Edit tour

Linux Analysis Report
.i.elf

Overview

General Information

Sample name:.i.elf
Analysis ID:1652040
MD5:7ef98571a0946df25cc7d5d1ba272ce3
SHA1:6683862f67caa4290ccf55aaeecfd36380104b47
SHA256:b69025d793ff554572590f3d8f0c1469930f0e8e554aeb48d4d3485f44e54188
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Executes the "iptables" command to insert, remove and/or manipulate rules
Opens /proc/net/* files useful for finding connected devices and routers
Sample deletes itself
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "iptables" command used for managing IP filtering and manipulation
Reads the 'hosts' file potentially containing internal network hosts
Sample contains only a LOAD segment without any section mappings
Suricata IDS alerts with low severity for network traffic
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1652040
Start date and time:2025-03-30 05:14:14 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 19s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:.i.elf
Detection:MAL
Classification:mal76.spre.troj.evad.linELF@0/2@5/0
  • Excluded IPs from analysis (whitelisted): 64.142.54.12, 209.51.161.238, 75.72.171.171, 68.234.48.70
  • Excluded domains from analysis (whitelisted): pool.ntp.org
Command:/tmp/.i.elf
PID:5492
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:iptables v1.8.4 (legacy): Couldn't load target `CWMP_CR':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
  • system is lnxubuntu20
  • .i.elf (PID: 5492, Parent: 5416, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/.i.elf
    • .i.elf New Fork (PID: 5494, Parent: 5492)
      • .i.elf New Fork (PID: 5498, Parent: 5494)
        • .i.elf New Fork (PID: 5506, Parent: 5498)
        • sh (PID: 5506, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP"
          • sh New Fork (PID: 5512, Parent: 5506)
          • iptables (PID: 5512, Parent: 5506, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --destination-port 23 -j DROP
        • .i.elf New Fork (PID: 5520, Parent: 5498)
        • sh (PID: 5520, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP"
          • sh New Fork (PID: 5525, Parent: 5520)
          • iptables (PID: 5525, Parent: 5520, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --destination-port 7547 -j DROP
        • .i.elf New Fork (PID: 5526, Parent: 5498)
        • sh (PID: 5526, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP"
          • sh New Fork (PID: 5531, Parent: 5526)
          • iptables (PID: 5531, Parent: 5526, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --destination-port 5555 -j DROP
        • .i.elf New Fork (PID: 5532, Parent: 5498)
        • sh (PID: 5532, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP"
          • sh New Fork (PID: 5537, Parent: 5532)
          • iptables (PID: 5537, Parent: 5532, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --destination-port 5358 -j DROP
        • .i.elf New Fork (PID: 5538, Parent: 5498)
        • sh (PID: 5538, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -D INPUT -j CWMP_CR"
          • sh New Fork (PID: 5543, Parent: 5538)
          • iptables (PID: 5543, Parent: 5538, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -D INPUT -j CWMP_CR
        • .i.elf New Fork (PID: 5545, Parent: 5498)
        • sh (PID: 5545, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -X CWMP_CR"
          • sh New Fork (PID: 5550, Parent: 5545)
          • iptables (PID: 5550, Parent: 5545, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X CWMP_CR
        • .i.elf New Fork (PID: 5551, Parent: 5498)
        • sh (PID: 5551, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -I INPUT -p udp --dport 53681 -j ACCEPT"
          • sh New Fork (PID: 5556, Parent: 5551)
          • iptables (PID: 5556, Parent: 5551, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p udp --dport 53681 -j ACCEPT
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
5494.1.00007fcfac400000.00007fcfac435000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    5492.1.00007fcfac400000.00007fcfac435000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-30T05:16:45.484699+020028261751A Network Trojan was detected78.130.47.11360362192.168.2.1453681UDP
      2025-03-30T05:16:49.289644+020028261751A Network Trojan was detected78.130.47.11360362192.168.2.1453681UDP
      2025-03-30T05:16:49.289669+020028261751A Network Trojan was detected78.130.47.11360362192.168.2.1453681UDP
      2025-03-30T05:17:42.264319+020028261751A Network Trojan was detected2.187.250.8323968192.168.2.1453681UDP
      2025-03-30T05:18:21.366372+020028261751A Network Trojan was detected1.70.85.2231041192.168.2.1453681UDP
      2025-03-30T05:18:28.363565+020028261751A Network Trojan was detected5.36.121.11626127192.168.2.1453681UDP
      2025-03-30T05:18:29.284968+020028261751A Network Trojan was detected2.183.97.2248979192.168.2.1453681UDP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: .i.elfAvira: detected
      Source: .i.elfVirustotal: Detection: 47%Perma Link
      Source: .i.elfReversingLabs: Detection: 55%

      Spreading

      barindex
      Source: /tmp/.i.elf (PID: 5494)Opens: /proc/net/routeJump to behavior

      Networking

      barindex
      Source: /bin/sh (PID: 5512)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 23 -j DROPJump to behavior
      Source: /bin/sh (PID: 5525)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 7547 -j DROPJump to behavior
      Source: /bin/sh (PID: 5531)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 5555 -j DROPJump to behavior
      Source: /bin/sh (PID: 5537)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 5358 -j DROPJump to behavior
      Source: /bin/sh (PID: 5543)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -D INPUT -j CWMP_CRJump to behavior
      Source: /bin/sh (PID: 5550)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -X CWMP_CRJump to behavior
      Source: /bin/sh (PID: 5556)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p udp --dport 53681 -j ACCEPTJump to behavior
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 82.221.103.244:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 67.215.246.10:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 171.5.246.254:56757
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 14.192.208.154:27295
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 190.80.34.10:64248
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 181.117.160.195:26638
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 191.106.178.150:24579
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 181.94.224.3:46254
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 95.24.174.89:2621
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 186.85.240.119:48510
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 176.208.33.175:4691
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 46.242.11.50:10733
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 157.48.129.127:37000
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 86.171.147.214:33647
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 177.225.165.149:45616
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 99.241.228.239:9010
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 5.228.82.170:6918
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 46.164.32.235:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 184.22.37.201:65432
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 200.63.41.32:21292
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 186.13.122.39:59772
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 185.177.124.180:6891
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 198.54.134.252:60682
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 173.220.61.10:13299
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 114.47.85.120:43304
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 60.143.71.74:7772
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 154.47.28.136:14480
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 154.202.132.183:6880
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 94.158.12.211:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 178.84.39.173:6889
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 154.205.157.45:3000
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 195.154.179.2:36253
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 24.236.101.34:45355
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 80.250.231.164:41060
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 49.238.6.193:51413
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 126.28.199.235:51413
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 178.174.239.249:10250
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 178.234.62.199:44623
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 188.241.80.69:38570
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 188.18.37.187:49001
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 62.210.181.41:5870
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 174.106.248.226:52767
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 116.226.31.175:8687
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 185.142.92.10:7489
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 92.141.177.229:19850
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 209.38.196.30:6818
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 78.130.47.113:60362
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 14.154.2.243:20230
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 178.235.189.68:55220
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 186.99.137.5:54768
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 178.136.195.90:55842
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 188.244.253.33:43193
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 24.144.47.156:41498
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 31.181.35.148:34379
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 178.45.141.58:51407
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 46.72.53.228:47593
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 38.21.51.103:17613
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 176.124.146.189:40924
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 37.135.84.122:58780
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 179.66.142.220:54155
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 2.57.84.131:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 46.55.162.39:51413
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 91.160.161.82:49966
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 24.236.195.109:49700
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 163.172.75.19:11209
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 91.20.28.53:6889
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 89.134.18.40:7095
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 185.106.59.29:17600
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 193.226.238.212:1261
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 184.75.221.180:55707
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 83.255.190.106:62370
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 73.89.252.123:35731
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 45.228.212.46:37344
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 72.21.17.51:55197
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 85.220.32.111:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 91.223.75.159:3585
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 117.29.90.74:12275
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 54.215.207.56:7799
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 5.79.83.114:28013
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 183.136.216.92:24701
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 95.25.136.19:2114
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 68.112.204.176:39528
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 83.30.191.10:53562
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 165.73.62.152:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 41.121.126.152:22636
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 112.172.103.191:32958
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 46.188.124.64:1089
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 23.94.134.189:6998
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 181.2.131.22:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 91.238.170.107:41411
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 88.112.74.121:51413
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 177.25.126.152:6813
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 95.24.127.125:48367
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 85.174.205.16:6827
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 91.170.58.143:42009
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 146.241.177.235:54377
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 168.232.12.86:13747
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 106.210.128.151:3468
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 84.153.232.48:45717
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 212.15.57.45:22800
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 195.7.12.14:11244
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 91.247.76.14:64158
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 2.187.250.83:23968
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 75.73.138.48:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 58.62.33.80:18839
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 182.105.243.206:22646
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 180.97.50.214:6892
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 178.85.29.181:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 41.225.138.217:56259
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 178.206.139.151:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 138.255.223.9:55196
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 176.241.84.131:2988
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 1.70.85.22:31041
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 5.36.121.116:26127
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 189.63.46.223:7317
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 2.183.97.22:48979
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 176.115.144.24:19651
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 1.161.159.155:48429
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 177.121.254.152:50321
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 201.131.173.28:42856
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 88.99.212.222:6881
      Source: global trafficUDP traffic: 192.168.2.14:53681 -> 77.49.156.11:62353
      Source: /bin/sh (PID: 5512)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 23 -j DROPJump to behavior
      Source: /bin/sh (PID: 5525)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 7547 -j DROPJump to behavior
      Source: /bin/sh (PID: 5531)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 5555 -j DROPJump to behavior
      Source: /bin/sh (PID: 5537)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 5358 -j DROPJump to behavior
      Source: /bin/sh (PID: 5543)Iptables executable: /usr/sbin/iptables -> iptables -D INPUT -j CWMP_CRJump to behavior
      Source: /bin/sh (PID: 5550)Iptables executable: /usr/sbin/iptables -> iptables -X CWMP_CRJump to behavior
      Source: /bin/sh (PID: 5556)Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p udp --dport 53681 -j ACCEPTJump to behavior
      Source: /tmp/.i.elf (PID: 5498)Reads hosts file: /etc/hostsJump to behavior
      Source: Network trafficSuricata IDS: 2826175 - Severity 1 - ETPRO MALWARE Possible Hajime Beacon : 2.187.250.83:23968 -> 192.168.2.14:53681
      Source: Network trafficSuricata IDS: 2826175 - Severity 1 - ETPRO MALWARE Possible Hajime Beacon : 1.70.85.22:31041 -> 192.168.2.14:53681
      Source: Network trafficSuricata IDS: 2826175 - Severity 1 - ETPRO MALWARE Possible Hajime Beacon : 2.183.97.22:48979 -> 192.168.2.14:53681
      Source: Network trafficSuricata IDS: 2826175 - Severity 1 - ETPRO MALWARE Possible Hajime Beacon : 5.36.121.116:26127 -> 192.168.2.14:53681
      Source: Network trafficSuricata IDS: 2826175 - Severity 1 - ETPRO MALWARE Possible Hajime Beacon : 78.130.47.113:60362 -> 192.168.2.14:53681
      Source: global trafficTCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443
      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
      Source: unknownUDP traffic detected without corresponding DNS query: 171.5.246.254
      Source: unknownUDP traffic detected without corresponding DNS query: 14.192.208.154
      Source: unknownUDP traffic detected without corresponding DNS query: 190.80.34.10
      Source: unknownUDP traffic detected without corresponding DNS query: 181.117.160.195
      Source: unknownUDP traffic detected without corresponding DNS query: 191.106.178.150
      Source: unknownUDP traffic detected without corresponding DNS query: 14.192.208.154
      Source: unknownUDP traffic detected without corresponding DNS query: 191.106.178.150
      Source: unknownUDP traffic detected without corresponding DNS query: 181.94.224.3
      Source: unknownUDP traffic detected without corresponding DNS query: 171.5.246.254
      Source: unknownUDP traffic detected without corresponding DNS query: 181.117.160.195
      Source: unknownUDP traffic detected without corresponding DNS query: 95.24.174.89
      Source: unknownUDP traffic detected without corresponding DNS query: 191.106.178.150
      Source: unknownUDP traffic detected without corresponding DNS query: 181.117.160.195
      Source: unknownUDP traffic detected without corresponding DNS query: 95.24.174.89
      Source: unknownUDP traffic detected without corresponding DNS query: 171.5.246.254
      Source: unknownUDP traffic detected without corresponding DNS query: 181.94.224.3
      Source: unknownUDP traffic detected without corresponding DNS query: 95.24.174.89
      Source: unknownUDP traffic detected without corresponding DNS query: 186.85.240.119
      Source: unknownUDP traffic detected without corresponding DNS query: 176.208.33.175
      Source: unknownUDP traffic detected without corresponding DNS query: 46.242.11.50
      Source: unknownUDP traffic detected without corresponding DNS query: 157.48.129.127
      Source: unknownUDP traffic detected without corresponding DNS query: 86.171.147.214
      Source: unknownUDP traffic detected without corresponding DNS query: 177.225.165.149
      Source: unknownUDP traffic detected without corresponding DNS query: 99.241.228.239
      Source: unknownUDP traffic detected without corresponding DNS query: 5.228.82.170
      Source: unknownUDP traffic detected without corresponding DNS query: 46.164.32.235
      Source: unknownUDP traffic detected without corresponding DNS query: 177.225.165.149
      Source: unknownUDP traffic detected without corresponding DNS query: 184.22.37.201
      Source: unknownUDP traffic detected without corresponding DNS query: 200.63.41.32
      Source: unknownUDP traffic detected without corresponding DNS query: 186.13.122.39
      Source: unknownUDP traffic detected without corresponding DNS query: 185.177.124.180
      Source: unknownUDP traffic detected without corresponding DNS query: 198.54.134.252
      Source: unknownUDP traffic detected without corresponding DNS query: 173.220.61.10
      Source: unknownUDP traffic detected without corresponding DNS query: 114.47.85.120
      Source: unknownUDP traffic detected without corresponding DNS query: 86.171.147.214
      Source: unknownUDP traffic detected without corresponding DNS query: 60.143.71.74
      Source: unknownUDP traffic detected without corresponding DNS query: 154.47.28.136
      Source: unknownUDP traffic detected without corresponding DNS query: 154.202.132.183
      Source: unknownUDP traffic detected without corresponding DNS query: 94.158.12.211
      Source: unknownUDP traffic detected without corresponding DNS query: 178.84.39.173
      Source: unknownUDP traffic detected without corresponding DNS query: 154.205.157.45
      Source: unknownUDP traffic detected without corresponding DNS query: 99.241.228.239
      Source: unknownUDP traffic detected without corresponding DNS query: 154.205.157.45
      Source: unknownUDP traffic detected without corresponding DNS query: 195.154.179.2
      Source: unknownUDP traffic detected without corresponding DNS query: 24.236.101.34
      Source: unknownUDP traffic detected without corresponding DNS query: 80.250.231.164
      Source: unknownUDP traffic detected without corresponding DNS query: 5.228.82.170
      Source: unknownUDP traffic detected without corresponding DNS query: 157.48.129.127
      Source: global trafficDNS traffic detected: DNS query: router.utorrent.com
      Source: global trafficDNS traffic detected: DNS query: router.bittorrent.com
      Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 46540 -> 443
      Source: LOAD without section mappingsProgram segment: 0x100000
      Source: classification engineClassification label: mal76.spre.troj.evad.linELF@0/2@5/0

