Edit tour

Linux Analysis Report
k49syyxi7V.elf

Overview

General Information

Sample name:	k49syyxi7V.elf renamed because original name is a hash value
Original sample name:	1d2f897be8ce8f1c1d3bc71f62a56f80.elf
Analysis ID:	1529271
MD5:	1d2f897be8ce8f1c1d3bc71f62a56f80
SHA1:	11dc8bab8fbcf47c55ea370e21a078cffb5f5481
SHA256:	1d8cfd678bae542fac781387897d36c875d8491ea32c836e2f57e030ad019d05
Tags:	32elfmipsmirai
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Enumerates processes within the "proc" file system

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1529271
Start date and time:	2024-10-08 20:10:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	k49syyxi7V.elf renamed because original name is a hash value
Original Sample Name:	1d2f897be8ce8f1c1d3bc71f62a56f80.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@2/0

Warnings

VT rate limit hit for: k49syyxi7V.elf

Runtime Messages

Command:	/tmp/k49syyxi7V.elf
PID:	5528
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

k49syyxi7V.elf (PID: 5528, Parent: 5445, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/k49syyxi7V.elf

k49syyxi7V.elf New Fork (PID: 5532, Parent: 5528)

k49syyxi7V.elf New Fork (PID: 5534, Parent: 5528)

gnome-session-binary New Fork (PID: 5567, Parent: 1498)

sh (PID: 5567, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

gnome-shell (PID: 5567, Parent: 1498, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell

gnome-session-binary New Fork (PID: 5569, Parent: 1498)

sh (PID: 5569, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing

gsd-sharing (PID: 5569, Parent: 1498, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing

gdm3 New Fork (PID: 5572, Parent: 1333)

Default (PID: 5572, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5573, Parent: 1333)

Default (PID: 5573, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 5597, Parent: 1)

systemd-user-runtime-dir (PID: 5597, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: k49syyxi7V.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: k49syyxi7V.elf

ReversingLabs: Detection: 28%

Source: /tmp/k49syyxi7V.elf (PID: 5528)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/k49syyxi7V.elf (PID: 5532)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	SIGKILL sent: pid: 1553, result: successful	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	SIGKILL sent: pid: 1659, result: successful	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	SIGKILL sent: pid: 5567, result: successful	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	SIGKILL sent: pid: 5569, result: successful	Jump to behavior

Source: classification engine

Classification label: mal56.linELF@0/0@2/0

Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1333/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1333/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1695/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/911/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/911/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/914/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/914/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1591/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1585/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/802/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/802/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/804/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/804/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3407/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3407/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1484/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1479/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/931/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/931/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1595/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/812/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/812/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/933/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/933/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3419/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3419/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3310/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3310/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5608/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5609/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3303/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3303/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1486/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5600/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5601/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5602/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5603/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5604/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5605/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5606/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3440/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3440/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3316/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3316/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1498/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1497/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/1496/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5610/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5611/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3797/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3797/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3798/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3798/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3799/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3799/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5616/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5630/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5631/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3332/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3332/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3210/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3210/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5629/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3205/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3205/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3201/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/3201/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/723/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/723/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5621/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/724/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/724/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5622/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5623/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5624/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5625/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5626/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5506/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5506/cmdline	Jump to behavior
Source: /tmp/k49syyxi7V.elf (PID: 5532)	File opened: /proc/5627/cmdline	Jump to behavior

Source: /tmp/k49syyxi7V.elf (PID: 5528)

Queries kernel information via 'uname':

Jump to behavior

Source: k49syyxi7V.elf, 5528.1.00007ffe1a396000.00007ffe1a3b7000.rw-.sdmp	Binary or memory string: qx86_64/usr/bin/qemu-mips/tmp/k49syyxi7V.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/k49syyxi7V.elf
Source: k49syyxi7V.elf, 5528.1.000056503282e000.00005650328d6000.rw-.sdmp	Binary or memory string: 2PV!/etc/qemu-binfmt/mips
Source: k49syyxi7V.elf, 5528.1.000056503282e000.00005650328d6000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: k49syyxi7V.elf, 5528.1.00007ffe1a396000.00007ffe1a3b7000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
k49syyxi7V.elf	29%	ReversingLabs	Linux.Backdoor.Mirai
k49syyxi7V.elf	100%	Avira	EXP/ELF.Agent.J.8

