Activities

Process Forked

Prctl Requested

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: sync.x86_64.elf PID: 6230, Parent PID: 6229

General

Process Activities

Process Forked

Thread Sleep

Network Activities

Socket Connecting

Chronological Activities

Linux Analysis Report
sync.x86_64.elf