      Persistence and Installation Behavior

      barindex
      Source: /bin/sh (PID: 5512)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 23 -j DROPJump to behavior
      Source: /bin/sh (PID: 5525)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 7547 -j DROPJump to behavior
      Source: /bin/sh (PID: 5531)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 5555 -j DROPJump to behavior
      Source: /bin/sh (PID: 5537)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 5358 -j DROPJump to behavior
      Source: /bin/sh (PID: 5543)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -D INPUT -j CWMP_CRJump to behavior
      Source: /bin/sh (PID: 5550)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -X CWMP_CRJump to behavior
      Source: /bin/sh (PID: 5556)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -I INPUT -p udp --dport 53681 -j ACCEPTJump to behavior
      Source: /tmp/.i.elf (PID: 5498)Directory: /tmp/.pJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3760/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3761/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/2672/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1583/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3759/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/110/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/111/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/112/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1577/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1577/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/234/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/113/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/235/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/114/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/115/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/116/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/117/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/118/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/119/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3758/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/917/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/917/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/10/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/11/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/12/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/13/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/14/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/15/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/16/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/17/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/18/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/19/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1593/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1593/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/240/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3094/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3094/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/120/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3406/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3406/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/242/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/121/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/243/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/122/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1589/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1589/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/244/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/123/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/2/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1588/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/1588/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/245/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/124/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3402/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3402/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/246/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/125/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/4/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/247/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/126/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/5/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/248/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/127/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/6/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/249/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/128/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/7/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/800/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/800/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/129/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/8/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/801/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/801/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/9/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/803/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/803/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/806/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/806/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/20/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/928/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/928/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/807/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/807/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/21/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/22/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/23/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/24/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/25/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/26/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/27/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/28/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/29/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3420/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/3420/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/490/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/490/fdJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/250/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/251/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/130/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/252/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/131/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5498)File opened: /proc/253/cmdlineJump to behavior
      Source: /tmp/.i.elf (PID: 5506)Shell command executed: sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP"Jump to behavior
      Source: /tmp/.i.elf (PID: 5520)Shell command executed: sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP"Jump to behavior
      Source: /tmp/.i.elf (PID: 5526)Shell command executed: sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP"Jump to behavior
      Source: /tmp/.i.elf (PID: 5532)Shell command executed: sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP"Jump to behavior
      Source: /tmp/.i.elf (PID: 5538)Shell command executed: sh -c "iptables -D INPUT -j CWMP_CR"Jump to behavior
      Source: /tmp/.i.elf (PID: 5545)Shell command executed: sh -c "iptables -X CWMP_CR"Jump to behavior
      Source: /tmp/.i.elf (PID: 5551)Shell command executed: sh -c "iptables -I INPUT -p udp --dport 53681 -j ACCEPT"Jump to behavior
      Source: /bin/sh (PID: 5512)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 23 -j DROPJump to behavior
      Source: /bin/sh (PID: 5525)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 7547 -j DROPJump to behavior
      Source: /bin/sh (PID: 5531)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 5555 -j DROPJump to behavior
      Source: /bin/sh (PID: 5537)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 5358 -j DROPJump to behavior
      Source: /bin/sh (PID: 5543)Iptables executable: /usr/sbin/iptables -> iptables -D INPUT -j CWMP_CRJump to behavior
      Source: /bin/sh (PID: 5550)Iptables executable: /usr/sbin/iptables -> iptables -X CWMP_CRJump to behavior
      Source: /bin/sh (PID: 5556)Iptables executable: /usr/sbin/iptables -> iptables -I INPUT -p udp --dport 53681 -j ACCEPTJump to behavior
      Source: submitted sampleStderr: iptables v1.8.4 (legacy): Couldn't load target `CWMP_CR':No such file or directoryTry `iptables -h' or 'iptables --help' for more information.iptables: No chain/target/match by that name.: exit code = 0

      Hooking and other Techniques for Hiding and Protection

      barindex
      Source: /tmp/.i.elf (PID: 5498)File: /tmp/.i.elfJump to behavior
      Source: .i.elfSubmission file: segment LOAD with 7.9794 entropy (max. 8.0)
      Source: /tmp/.i.elf (PID: 5492)Queries kernel information via 'uname': Jump to behavior
      Source: .i.elf, 5494.1.00007ffdce585000.00007ffdce5a6000.rw-.sdmpBinary or memory string: V/tmp/qemu-open.f4HhUA
      Source: .i.elf, 5492.1.0000561bfa8f5000.0000561bfa97c000.rw-.sdmp, .i.elf, 5494.1.0000561bfa8f5000.0000561bfa97c000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/mips
      Source: .i.elf, 5492.1.0000561bfa8f5000.0000561bfa97c000.rw-.sdmp, .i.elf, 5494.1.0000561bfa8f5000.0000561bfa97c000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
      Source: .i.elf, 5492.1.00007ffdce585000.00007ffdce5a6000.rw-.sdmp, .i.elf, 5494.1.00007ffdce585000.00007ffdce5a6000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
      Source: .i.elf, 5492.1.00007ffdce585000.00007ffdce5a6000.rw-.sdmp, .i.elf, 5494.1.00007ffdce585000.00007ffdce5a6000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/.i.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/.i.elf
      Source: .i.elf, 5494.1.00007ffdce585000.00007ffdce5a6000.rw-.sdmpBinary or memory string: /tmp/qemu-open.f4HhUA

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 5494.1.00007fcfac400000.00007fcfac435000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5492.1.00007fcfac400000.00007fcfac435000.r-x.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 5494.1.00007fcfac400000.00007fcfac435000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5492.1.00007fcfac400000.00007fcfac435000.r-x.sdmp, type: MEMORY
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information1
      Scripting
      Valid AccountsWindows Management Instrumentation1
      Scripting
      Path Interception1
      Hidden Files and Directories
      1
      OS Credential Dumping
      11
      Security Software Discovery
      Remote ServicesData from Local System1
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Obfuscated Files or Information
      LSASS Memory1
      File and Directory Discovery
      Remote Desktop ProtocolData from Removable Media1
      Non-Standard Port
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      File Deletion
      Security Account Manager1
      Remote System Discovery
      SMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
      System Network Configuration Discovery
      Distributed Component Object ModelInput Capture2
      Application Layer Protocol
      Traffic DuplicationData Destruction
      No configs have been found
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1652040 Sample: .i.elf Startdate: 30/03/2025 Architecture: LINUX Score: 76 41 185.177.124.180, 53681, 6891 WORLDSTREAMNL Netherlands 2->41 43 178.235.189.68, 55220 VECTRANET-ASAlZwyciestwa25381-525GdyniaPolandPL Poland 2->43 45 100 other IPs or domains 2->45 47 Antivirus / Scanner detection for submitted sample 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected Mirai 2->51 10 .i.elf 2->10         started        signatures3 process4 process5 12 .i.elf 10->12         started        signatures6 55 Opens /proc/net/* files useful for finding connected devices and routers 12->55 15 .i.elf 12->15         started        process7 signatures8 57 Sample deletes itself 15->57 18 .i.elf sh 15->18         started        20 .i.elf sh 15->20         started        22 .i.elf sh 15->22         started        24 4 other processes 15->24 process9 process10 26 sh iptables 18->26         started        29 sh iptables 20->29         started        31 sh iptables 22->31         started        33 sh iptables 24->33         started        35 sh iptables 24->35         started        37 sh iptables 24->37         started        39 sh iptables 24->39         started        signatures11 53 Executes the "iptables" command to insert, remove and/or manipulate rules 26->53

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      .i.elf48%VirustotalBrowse
      .i.elf56%ReversingLabsLinux.Infostealer.Berbew
      .i.elf100%AviraLINUX/AVI.Agent.yttum
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches

      Download Network PCAP: filteredfull

      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      162.213.35.24
      truefalse
        high
        router.bittorrent.com
        67.215.246.10
        truefalse
          high
          router.utorrent.com
          82.221.103.244
          truefalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            2.183.97.22
            unknownIran (ISLAMIC Republic Of)
            58224TCIIRfalse
            163.172.75.19
            unknownUnited Kingdom
            12876OnlineSASFRfalse
            181.94.224.3
            unknownArgentina
            7303TelecomArgentinaSAARfalse
            186.85.240.119
            unknownColombia
            10620TelmexColombiaSACOfalse
            1.70.85.22
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            185.177.124.180
            unknownNetherlands
            49981WORLDSTREAMNLfalse
            83.30.191.10
            unknownPoland
            5617TPNETPLfalse
            62.210.181.41
            unknownFrance
            12876OnlineSASFRfalse
            154.202.132.183
            unknownSeychelles
            132839POWERLINE-AS-APPOWERLINEDATACENTERHKfalse
            168.232.12.86
            unknownBrazil
            264932STAYNETSERVICOSDEINTERNETLTDA-MEBRfalse
            178.234.62.199
            unknownRussian Federation
            12389ROSTELECOM-ASRUfalse
            83.255.190.106
            unknownSweden
            39651COMHEM-SWEDENSEfalse
            85.174.205.16
            unknownRussian Federation
            12389ROSTELECOM-ASRUfalse
            181.117.160.195
            unknownArgentina
            11664TechtelLMDSComunicacionesInteractivasSAARfalse
            88.99.212.222
            unknownGermany
            24940HETZNER-ASDEfalse
            2.57.84.131
            unknownItaly
            203462ASNOVACONNNovaConn-InternetServiceProviderITfalse
            112.172.103.191
            unknownKorea Republic of
            4766KIXS-AS-KRKoreaTelecomKRfalse
            180.97.50.214
            unknownChina
            137702CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvincefalse
            186.99.137.5
            unknownColombia
            701UUNETUSfalse
            45.228.212.46
            unknownBrazil
            266112JMATERPROVEDORESESERVICOSDETELECOMLTDABRfalse
            82.221.103.244
            router.utorrent.comIceland
            50613THORDC-ASISfalse
            176.208.33.175
            unknownRussian Federation
            12389ROSTELECOM-ASRUfalse
            177.225.165.149
            unknownMexico
            13999MegaCableSAdeCVMXfalse
            198.54.134.252
            unknownUnited States
            11878TZULOUSfalse
            184.75.221.180
            unknownCanada
            32489AMANAHA-NEWCAfalse
            195.7.12.14
            unknownCzech Republic
            210148ASORVISESfalse
            154.47.28.136
            unknownUnited States
            174COGENT-174USfalse
            188.241.80.69
            unknownRomania
            50369SAFEGRIDROfalse
            178.85.29.181
            unknownNetherlands
            6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
            201.131.173.28
            unknownBrazil
            61842PlugnetOnlineServicosInformaticaLTDAMEBRfalse
            95.25.136.19
            unknownRussian Federation
            3216SOVAM-ASRUfalse
            88.112.74.121
            unknownFinland
            719ELISA-ASHelsinkiFinlandEUfalse
            31.181.35.148
            unknownRussian Federation
            12389ROSTELECOM-ASRUfalse
            38.21.51.103
            unknownUnited States
            395795CTCUSfalse
            46.72.53.228
            unknownRussian Federation
            12714TI-ASMoscowRussiaRUfalse
            68.112.204.176
            unknownUnited States
            20115CHARTER-20115USfalse
            86.171.147.214
            unknownUnited Kingdom
            2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
            209.38.196.30
            unknownUnited States
            7018ATT-INTERNET4USfalse
            176.115.144.24
            unknownRussian Federation
            197275ASLINKTELECOMNNRUfalse
            188.18.37.187
            unknownRussian Federation
            12389ROSTELECOM-ASRUfalse
            193.226.238.212
            unknownHungary
            12301INVITECHHUfalse
            174.106.248.226
            unknownUnited States
            11426TWC-11426-CAROLINASUSfalse
            24.144.47.156
            unknownUnited States
            12231CONWAYCORPUSfalse
            189.63.46.223
            unknownBrazil
            28573CLAROSABRfalse
            138.255.223.9
            unknownBrazil
            263994HELIOBMARTINSJUNIOR-MEBRfalse
            91.223.75.159
            unknownunknown
            196762ASALKOMCZfalse
            91.20.28.53
            unknownGermany
            3320DTAGInternetserviceprovideroperationsDEfalse
            54.215.207.56
            unknownUnited States
            16509AMAZON-02USfalse
            84.153.232.48
            unknownGermany
            3320DTAGInternetserviceprovideroperationsDEfalse
            116.226.31.175
            unknownChina
            4812CHINANET-SH-APChinaTelecomGroupCNfalse
            117.29.90.74
            unknownChina
            133776CHINATELECOM-FUJIAN-QUANZHOU-IDC1QuanzhouCNfalse
            146.241.177.235
            unknownItaly
            35612NGI-ASITfalse
            75.73.138.48
            unknownUnited States
            7922COMCAST-7922USfalse
            94.158.12.211
            unknownRussian Federation
            51645IRKUTSK-ASRUfalse
            106.210.128.151
            unknownIndia
            45609BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSServicefalse
            24.236.195.109
            unknownUnited States
            20115CHARTER-20115USfalse
            186.13.122.39
            unknownArgentina
            11664TechtelLMDSComunicacionesInteractivasSAARfalse
            178.174.239.249
            unknownSweden
            8473BAHNHOFhttpwwwbahnhofnetSEfalse
            154.205.157.45
            unknownSeychelles
            26484IKGUL-26484USfalse
            5.228.82.170
            unknownRussian Federation
            42610NCNET-ASRUfalse
            77.49.156.11
            unknownGreece
            1241FORTHNET-GRForthnetEUfalse
            5.79.83.114
            unknownNetherlands
            60781LEASEWEB-NL-AMS-01NetherlandsNLfalse
            23.94.134.189
            unknownUnited States
            36352AS-COLOCROSSINGUSfalse
            99.241.228.239
            unknownCanada
            812ROGERS-COMMUNICATIONSCAfalse
            37.135.84.122
            unknownSpain
            12479UNI2-ASESfalse
            41.121.126.152
            unknownSouth Africa
            16637MTNNS-ASZAfalse
            176.124.146.189
            unknownRussian Federation
            59665ULTRATEL-ASRUfalse
            178.84.39.173
            unknownNetherlands
            6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
            126.28.199.235
            unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            157.48.129.127
            unknownIndia
            55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
            46.242.11.50
            unknownRussian Federation
            42610NCNET-ASRUfalse
            95.24.127.125
            unknownRussian Federation
            8402CORBINA-ASOJSCVimpelcomRUfalse
            41.225.138.217
            unknownTunisia
            37671GLOBALNET-ASTNfalse
            184.22.37.201
            unknownThailand
            133481AIS-FIBRE-AS-APAISFibreTHfalse
            89.134.18.40
            unknownHungary
            6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
            178.235.189.68
            unknownPoland
            29314VECTRANET-ASAlZwyciestwa25381-525GdyniaPolandPLfalse
            92.141.177.229
            unknownFrance
            3215FranceTelecom-OrangeFRfalse
            190.80.34.10
            unknownGuyana
            19863GuyanaTelephoneTelegraphCoGYfalse
            195.154.179.2
            unknownFrance
            12876OnlineSASFRfalse
            46.188.124.64
            unknownRussian Federation
            8334CO-2COM-ASMoscowRUfalse
            177.25.126.152
            unknownBrazil
            26599TELEFONICABRASILSABRfalse
            46.55.162.39
            unknownBulgaria
            51582DCC-BGfalse
            91.160.161.82
            unknownFrance
            12322PROXADFRfalse
            95.24.174.89
            unknownRussian Federation
            8402CORBINA-ASOJSCVimpelcomRUfalse
            5.36.121.116
            unknownOman
            28885OMANTEL-NAP-ASOmanTelNAPOMfalse
            46.164.32.235
            unknownSlovenia
            21283A1SI-ASA1SlovenijaSIfalse
            72.21.17.51
            unknownCanada
            394151AS-WHATBOX-CAfalse
            1.161.159.155
            unknownTaiwan; Republic of China (ROC)
            3462HINETDataCommunicationBusinessGroupTWfalse
            176.241.84.131
            unknownIraq
            57588HAYAT-ISP-ASNIQfalse
            173.220.61.10
            unknownUnited States
            6128CABLE-NET-1USfalse
            181.2.131.22
            unknownArgentina
            7303TelecomArgentinaSAARfalse
            49.238.6.193
            unknownJapan9614OCTOitaCableTelecomColtdJPfalse
            178.206.139.151
            unknownRussian Federation
            28840TATTELECOM-ASRUfalse
            80.250.231.164
            unknownRussian Federation
            24663COMPLAT-ASRUfalse
            182.105.243.206
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            78.130.47.113
            unknownPortugal
            2860NOS_COMUNICACOESPTfalse
            200.63.41.32
            unknownPanama
            52284PanamaservercomPAfalse
            2.187.250.83
            unknownIran (ISLAMIC Republic Of)
            58224TCIIRfalse
            14.192.208.154
            unknownMalaysia
            9534MAXIS-AS1-APBinariangBerhadMYfalse
            185.142.92.10
            unknownIran (ISLAMIC Republic Of)
            48359HESABGAR-ASIRfalse
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            82.221.103.244na.elfGet hashmaliciousUnknownBrowse
              BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                  SecuriteInfo.com.Adware.Downware.20091.8549.2837.exeGet hashmaliciousUnknownBrowse
                    SecuriteInfo.com.Adware.Downware.20091.8549.2837.exeGet hashmaliciousUnknownBrowse
                      ubuntu-22.10-desktop-amd64.iso.torrentGet hashmaliciousUnknownBrowse
                        SecuriteInfo.com.Linux.Mirai.4338.16665.4054Get hashmaliciousUnknownBrowse
                          hajime-likeGet hashmaliciousUnknownBrowse
                            DA362DFF8B39C6B4B92387F48F5BEB91CE55DBDF8BFE6.exeGet hashmaliciousAsyncRAT, RedLineBrowse
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              daisy.ubuntu.comsshd.elfGet hashmaliciousUnknownBrowse
                              • 162.213.35.25
                              rrrdsl.elfGet hashmaliciousUnknownBrowse
                              • 162.213.35.24
                              rjfe686.elfGet hashmaliciousUnknownBrowse
                              • 162.213.35.25
                              bin.sh.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.24
                              arm6.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.24
                              AL5Nx4BxYS.elfGet hashmaliciousUnknownBrowse
                              • 162.213.35.25
                              sshd.elfGet hashmaliciousUnknownBrowse
                              • 162.213.35.25
                              boatnet.mips.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.24
                              boatnet.spc.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.25
                              sshd.elfGet hashmaliciousUnknownBrowse
                              • 162.213.35.25
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              TCIIRbimbo-mips.elfGet hashmaliciousUnknownBrowse
                              • 151.233.179.59
                              rtworkq-deflated.dllGet hashmaliciousStealc, VidarBrowse
                              • 193.239.237.40
                              k03ldc.arm.elfGet hashmaliciousUnknownBrowse
                              • 2.187.21.246
                              sora.spc.elfGet hashmaliciousMiraiBrowse
                              • 217.218.216.184
                              0qAlAtfE22.exeGet hashmaliciousPhorpiexBrowse
                              • 2.185.151.24
                              g4za.arm7.elfGet hashmaliciousMiraiBrowse
                              • 5.239.215.230
                              SecuriteInfo.com.Win32.HLLW.Phorpiex.1488.10073.19908.exeGet hashmaliciousPhorpiex, XmrigBrowse
                              • 178.238.197.6
                              Nyx4r.ppc.elfGet hashmaliciousOkiruBrowse
                              • 37.255.2.46
                              hoho.mips.elfGet hashmaliciousUnknownBrowse
                              • 5.232.36.168
                              hoho.armv5l.elfGet hashmaliciousUnknownBrowse
                              • 31.193.145.23
                              TelmexColombiaSACObimbo-arm.elfGet hashmaliciousUnknownBrowse
                              • 186.80.153.222
                              bimbo-spc.elfGet hashmaliciousUnknownBrowse
                              • 181.54.154.30
                              apache2.elfGet hashmaliciousGafgytBrowse
                              • 190.159.165.1
                              k03ldc.mips.elfGet hashmaliciousUnknownBrowse
                              • 186.146.82.155
                              efjepc.elfGet hashmaliciousGafgyt, MiraiBrowse
                              • 181.59.4.7
                              vejfa5.elfGet hashmaliciousGafgyt, MiraiBrowse
                              • 181.61.167.56
                              resgod.m68k.elfGet hashmaliciousMiraiBrowse
                              • 181.55.86.19
                              resgod.arm.elfGet hashmaliciousMiraiBrowse
                              • 190.146.249.78
                              sora.mips.elfGet hashmaliciousMiraiBrowse
                              • 186.85.36.119
                              rrrdsl.elfGet hashmaliciousGafgyt, MiraiBrowse
                              • 181.60.53.2
                              OnlineSASFRRFQ-82100045343200046440003446.exeGet hashmaliciousUnknownBrowse
                              • 51.159.14.89
                              RFQ-82100045343200046440003446.exeGet hashmaliciousUnknownBrowse
                              • 51.159.14.89
                              http://62.210.129.88/rid.gifGet hashmaliciousUnknownBrowse
                              • 62.210.129.88
                              ahXo7IZCK7.exeGet hashmaliciousDorkbotBrowse
                              • 62.210.129.88
                              https://url.us.m.mimecastprotect.com/s/MVhvC73mEAFPGwlS8fWUoQQY8?domain=link.edgepilot.comGet hashmaliciousUnknownBrowse
                              • 51.159.76.85
                              1.ps1Get hashmaliciousAsyncRAT, XmrigBrowse
                              • 51.15.58.224
                              pBYl2fOFZX.exeGet hashmaliciousSocks5SystemzBrowse
                              • 62.210.200.68
                              file.exeGet hashmaliciousCryptOne, LummaC Stealer, Socks5SystemzBrowse
                              • 62.210.200.68
                              Patch-HWMonitor.Pro.1.3x.exeGet hashmaliciousUnknownBrowse
                              • 195.154.81.43
                              HWMonitorPro_x64.exeGet hashmaliciousUnknownBrowse
                              • 195.154.81.43
                              TelecomArgentinaSAARbimbo-spc.elfGet hashmaliciousUnknownBrowse
                              • 181.99.116.125
                              cron.elfGet hashmaliciousGafgytBrowse
                              • 181.171.208.0
                              k03ldc.arm.elfGet hashmaliciousUnknownBrowse
                              • 181.31.201.35
                              k03ldc.m68k.elfGet hashmaliciousUnknownBrowse
                              • 200.45.29.205
                              k03ldc.mpsl.elfGet hashmaliciousUnknownBrowse
                              • 181.8.105.192
                              k03ldc.mips.elfGet hashmaliciousUnknownBrowse
                              • 181.9.236.217
                              vejfa5.elfGet hashmaliciousGafgyt, MiraiBrowse
                              • 181.108.115.205
                              resgod.spc.elfGet hashmaliciousMiraiBrowse
                              • 181.9.217.2
                              resgod.arm.elfGet hashmaliciousMiraiBrowse
                              • 181.10.135.155
                              sora.arm7.elfGet hashmaliciousMiraiBrowse
                              • 181.99.116.121
                              No context
                              No context
                              Process:/tmp/.i.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):230
                              Entropy (8bit):3.709552666863289
                              Encrypted:false
                              SSDEEP:6:iekrEcvwAsE5KlwSd4pzKaV6Lpms/a/1VCxGF:ur+m5MwSdIKaV6L1adVRF
                              MD5:2E667F43AE18CD1FE3C108641708A82C
                              SHA1:12B90DE2DA0FBCFE66F3D6130905E56C8D6A68D3
                              SHA-256:6F721492E7A337C5B498A8F55F5EB7AC745AFF716D0B5B08EFF2C1B6B250F983
                              SHA-512:D2A0EE2509154EC1098994F38BE172F98F4150399C534A04D5C675D7C05630802225019F19344CC9070C576BC465A4FEB382AC7712DE6BF25E9244B54A9DB830
                              Malicious:false
                              Reputation:high, very likely benign file
                              Preview:Iface.Destination.Gateway .Flags.RefCnt.Use.Metric.Mask..MTU.Window.IRTT .ens160.00000000.c0a80201.0003.0.0.0.00000000.0.0.0.ens160.c0a80200.00000000.0001.0.0.0.ffffff00.0.0.0.
                              Process:/tmp/.i.elf
                              File Type:data
                              Category:dropped
                              Size (bytes):12
                              Entropy (8bit):3.2516291673878226
                              Encrypted:false
                              SSDEEP:3:TgLxl:TgLj
                              MD5:E4B87097E4B36E14500B9CE57C45EA25
                              SHA1:DE3D58C12CA45D58E41455D0B693AF835D7F7361
                              SHA-256:7AD8A46FA4EADA251D0628721EEA0DE6EA917EC6B820146172179FFA68FC44A8
                              SHA-512:53CD8469E5F84281D446318E05BBA7B4A0D93FBF7567B663E875E9BBE95453E83E1C233140DBEBFC50C64F981CF1C007A1A573C508AE676BBE78F07C38DA4D43
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:/tmp/.i.elf.
                              File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
                              Entropy (8bit):7.979555877636912
                              TrID:
                              • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                              • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                              File name:.i.elf
                              File size:84'196 bytes
                              MD5:7ef98571a0946df25cc7d5d1ba272ce3
                              SHA1:6683862f67caa4290ccf55aaeecfd36380104b47
                              SHA256:b69025d793ff554572590f3d8f0c1469930f0e8e554aeb48d4d3485f44e54188
                              SHA512:4a0fb68a8fa887083650f8cc8cef23da1e7c92c4f8ebc895eb2b847fa1a9ce8f35da07e4d21ab27ce3c611d1f696e3bab759462e33e70aa36d550fadbc997d9f
                              SSDEEP:1536:yYI0ARqw1qAEW67UIWi7M8gmfmJo0WgswnD6Efyq8PxlRkp2K3/J1V+uBNV:yYI0ARqw1qAEv7UIFM8oJorFquyjkRkT
                              TLSH:4F831229135514E9D62681F1D3FD1F84AD591F68CEE2EC157812BC99EE333AD3CC2618
                              File Content Preview:.ELF....................../....4.........4. ...(......................Bd..Bd.................G...G.................................................^.......?.E.h4...@b..) ..]..0...a.t<..mc.zy/..>..!c...gM\<j..W`xD'..}...\..].j.L.u...S..i...../..F...@`..'k.

                              ELF header

                              Class:ELF32
                              Data:2's complement, big endian
                              Version:1 (current)
                              Machine:MIPS R3000
                              Version Number:0x1
                              Type:EXEC (Executable file)
                              OS/ABI:UNIX - System V
                              ABI Version:0
                              Entry Point Address:0x112fe8
                              Flags:0x1007
                              ELF Header Size:52
                              Program Header Offset:52
                              Program Header Size:32
                              Number of Program Headers:2
                              Section Header Offset:0
                              Section Header Size:40
                              Number of Section Headers:0
                              Header String Table Index:0
                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                              LOAD0x00x1000000x1000000x142640x142647.97940x5R E0x10000
                              LOAD0xa6c00x47a6c00x47a6c00x00x00.00000x6RW 0x10000

                              Download Network PCAP: filteredfull

                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                              2025-03-30T05:16:45.484699+02002826175ETPRO MALWARE Possible Hajime Beacon178.130.47.11360362192.168.2.1453681UDP
                              2025-03-30T05:16:49.289644+02002826175ETPRO MALWARE Possible Hajime Beacon178.130.47.11360362192.168.2.1453681UDP
                              2025-03-30T05:16:49.289669+02002826175ETPRO MALWARE Possible Hajime Beacon178.130.47.11360362192.168.2.1453681UDP
                              2025-03-30T05:17:42.264319+02002826175ETPRO MALWARE Possible Hajime Beacon12.187.250.8323968192.168.2.1453681UDP
                              2025-03-30T05:18:21.366372+02002826175ETPRO MALWARE Possible Hajime Beacon11.70.85.2231041192.168.2.1453681UDP
                              2025-03-30T05:18:28.363565+02002826175ETPRO MALWARE Possible Hajime Beacon15.36.121.11626127192.168.2.1453681UDP
                              2025-03-30T05:18:29.284968+02002826175ETPRO MALWARE Possible Hajime Beacon12.183.97.2248979192.168.2.1453681UDP
                              • Total Packets: 257
                              • 100 Ports have been hidden.
                              • 53 (DNS)
                              • 443 (HTTPS)
                              • 1089 undefined
                              • 1261 undefined
                              • 2114 undefined
                              • 2621 undefined
                              • 2988 undefined
                              • 3000 undefined
                              • 3003 undefined
                              • 3005 undefined
                              TimestampSource PortDest PortSource IPDest IP
                              Mar 30, 2025 05:15:12.241229057 CEST46540443192.168.2.14185.125.190.26
                              Mar 30, 2025 05:15:43.471952915 CEST46540443192.168.2.14185.125.190.26
                              TimestampSource PortDest PortSource IPDest IP
                              Mar 30, 2025 05:15:08.171554089 CEST4351953192.168.2.148.8.8.8
                              Mar 30, 2025 05:15:08.272833109 CEST53435198.8.8.8192.168.2.14
                              Mar 30, 2025 05:15:08.274081945 CEST536816881192.168.2.1482.221.103.244
                              Mar 30, 2025 05:15:08.275891066 CEST3835553192.168.2.148.8.8.8
                              Mar 30, 2025 05:15:09.145694971 CEST53383558.8.8.8192.168.2.14
                              Mar 30, 2025 05:15:09.146435022 CEST536816881192.168.2.1467.215.246.10
                              Mar 30, 2025 05:15:09.310759068 CEST68815368167.215.246.10192.168.2.14
                              Mar 30, 2025 05:15:09.998034000 CEST536816881192.168.2.1467.215.246.10
                              Mar 30, 2025 05:15:10.161868095 CEST68815368167.215.246.10192.168.2.14
                              Mar 30, 2025 05:15:10.164722919 CEST5368156757192.168.2.14171.5.246.254
                              Mar 30, 2025 05:15:10.165111065 CEST5368127295192.168.2.1414.192.208.154
                              Mar 30, 2025 05:15:10.165163040 CEST5368164248192.168.2.14190.80.34.10
                              Mar 30, 2025 05:15:10.165208101 CEST5368126638192.168.2.14181.117.160.195
                              Mar 30, 2025 05:15:10.165220976 CEST5368124579192.168.2.14191.106.178.150
                              Mar 30, 2025 05:15:10.516077042 CEST272955368114.192.208.154192.168.2.14
                              Mar 30, 2025 05:15:10.563236952 CEST6424853681190.80.34.10192.168.2.14
                              Mar 30, 2025 05:15:25.987457037 CEST5368127295192.168.2.1414.192.208.154
                              Mar 30, 2025 05:15:26.378889084 CEST272955368114.192.208.154192.168.2.14
                              Mar 30, 2025 05:15:26.379162073 CEST5368124579192.168.2.14191.106.178.150
                              Mar 30, 2025 05:15:26.379213095 CEST5368146254192.168.2.14181.94.224.3
                              Mar 30, 2025 05:15:26.379234076 CEST5368156757192.168.2.14171.5.246.254
                              Mar 30, 2025 05:15:26.379256010 CEST5368126638192.168.2.14181.117.160.195
                              Mar 30, 2025 05:15:26.379256010 CEST536812621192.168.2.1495.24.174.89
                              Mar 30, 2025 05:15:26.585958958 CEST2457953681191.106.178.150192.168.2.14
                              Mar 30, 2025 05:15:26.641285896 CEST4625453681181.94.224.3192.168.2.14
                              Mar 30, 2025 05:15:48.990643978 CEST5368124579192.168.2.14191.106.178.150
                              Mar 30, 2025 05:15:49.289863110 CEST2457953681191.106.178.150192.168.2.14
                              Mar 30, 2025 05:15:49.290324926 CEST5368126638192.168.2.14181.117.160.195
                              Mar 30, 2025 05:15:49.290441036 CEST536812621192.168.2.1495.24.174.89
                              Mar 30, 2025 05:15:49.290504932 CEST5368156757192.168.2.14171.5.246.254
                              Mar 30, 2025 05:15:52.875175953 CEST4625453681181.94.224.3192.168.2.14
                              Mar 30, 2025 05:15:52.878976107 CEST5368146254192.168.2.14181.94.224.3
                              Mar 30, 2025 05:16:00.986458063 CEST536812621192.168.2.1495.24.174.89
                              Mar 30, 2025 05:16:00.986654997 CEST5368148510192.168.2.14186.85.240.119
                              Mar 30, 2025 05:16:02.989975929 CEST536816881192.168.2.1482.221.103.244
                              Mar 30, 2025 05:16:02.992285967 CEST536816881192.168.2.1467.215.246.10
                              Mar 30, 2025 05:16:03.151449919 CEST68815368167.215.246.10192.168.2.14
                              Mar 30, 2025 05:16:05.003050089 CEST536814691192.168.2.14176.208.33.175
                              Mar 30, 2025 05:16:05.003187895 CEST5368110733192.168.2.1446.242.11.50
                              Mar 30, 2025 05:16:05.003207922 CEST5368137000192.168.2.14157.48.129.127
                              Mar 30, 2025 05:16:05.221151114 CEST107335368146.242.11.50192.168.2.14
                              Mar 30, 2025 05:16:05.221839905 CEST5368133647192.168.2.1486.171.147.214
                              Mar 30, 2025 05:16:05.221862078 CEST5368145616192.168.2.14177.225.165.149
                              Mar 30, 2025 05:16:05.221862078 CEST536819010192.168.2.1499.241.228.239
                              Mar 30, 2025 05:16:05.221873045 CEST536816918192.168.2.145.228.82.170
                              Mar 30, 2025 05:16:05.221940041 CEST536816881192.168.2.1446.164.32.235
                              Mar 30, 2025 05:16:05.221955061 CEST536816881192.168.2.1467.215.246.10
                              Mar 30, 2025 05:16:05.276696920 CEST469153681176.208.33.175192.168.2.14
                              Mar 30, 2025 05:16:05.276928902 CEST5368145616192.168.2.14177.225.165.149
                              Mar 30, 2025 05:16:05.355436087 CEST90105368199.241.228.239192.168.2.14
                              Mar 30, 2025 05:16:05.381823063 CEST68815368167.215.246.10192.168.2.14
                              Mar 30, 2025 05:16:05.382163048 CEST5368165432192.168.2.14184.22.37.201
                              Mar 30, 2025 05:16:05.382178068 CEST5368121292192.168.2.14200.63.41.32
                              Mar 30, 2025 05:16:05.382203102 CEST5368159772192.168.2.14186.13.122.39
                              Mar 30, 2025 05:16:05.408149958 CEST336475368186.171.147.214192.168.2.14
                              Mar 30, 2025 05:16:05.428000927 CEST68815368146.164.32.235192.168.2.14
                              Mar 30, 2025 05:16:05.428411961 CEST4561653681177.225.165.149192.168.2.14
                              Mar 30, 2025 05:16:05.446701050 CEST3700053681157.48.129.127192.168.2.14
                              Mar 30, 2025 05:16:05.446923971 CEST536816891192.168.2.14185.177.124.180
                              Mar 30, 2025 05:16:05.493632078 CEST4561653681177.225.165.149192.168.2.14
                              Mar 30, 2025 05:16:05.493858099 CEST5368160682192.168.2.14198.54.134.252
                              Mar 30, 2025 05:16:05.630754948 CEST689153681185.177.124.180192.168.2.14
                              Mar 30, 2025 05:16:05.631043911 CEST5368113299192.168.2.14173.220.61.10
                              Mar 30, 2025 05:16:05.729290962 CEST6068253681198.54.134.252192.168.2.14
                              Mar 30, 2025 05:16:05.729681015 CEST5368143304192.168.2.14114.47.85.120
                              Mar 30, 2025 05:16:05.733019114 CEST5977253681186.13.122.39192.168.2.14
                              Mar 30, 2025 05:16:05.733211040 CEST5368133647192.168.2.1486.171.147.214
                              Mar 30, 2025 05:16:05.759025097 CEST1329953681173.220.61.10192.168.2.14
                              Mar 30, 2025 05:16:05.759200096 CEST536817772192.168.2.1460.143.71.74
                              Mar 30, 2025 05:16:06.033731937 CEST4330453681114.47.85.120192.168.2.14
                              Mar 30, 2025 05:16:06.034002066 CEST5368114480192.168.2.14154.47.28.136
                              Mar 30, 2025 05:16:06.049684048 CEST77725368160.143.71.74192.168.2.14
                              Mar 30, 2025 05:16:06.049863100 CEST536816880192.168.2.14154.202.132.183
                              Mar 30, 2025 05:16:06.184293985 CEST688053681154.202.132.183192.168.2.14
                              Mar 30, 2025 05:16:06.184729099 CEST536816881192.168.2.1494.158.12.211
                              Mar 30, 2025 05:16:06.453054905 CEST68815368194.158.12.211192.168.2.14
                              Mar 30, 2025 05:16:06.453474998 CEST536816889192.168.2.14178.84.39.173
                              Mar 30, 2025 05:16:06.998682976 CEST536813000192.168.2.14154.205.157.45
                              Mar 30, 2025 05:16:09.001044989 CEST536819010192.168.2.1499.241.228.239
                              Mar 30, 2025 05:16:09.155385017 CEST90105368199.241.228.239192.168.2.14
                              Mar 30, 2025 05:16:10.002038002 CEST536813000192.168.2.14154.205.157.45
                              Mar 30, 2025 05:16:15.001631021 CEST536816881192.168.2.1467.215.246.10
                              Mar 30, 2025 05:16:15.160687923 CEST68815368167.215.246.10192.168.2.14
                              Mar 30, 2025 05:16:24.999366045 CEST5368136253192.168.2.14195.154.179.2
                              Mar 30, 2025 05:16:24.999372959 CEST5368145355192.168.2.1424.236.101.34
                              Mar 30, 2025 05:16:24.999448061 CEST5368141060192.168.2.1480.250.231.164
                              Mar 30, 2025 05:16:25.152805090 CEST453555368124.236.101.34192.168.2.14
                              Mar 30, 2025 05:16:25.153251886 CEST536816918192.168.2.145.228.82.170
                              Mar 30, 2025 05:16:25.153251886 CEST5368137000192.168.2.14157.48.129.127
                              Mar 30, 2025 05:16:25.153278112 CEST536814691192.168.2.14176.208.33.175
                              Mar 30, 2025 05:16:25.153278112 CEST5368151413192.168.2.1449.238.6.193
                              Mar 30, 2025 05:16:25.177885056 CEST3625353681195.154.179.2192.168.2.14
                              Mar 30, 2025 05:16:25.178189039 CEST5368151413192.168.2.14126.28.199.235
                              Mar 30, 2025 05:16:25.222078085 CEST410605368180.250.231.164192.168.2.14
                              Mar 30, 2025 05:16:25.222527981 CEST5368110250192.168.2.14178.174.239.249
                              Mar 30, 2025 05:16:25.369081974 CEST6918536815.228.82.170192.168.2.14
                              Mar 30, 2025 05:16:25.422470093 CEST469153681176.208.33.175192.168.2.14
                              Mar 30, 2025 05:16:25.427231073 CEST1025053681178.174.239.249192.168.2.14
                              Mar 30, 2025 05:16:25.427453041 CEST5368144623192.168.2.14178.234.62.199
                              Mar 30, 2025 05:16:25.450444937 CEST514135368149.238.6.193192.168.2.14
                              Mar 30, 2025 05:16:25.450725079 CEST5368138570192.168.2.14188.241.80.69
                              Mar 30, 2025 05:16:25.462095022 CEST5141353681126.28.199.235192.168.2.14
                              Mar 30, 2025 05:16:25.462275028 CEST5368149001192.168.2.14188.18.37.187
                              Mar 30, 2025 05:16:25.644795895 CEST4462353681178.234.62.199192.168.2.14
                              Mar 30, 2025 05:16:25.645162106 CEST536815870192.168.2.1462.210.181.41
                              Mar 30, 2025 05:16:25.715766907 CEST4900153681188.18.37.187192.168.2.14
                              Mar 30, 2025 05:16:25.716275930 CEST5368152767192.168.2.14174.106.248.226
                              Mar 30, 2025 05:16:25.841084957 CEST3857053681188.241.80.69192.168.2.14
                              Mar 30, 2025 05:16:25.841660976 CEST536818687192.168.2.14116.226.31.175
                              Mar 30, 2025 05:16:26.991781950 CEST536817489192.168.2.14185.142.92.10
                              Mar 30, 2025 05:16:29.992471933 CEST536812621192.168.2.1495.24.174.89
                              Mar 30, 2025 05:16:29.992480040 CEST5368119850192.168.2.1492.141.177.229
                              Mar 30, 2025 05:16:29.992683887 CEST536817489192.168.2.14185.142.92.10
                              Mar 30, 2025 05:16:30.190963984 CEST198505368192.141.177.229192.168.2.14
                              Mar 30, 2025 05:16:30.191418886 CEST5368165432192.168.2.14184.22.37.201
                              Mar 30, 2025 05:16:30.555876017 CEST6543253681184.22.37.201192.168.2.14
                              Mar 30, 2025 05:16:38.982534885 CEST536816818192.168.2.14209.38.196.30
                              Mar 30, 2025 05:16:41.982475042 CEST536816818192.168.2.14209.38.196.30
                              Mar 30, 2025 05:16:42.231765985 CEST681853681209.38.196.30192.168.2.14
                              Mar 30, 2025 05:16:42.231781960 CEST681853681209.38.196.30192.168.2.14
                              Mar 30, 2025 05:16:42.237227917 CEST536816818192.168.2.14209.38.196.30
                              Mar 30, 2025 05:16:42.237469912 CEST536816818192.168.2.14209.38.196.30
                              Mar 30, 2025 05:16:42.239485025 CEST536816818192.168.2.14209.38.196.30
                              Mar 30, 2025 05:16:44.996448040 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:45.484699011 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:45.485194921 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:45.927988052 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:45.935260057 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:45.964736938 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:45.964809895 CEST5368120230192.168.2.1414.154.2.243
                              Mar 30, 2025 05:16:45.964941025 CEST5368155220192.168.2.14178.235.189.68
                              Mar 30, 2025 05:16:45.964941025 CEST5368154768192.168.2.14186.99.137.5
                              Mar 30, 2025 05:16:46.460423946 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:46.580041885 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:46.609589100 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:46.609860897 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:46.827452898 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:49.056077957 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:49.056168079 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:49.058927059 CEST3807453192.168.2.148.8.8.8
                              Mar 30, 2025 05:16:49.157768965 CEST53380748.8.8.8192.168.2.14
                              Mar 30, 2025 05:16:49.158363104 CEST536816881192.168.2.1482.221.103.244
                              Mar 30, 2025 05:16:49.161719084 CEST536816881192.168.2.1467.215.246.10
                              Mar 30, 2025 05:16:49.289644003 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:49.289669037 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:49.289958954 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:49.290075064 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:49.323270082 CEST68815368167.215.246.10192.168.2.14
                              Mar 30, 2025 05:16:49.710856915 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:49.715580940 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:49.738234043 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:49.854486942 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:49.854516029 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:49.879597902 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:50.159018993 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:50.159065008 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:50.260015011 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:50.260015965 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:50.427088976 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:50.427246094 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:50.427546978 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:50.427654028 CEST5368160362192.168.2.1478.130.47.113
                              Mar 30, 2025 05:16:50.879056931 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:50.879106045 CEST603625368178.130.47.113192.168.2.14
                              Mar 30, 2025 05:16:50.980578899 CEST5368146254192.168.2.14181.94.224.3
                              Mar 30, 2025 05:16:50.980796099 CEST5368155842192.168.2.14178.136.195.90
                              Mar 30, 2025 05:16:52.983396053 CEST536816881192.168.2.1446.164.32.235
                              Mar 30, 2025 05:16:52.983560085 CEST536814691192.168.2.14176.208.33.175
                              Mar 30, 2025 05:16:52.983592987 CEST536816918192.168.2.145.228.82.170
                              Mar 30, 2025 05:16:52.983561039 CEST5368138570192.168.2.14188.241.80.69
                              Mar 30, 2025 05:16:52.983762980 CEST5368110733192.168.2.1446.242.11.50
                              Mar 30, 2025 05:16:52.983882904 CEST5368133647192.168.2.1486.171.147.214
                              Mar 30, 2025 05:16:52.983985901 CEST536816918192.168.2.145.228.82.170
                              Mar 30, 2025 05:16:53.187868118 CEST107335368146.242.11.50192.168.2.14
                              Mar 30, 2025 05:16:53.188669920 CEST5368137000192.168.2.14157.48.129.127
                              Mar 30, 2025 05:16:53.188671112 CEST5368137000192.168.2.14157.48.129.127
                              Mar 30, 2025 05:16:53.188779116 CEST5368143193192.168.2.14188.244.253.33
                              Mar 30, 2025 05:16:53.189342022 CEST68815368146.164.32.235192.168.2.14
                              Mar 30, 2025 05:16:53.189959049 CEST5368137000192.168.2.14157.48.129.127
                              Mar 30, 2025 05:16:53.190155029 CEST5368141498192.168.2.1424.144.47.156
                              Mar 30, 2025 05:16:53.200689077 CEST6918536815.228.82.170192.168.2.14
                              Mar 30, 2025 05:16:53.200829029 CEST6918536815.228.82.170192.168.2.14
                              Mar 30, 2025 05:16:53.201359987 CEST5368134379192.168.2.1431.181.35.148
                              Mar 30, 2025 05:16:53.201585054 CEST5368151407192.168.2.14178.45.141.58
                              Mar 30, 2025 05:16:53.251635075 CEST469153681176.208.33.175192.168.2.14
                              Mar 30, 2025 05:16:53.252345085 CEST5368147593192.168.2.1446.72.53.228
                              Mar 30, 2025 05:16:53.339199066 CEST414985368124.144.47.156192.168.2.14
                              Mar 30, 2025 05:16:53.374598980 CEST3857053681188.241.80.69192.168.2.14
                              Mar 30, 2025 05:16:53.454415083 CEST4319353681188.244.253.33192.168.2.14
                              Mar 30, 2025 05:16:53.484487057 CEST475935368146.72.53.228192.168.2.14
                              Mar 30, 2025 05:16:53.485306978 CEST5368117613192.168.2.1438.21.51.103
                              Mar 30, 2025 05:16:53.513560057 CEST5140753681178.45.141.58192.168.2.14
                              Mar 30, 2025 05:16:53.514256001 CEST5368140924192.168.2.14176.124.146.189
                              Mar 30, 2025 05:16:53.622785091 CEST176135368138.21.51.103192.168.2.14
                              Mar 30, 2025 05:16:53.625593901 CEST5368158780192.168.2.1437.135.84.122
                              Mar 30, 2025 05:16:53.989567041 CEST5368155842192.168.2.14178.136.195.90
                              Mar 30, 2025 05:16:54.669481039 CEST3700053681157.48.129.127192.168.2.14
                              Mar 30, 2025 05:16:54.670402050 CEST5368154155192.168.2.14179.66.142.220
                              Mar 30, 2025 05:16:54.897459984 CEST5415553681179.66.142.220192.168.2.14
                              Mar 30, 2025 05:16:54.898053885 CEST536816881192.168.2.142.57.84.131
                              Mar 30, 2025 05:16:55.121151924 CEST6881536812.57.84.131192.168.2.14
                              Mar 30, 2025 05:16:55.121815920 CEST5368151413192.168.2.1446.55.162.39
                              Mar 30, 2025 05:16:55.336131096 CEST514135368146.55.162.39192.168.2.14
                              Mar 30, 2025 05:16:55.336709023 CEST5368149966192.168.2.1491.160.161.82
                              Mar 30, 2025 05:16:55.516597986 CEST499665368191.160.161.82192.168.2.14
                              Mar 30, 2025 05:16:55.517262936 CEST5368149700192.168.2.1424.236.195.109
                              Mar 30, 2025 05:16:55.645342112 CEST497005368124.236.195.109192.168.2.14
                              Mar 30, 2025 05:16:55.645881891 CEST5368111209192.168.2.14163.172.75.19
                              Mar 30, 2025 05:16:55.815265894 CEST1120953681163.172.75.19192.168.2.14
                              Mar 30, 2025 05:16:55.815951109 CEST536816889192.168.2.1491.20.28.53
                              Mar 30, 2025 05:16:56.016087055 CEST68895368191.20.28.53192.168.2.14
                              Mar 30, 2025 05:16:56.016777992 CEST536817095192.168.2.1489.134.18.40
                              Mar 30, 2025 05:16:56.231417894 CEST70955368189.134.18.40192.168.2.14
                              Mar 30, 2025 05:16:56.232204914 CEST5368117600192.168.2.14185.106.59.29
                              Mar 30, 2025 05:16:56.479435921 CEST1760053681185.106.59.29192.168.2.14
                              Mar 30, 2025 05:16:56.479784012 CEST536811261192.168.2.14193.226.238.212
                              Mar 30, 2025 05:16:56.670624971 CEST126153681193.226.238.212192.168.2.14
                              Mar 30, 2025 05:16:56.671081066 CEST5368155707192.168.2.14184.75.221.180
                              Mar 30, 2025 05:16:56.779063940 CEST5570753681184.75.221.180192.168.2.14
                              Mar 30, 2025 05:16:56.779752016 CEST5368162370192.168.2.1483.255.190.106
                              Mar 30, 2025 05:16:56.982347012 CEST536813003192.168.2.14154.205.157.45
                              Mar 30, 2025 05:16:56.998418093 CEST623705368183.255.190.106192.168.2.14
                              Mar 30, 2025 05:16:56.999212980 CEST5368135731192.168.2.1473.89.252.123
                              Mar 30, 2025 05:16:57.127403021 CEST357315368173.89.252.123192.168.2.14
                              Mar 30, 2025 05:16:57.128113031 CEST5368137344192.168.2.1445.228.212.46
                              Mar 30, 2025 05:16:57.167285919 CEST300353681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:16:57.167830944 CEST536813003192.168.2.14154.205.157.45
                              Mar 30, 2025 05:16:57.412511110 CEST373445368145.228.212.46192.168.2.14
                              Mar 30, 2025 05:16:57.413429022 CEST5368155197192.168.2.1472.21.17.51
                              Mar 30, 2025 05:16:57.523161888 CEST551975368172.21.17.51192.168.2.14
                              Mar 30, 2025 05:16:57.523807049 CEST536816881192.168.2.1485.220.32.111
                              Mar 30, 2025 05:16:57.726223946 CEST536813003192.168.2.14154.205.157.45
                              Mar 30, 2025 05:16:57.740391970 CEST68815368185.220.32.111192.168.2.14
                              Mar 30, 2025 05:16:57.741365910 CEST536813585192.168.2.1491.223.75.159
                              Mar 30, 2025 05:16:57.937683105 CEST35855368191.223.75.159192.168.2.14
                              Mar 30, 2025 05:16:57.938247919 CEST5368112275192.168.2.14117.29.90.74
                              Mar 30, 2025 05:16:58.848809004 CEST536813003192.168.2.14154.205.157.45
                              Mar 30, 2025 05:16:59.054068089 CEST300353681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:16:59.054097891 CEST300353681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:16:59.054609060 CEST536813003192.168.2.14154.205.157.45
                              Mar 30, 2025 05:16:59.090696096 CEST536813003192.168.2.14154.205.157.45
                              Mar 30, 2025 05:16:59.238137960 CEST300353681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:16:59.238662958 CEST536813003192.168.2.14154.205.157.45
                              Mar 30, 2025 05:16:59.280275106 CEST300353681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:16:59.280553102 CEST300353681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:16:59.280944109 CEST536813003192.168.2.14154.205.157.45
                              Mar 30, 2025 05:17:00.244463921 CEST300353681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:17:00.245886087 CEST536813003192.168.2.14154.205.157.45
                              Mar 30, 2025 05:17:01.984971046 CEST5368120230192.168.2.1414.154.2.243
                              Mar 30, 2025 05:17:01.985003948 CEST5368155220192.168.2.14178.235.189.68
                              Mar 30, 2025 05:17:01.985061884 CEST5368154768192.168.2.14186.99.137.5
                              Mar 30, 2025 05:17:02.996305943 CEST5368164248192.168.2.14190.80.34.10
                              Mar 30, 2025 05:17:02.996475935 CEST536817799192.168.2.1454.215.207.56
                              Mar 30, 2025 05:17:03.231420040 CEST6424853681190.80.34.10192.168.2.14
                              Mar 30, 2025 05:17:03.231915951 CEST5368128013192.168.2.145.79.83.114
                              Mar 30, 2025 05:17:03.231937885 CEST5368121292192.168.2.14200.63.41.32
                              Mar 30, 2025 05:17:03.413820028 CEST28013536815.79.83.114192.168.2.14
                              Mar 30, 2025 05:17:05.998195887 CEST536817799192.168.2.1454.215.207.56
                              Mar 30, 2025 05:17:10.988171101 CEST5368124701192.168.2.14183.136.216.92
                              Mar 30, 2025 05:17:10.988207102 CEST536812114192.168.2.1495.25.136.19
                              Mar 30, 2025 05:17:10.988300085 CEST5368139528192.168.2.1468.112.204.176
                              Mar 30, 2025 05:17:10.988337040 CEST5368153562192.168.2.1483.30.191.10
                              Mar 30, 2025 05:17:10.988395929 CEST536816881192.168.2.14165.73.62.152
                              Mar 30, 2025 05:17:10.988501072 CEST5368122636192.168.2.1441.121.126.152
                              Mar 30, 2025 05:17:11.144529104 CEST395285368168.112.204.176192.168.2.14
                              Mar 30, 2025 05:17:11.145170927 CEST5368132958192.168.2.14112.172.103.191
                              Mar 30, 2025 05:17:11.145261049 CEST536811089192.168.2.1446.188.124.64
                              Mar 30, 2025 05:17:11.221026897 CEST21145368195.25.136.19192.168.2.14
                              Mar 30, 2025 05:17:11.221602917 CEST536816998192.168.2.1423.94.134.189
                              Mar 30, 2025 05:17:11.330545902 CEST688153681165.73.62.152192.168.2.14
                              Mar 30, 2025 05:17:11.331068039 CEST536816881192.168.2.14181.2.131.22
                              Mar 30, 2025 05:17:11.375925064 CEST10895368146.188.124.64192.168.2.14
                              Mar 30, 2025 05:17:11.376127005 CEST5368141411192.168.2.1491.238.170.107
                              Mar 30, 2025 05:17:11.405056000 CEST69985368123.94.134.189192.168.2.14
                              Mar 30, 2025 05:17:11.405199051 CEST5368151413192.168.2.1488.112.74.121
                              Mar 30, 2025 05:17:11.572352886 CEST688153681181.2.131.22192.168.2.14
                              Mar 30, 2025 05:17:11.572849989 CEST536816813192.168.2.14177.25.126.152
                              Mar 30, 2025 05:17:11.614897966 CEST414115368191.238.170.107192.168.2.14
                              Mar 30, 2025 05:17:11.615297079 CEST5368148367192.168.2.1495.24.127.125
                              Mar 30, 2025 05:17:11.629786015 CEST514135368188.112.74.121192.168.2.14
                              Mar 30, 2025 05:17:11.630295992 CEST536816827192.168.2.1485.174.205.16
                              Mar 30, 2025 05:17:11.879328966 CEST68275368185.174.205.16192.168.2.14
                              Mar 30, 2025 05:17:11.880022049 CEST5368142009192.168.2.1491.170.58.143
                              Mar 30, 2025 05:17:12.991183996 CEST536813005192.168.2.14154.205.157.45
                              Mar 30, 2025 05:17:13.709909916 CEST300553681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:17:13.710431099 CEST536813005192.168.2.14154.205.157.45
                              Mar 30, 2025 05:17:14.982208967 CEST5368164248192.168.2.14190.80.34.10
                              Mar 30, 2025 05:17:14.982404947 CEST5368154377192.168.2.14146.241.177.235
                              Mar 30, 2025 05:17:15.326617002 CEST6424853681190.80.34.10192.168.2.14
                              Mar 30, 2025 05:17:15.871037006 CEST536813005192.168.2.14154.205.157.45
                              Mar 30, 2025 05:17:16.465008974 CEST300553681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:17:16.465035915 CEST300553681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:17:16.465182066 CEST300553681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:17:16.465487003 CEST536813005192.168.2.14154.205.157.45
                              Mar 30, 2025 05:17:16.500549078 CEST536813005192.168.2.14154.205.157.45
                              Mar 30, 2025 05:17:16.500612020 CEST536813005192.168.2.14154.205.157.45
                              Mar 30, 2025 05:17:17.522449017 CEST300553681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:17:17.987634897 CEST5368154377192.168.2.14146.241.177.235
                              Mar 30, 2025 05:17:18.471538067 CEST300553681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:17:18.471612930 CEST300553681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:17:18.471957922 CEST536813005192.168.2.14154.205.157.45
                              Mar 30, 2025 05:17:18.481347084 CEST300553681154.205.157.45192.168.2.14
                              Mar 30, 2025 05:17:22.994457006 CEST5368120230192.168.2.1414.154.2.243
                              Mar 30, 2025 05:17:22.994482040 CEST5368155220192.168.2.14178.235.189.68
                              Mar 30, 2025 05:17:22.994560003 CEST5368154768192.168.2.14186.99.137.5
                              Mar 30, 2025 05:17:26.979971886 CEST5368113747192.168.2.14168.232.12.86
                              Mar 30, 2025 05:17:29.998414040 CEST5368113747192.168.2.14168.232.12.86
                              Mar 30, 2025 05:17:32.981924057 CEST536813468192.168.2.14106.210.128.151
                              Mar 30, 2025 05:17:32.981944084 CEST5368145717192.168.2.1484.153.232.48
                              Mar 30, 2025 05:17:32.982033014 CEST5368122800192.168.2.14212.15.57.45
                              Mar 30, 2025 05:17:32.982050896 CEST5368111244192.168.2.14195.7.12.14
                              Mar 30, 2025 05:17:32.982052088 CEST5368164158192.168.2.1491.247.76.14
                              Mar 30, 2025 05:17:32.982094049 CEST5368153562192.168.2.1483.30.191.10
                              Mar 30, 2025 05:17:34.981225967 CEST5368146254192.168.2.14181.94.224.3
                              Mar 30, 2025 05:17:35.241503954 CEST4625453681181.94.224.3192.168.2.14
                              Mar 30, 2025 05:17:35.242089987 CEST5368121292192.168.2.14200.63.41.32
                              Mar 30, 2025 05:17:38.995009899 CEST5368123968192.168.2.142.187.250.83
                              Mar 30, 2025 05:17:40.996510029 CEST536816881192.168.2.1475.73.138.48
                              Mar 30, 2025 05:17:40.996583939 CEST5368118839192.168.2.1458.62.33.80
                              Mar 30, 2025 05:17:40.996654987 CEST5368122646192.168.2.14182.105.243.206
                              Mar 30, 2025 05:17:42.008343935 CEST5368123968192.168.2.142.187.250.83
                              Mar 30, 2025 05:17:42.264318943 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:17:42.265151978 CEST5368123968192.168.2.142.187.250.83
                              Mar 30, 2025 05:17:42.265151978 CEST5368123968192.168.2.142.187.250.83
                              Mar 30, 2025 05:17:42.707452059 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:17:42.707484961 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:17:42.817766905 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:17:43.990346909 CEST536819010192.168.2.1499.241.228.239
                              Mar 30, 2025 05:17:44.140678883 CEST90105368199.241.228.239192.168.2.14
                              Mar 30, 2025 05:17:45.272080898 CEST5368123968192.168.2.142.187.250.83
                              Mar 30, 2025 05:17:45.626820087 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:17:47.297559023 CEST4332353192.168.2.148.8.8.8
                              Mar 30, 2025 05:17:47.297683001 CEST5710453192.168.2.148.8.8.8
                              Mar 30, 2025 05:17:47.395878077 CEST53571048.8.8.8192.168.2.14
                              Mar 30, 2025 05:17:47.395908117 CEST53433238.8.8.8192.168.2.14
                              Mar 30, 2025 05:17:51.280337095 CEST5368123968192.168.2.142.187.250.83
                              Mar 30, 2025 05:17:51.605714083 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:17:51.716392994 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:17:51.978178978 CEST5368153562192.168.2.1483.30.191.10
                              Mar 30, 2025 05:17:51.978184938 CEST5368145717192.168.2.1484.153.232.48
                              Mar 30, 2025 05:17:51.978188992 CEST536813468192.168.2.14106.210.128.151
                              Mar 30, 2025 05:17:51.978202105 CEST5368122800192.168.2.14212.15.57.45
                              Mar 30, 2025 05:17:51.978203058 CEST5368111244192.168.2.14195.7.12.14
                              Mar 30, 2025 05:17:51.978203058 CEST5368164158192.168.2.1491.247.76.14
                              Mar 30, 2025 05:17:52.260888100 CEST2280053681212.15.57.45192.168.2.14
                              Mar 30, 2025 05:17:52.261243105 CEST5368132958192.168.2.14112.172.103.191
                              Mar 30, 2025 05:17:52.261244059 CEST5368132958192.168.2.14112.172.103.191
                              Mar 30, 2025 05:17:52.261245012 CEST5368122800192.168.2.14212.15.57.45
                              Mar 30, 2025 05:17:52.526149035 CEST2280053681212.15.57.45192.168.2.14
                              Mar 30, 2025 05:18:01.980202913 CEST536816881192.168.2.1475.73.138.48
                              Mar 30, 2025 05:18:01.980209112 CEST5368118839192.168.2.1458.62.33.80
                              Mar 30, 2025 05:18:01.980215073 CEST5368122646192.168.2.14182.105.243.206
                              Mar 30, 2025 05:18:03.291285038 CEST5368123968192.168.2.142.187.250.83
                              Mar 30, 2025 05:18:03.627377033 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:18:03.810888052 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:18:06.980051994 CEST5368146254192.168.2.14181.94.224.3
                              Mar 30, 2025 05:18:07.237591982 CEST4625453681181.94.224.3192.168.2.14
                              Mar 30, 2025 05:18:07.238466024 CEST536816892192.168.2.14180.97.50.214
                              Mar 30, 2025 05:18:10.990278959 CEST536816881192.168.2.14178.85.29.181
                              Mar 30, 2025 05:18:10.990292072 CEST5368156259192.168.2.1441.225.138.217
                              Mar 30, 2025 05:18:10.990291119 CEST5368145717192.168.2.1484.153.232.48
                              Mar 30, 2025 05:18:10.990299940 CEST5368111244192.168.2.14195.7.12.14
                              Mar 30, 2025 05:18:10.990300894 CEST5368164158192.168.2.1491.247.76.14
                              Mar 30, 2025 05:18:10.990315914 CEST536816881192.168.2.14178.206.139.151
                              Mar 30, 2025 05:18:11.220427990 CEST688153681178.206.139.151192.168.2.14
                              Mar 30, 2025 05:18:11.220578909 CEST5368132958192.168.2.14112.172.103.191
                              Mar 30, 2025 05:18:11.275199890 CEST23968536812.187.250.83192.168.2.14
                              Mar 30, 2025 05:18:12.990685940 CEST5368155196192.168.2.14138.255.223.9
                              Mar 30, 2025 05:18:13.978818893 CEST5368146254192.168.2.14181.94.224.3
                              Mar 30, 2025 05:18:14.247345924 CEST4625453681181.94.224.3192.168.2.14
                              Mar 30, 2025 05:18:16.007714033 CEST5368155196192.168.2.14138.255.223.9
                              Mar 30, 2025 05:18:19.981914997 CEST536816881192.168.2.1475.73.138.48
                              Mar 30, 2025 05:18:19.981940031 CEST5368128013192.168.2.145.79.83.114
                              Mar 30, 2025 05:18:19.981964111 CEST5368118839192.168.2.1458.62.33.80
                              Mar 30, 2025 05:18:19.981970072 CEST5368122646192.168.2.14182.105.243.206
                              Mar 30, 2025 05:18:20.170854092 CEST28013536815.79.83.114192.168.2.14
                              Mar 30, 2025 05:18:20.334841967 CEST2264653681182.105.243.206192.168.2.14
                              Mar 30, 2025 05:18:20.335565090 CEST536812988192.168.2.14176.241.84.131
                              Mar 30, 2025 05:18:20.982690096 CEST5368131041192.168.2.141.70.85.22
                              Mar 30, 2025 05:18:21.366372108 CEST31041536811.70.85.22192.168.2.14
                              Mar 30, 2025 05:18:21.367055893 CEST5368131041192.168.2.141.70.85.22
                              Mar 30, 2025 05:18:21.799184084 CEST31041536811.70.85.22192.168.2.14
                              Mar 30, 2025 05:18:21.857898951 CEST31041536811.70.85.22192.168.2.14
                              Mar 30, 2025 05:18:21.858685017 CEST5368131041192.168.2.141.70.85.22
                              Mar 30, 2025 05:18:22.348001957 CEST31041536811.70.85.22192.168.2.14
                              Mar 30, 2025 05:18:23.585546970 CEST31041536811.70.85.22192.168.2.14
                              Mar 30, 2025 05:18:23.647958994 CEST5368131041192.168.2.141.70.85.22
                              Mar 30, 2025 05:18:23.688340902 CEST5368131041192.168.2.141.70.85.22
                              Mar 30, 2025 05:18:24.024965048 CEST31041536811.70.85.22192.168.2.14
                              Mar 30, 2025 05:18:24.024991989 CEST31041536811.70.85.22192.168.2.14
                              Mar 30, 2025 05:18:24.992491007 CEST5368126127192.168.2.145.36.121.116
                              Mar 30, 2025 05:18:24.992535114 CEST536817317192.168.2.14189.63.46.223
                              Mar 30, 2025 05:18:27.994841099 CEST536817317192.168.2.14189.63.46.223
                              Mar 30, 2025 05:18:27.994839907 CEST5368126127192.168.2.145.36.121.116
                              Mar 30, 2025 05:18:28.363564968 CEST26127536815.36.121.116192.168.2.14
                              Mar 30, 2025 05:18:28.364228964 CEST5368126127192.168.2.145.36.121.116
                              Mar 30, 2025 05:18:28.364228964 CEST5368126127192.168.2.145.36.121.116
                              Mar 30, 2025 05:18:28.982948065 CEST5368148979192.168.2.142.183.97.22
                              Mar 30, 2025 05:18:28.983843088 CEST26127536815.36.121.116192.168.2.14
                              Mar 30, 2025 05:18:29.284967899 CEST48979536812.183.97.22192.168.2.14
                              Mar 30, 2025 05:18:29.285873890 CEST5368148979192.168.2.142.183.97.22
                              Mar 30, 2025 05:18:30.136284113 CEST48979536812.183.97.22192.168.2.14
                              Mar 30, 2025 05:18:31.375466108 CEST5368126127192.168.2.145.36.121.116
                              Mar 30, 2025 05:18:31.739444971 CEST26127536815.36.121.116192.168.2.14
                              Mar 30, 2025 05:18:31.839967012 CEST26127536815.36.121.116192.168.2.14
                              Mar 30, 2025 05:18:31.981997967 CEST5368119651192.168.2.14176.115.144.24
                              Mar 30, 2025 05:18:31.982002974 CEST5368148429192.168.2.141.161.159.155
                              Mar 30, 2025 05:18:31.982018948 CEST5368156259192.168.2.1441.225.138.217
                              Mar 30, 2025 05:18:31.982048988 CEST536816881192.168.2.14178.85.29.181
                              Mar 30, 2025 05:18:31.982094049 CEST5368150321192.168.2.14177.121.254.152
                              Mar 30, 2025 05:18:31.982105017 CEST5368142856192.168.2.14201.131.173.28
                              Mar 30, 2025 05:18:32.283220053 CEST48429536811.161.159.155192.168.2.14
                              Mar 30, 2025 05:18:32.283937931 CEST536816881192.168.2.1488.99.212.222
                              Mar 30, 2025 05:18:36.988078117 CEST5368162353192.168.2.1477.49.156.11
                              TimestampSource IPDest IPChecksumCodeType
                              Mar 30, 2025 05:16:01.401341915 CEST186.85.240.119192.168.2.146add(Port unreachable)Destination Unreachable
                              Mar 30, 2025 05:16:26.194933891 CEST116.226.31.175192.168.2.1454c8(Port unreachable)Destination Unreachable
                              Mar 30, 2025 05:16:26.194962025 CEST116.226.31.175192.168.2.1454c8(Port unreachable)Destination Unreachable
                              Mar 30, 2025 05:17:33.263799906 CEST195.7.12.14192.168.2.148f4c(Port unreachable)Destination Unreachable
                              Mar 30, 2025 05:17:33.428226948 CEST106.210.128.151192.168.2.14aba0(Port unreachable)Destination Unreachable
                              Mar 30, 2025 05:17:52.272463083 CEST195.7.12.14192.168.2.148f4c(Port unreachable)Destination Unreachable
                              Mar 30, 2025 05:18:11.278795958 CEST195.7.12.14192.168.2.148f4c(Port unreachable)Destination Unreachable
                              Mar 30, 2025 05:18:32.208856106 CEST176.115.144.24192.168.2.143be4(Port unreachable)Destination Unreachable
                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Mar 30, 2025 05:15:08.171554089 CEST192.168.2.148.8.8.80xda3bStandard query (0)router.utorrent.comA (IP address)IN (0x0001)false
                              Mar 30, 2025 05:15:08.275891066 CEST192.168.2.148.8.8.80x3f71Standard query (0)router.bittorrent.comA (IP address)IN (0x0001)false
                              Mar 30, 2025 05:16:49.058927059 CEST192.168.2.148.8.8.80xbe1fStandard query (0)router.utorrent.comA (IP address)IN (0x0001)false
                              Mar 30, 2025 05:17:47.297559023 CEST192.168.2.148.8.8.80x304dStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                              Mar 30, 2025 05:17:47.297683001 CEST192.168.2.148.8.8.80x3738Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Mar 30, 2025 05:15:08.272833109 CEST8.8.8.8192.168.2.140xda3bNo error (0)router.utorrent.com82.221.103.244A (IP address)IN (0x0001)false
                              Mar 30, 2025 05:15:09.145694971 CEST8.8.8.8192.168.2.140x3f71No error (0)router.bittorrent.com67.215.246.10A (IP address)IN (0x0001)false
                              Mar 30, 2025 05:16:49.157768965 CEST8.8.8.8192.168.2.140xbe1fNo error (0)router.utorrent.com82.221.103.244A (IP address)IN (0x0001)false
                              Mar 30, 2025 05:17:47.395908117 CEST8.8.8.8192.168.2.140x304dNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                              Mar 30, 2025 05:17:47.395908117 CEST8.8.8.8192.168.2.140x304dNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                              System Behavior

                              Start time (UTC):03:15:00
                              Start date (UTC):30/03/2025
                              Path:/tmp/.i.elf
                              Arguments:/tmp/.i.elf
                              File size:5777432 bytes
                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                              Start time (UTC):03:15:01
                              Start date (UTC):30/03/2025
                              Path:/tmp/.i.elf
                              Arguments:-
                              File size:5777432 bytes
                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/tmp/.i.elf
                              Arguments:-
                              File size:5777432 bytes
                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:-
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/usr/sbin/iptables
                              Arguments:iptables -A INPUT -p tcp --destination-port 23 -j DROP
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/tmp/.i.elf
                              Arguments:-
                              File size:5777432 bytes
                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:-
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/usr/sbin/iptables
                              Arguments:iptables -A INPUT -p tcp --destination-port 7547 -j DROP
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/tmp/.i.elf
                              Arguments:-
                              File size:5777432 bytes
                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:-
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/usr/sbin/iptables
                              Arguments:iptables -A INPUT -p tcp --destination-port 5555 -j DROP
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/tmp/.i.elf
                              Arguments:-
                              File size:5777432 bytes
                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:-
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/usr/sbin/iptables
                              Arguments:iptables -A INPUT -p tcp --destination-port 5358 -j DROP
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/tmp/.i.elf
                              Arguments:-
                              File size:5777432 bytes
                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:sh -c "iptables -D INPUT -j CWMP_CR"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:-
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/usr/sbin/iptables
                              Arguments:iptables -D INPUT -j CWMP_CR
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/tmp/.i.elf
                              Arguments:-
                              File size:5777432 bytes
                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:sh -c "iptables -X CWMP_CR"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:-
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/usr/sbin/iptables
                              Arguments:iptables -X CWMP_CR
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/tmp/.i.elf
                              Arguments:-
                              File size:5777432 bytes
                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                              Start time (UTC):03:15:06
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:sh -c "iptables -I INPUT -p udp --dport 53681 -j ACCEPT"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:07
                              Start date (UTC):30/03/2025
                              Path:/bin/sh
                              Arguments:-
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Start time (UTC):03:15:07
                              Start date (UTC):30/03/2025
                              Path:/usr/sbin/iptables
                              Arguments:iptables -I INPUT -p udp --dport 53681 -j ACCEPT
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af