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
199.59.243.227	unknown	United States		395082	BODIS-NJUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
199.59.243.227	enkJ6J7dAn.exe	Get hash	malicious	FormBook	Browse	www.polarmuseum.info/nuqv/
	PO59458.exe	Get hash	malicious	FormBook	Browse	www.notepad.mobi/42yt/
	NARLOG 08.10.2024.exe	Get hash	malicious	FormBook	Browse	www.online-dating28.xyz/xl8n/
	IRYzGMMbSw.exe	Get hash	malicious	FormBook	Browse	www.pmjjewels.online/aygf/
	SOA SIL TL382920.exe	Get hash	malicious	FormBook	Browse	www.online-dating28.xyz/6nb6/
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	www.polarmuseum.info/reui/
	PURCHASE ORDER-6350.exe	Get hash	malicious	FormBook	Browse	www.donante-de-ovulos.biz/8lrv/
	https://pancake-swapp.github.io/	Get hash	malicious	HTMLPhisher	Browse	ww25.blockaircypher.com/_tr
	http://wiki.hostmaster.chinametrogroup.com/	Get hash	malicious	Unknown	Browse	wiki.hostmaster.chinametrogroup.com/_tr
	PO#001498.exe	Get hash	malicious	FormBook	Browse	www.notepad.mobi/l4rw/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	irods-runtime-4.1.9-centos7-x86_64.rpm	Get hash	malicious	Xmrig	Browse	162.213.35.24
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	logrotate_malware.elf	Get hash	malicious	Xmrig	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	na.elf	Get hash	malicious	Mirai	Browse	162.213.35.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BODIS-NJUS	enkJ6J7dAn.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	PO59458.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	NARLOG 08.10.2024.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	IRYzGMMbSw.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	Payment.vbs	Get hash	malicious	FormBook	Browse	199.59.243.227
	SOA SIL TL382920.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	PURCHASE ORDER-6350.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	https://pancake-swapp.github.io/	Get hash	malicious	HTMLPhisher	Browse	199.59.243.205
	http://nirothniroth.site/?p=22&fbclid=IwY2xjawFs_DdleHRuA2FlbQIxMQABHTdgZU6ok722L5RxKPR-zh7Gkm6BqZ8BcT950y1bxf6l0LKz0zslg7KJHw_aem__ldVm1UUndXAkwYRakjBzg	Get hash	malicious	Unknown	Browse	199.59.243.227

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.313130822132684
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	k49syyxi7V.elf
File size:	63'896 bytes
MD5:	1d2f897be8ce8f1c1d3bc71f62a56f80
SHA1:	11dc8bab8fbcf47c55ea370e21a078cffb5f5481
SHA256:	1d8cfd678bae542fac781387897d36c875d8491ea32c836e2f57e030ad019d05
SHA512:	0b3c25bc204ce2e9e00a1e67f591ed798b11de6793540f1cdd719eeec3340ebc97383e805d892cb98f677381d8d1023967aa76c2fc9cd648c6629faeda31bf46
SSDEEP:	1536:5IzlnfrsYMb5evppQrIKqzc291kEAJP3u0EG:5sDt62dS3Zt
TLSH:	2D53845E2E618FBDF76D873587B78E21974833D626E1C680E15CDA001EA034DA45FBAC
File Content Preview:	.ELF.....................@.`...4.........4. ...(.............@...@...........................D...D.....8..Y.........dt.Q............................<...'.rL...!'.......................<...'.r(...!... ....'9... ......................<...'.q....!........'9.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	63376
Section Header Size:	40
Number of Section Headers:	13
Header String Table Index:	12

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0xe5c0	0x0	0x6	AX	16
.fini	PROGBITS	0x40e6e0	0xe6e0	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x40e740	0xe740	0x760	0x0	0x2	A	16
.ctors	PROGBITS	0x44f000	0xf000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x44f008	0xf008	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x44f014	0xf014	0x5c	0x0	0x3	WA	4
.data	PROGBITS	0x44f070	0xf070	0x280	0x0	0x3	WA	16
.got	PROGBITS	0x44f2f0	0xf2f0	0x448	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x44f738	0xf738	0x3c	0x0	0x10000003	WAp	4
.bss	NOBITS	0x44f780	0xf738	0x5198	0x0	0x3	WA	16
.shstrtab	STRTAB	0x0	0xf738	0x56	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xeea0	0xeea0	5.3546	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xf000	0x44f000	0x44f000	0x738	0x5918	3.8045	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 20:11:14.453509092 CEST	33234	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:14.458674908 CEST	80	33234	199.59.243.227	192.168.2.15
Oct 8, 2024 20:11:14.458729029 CEST	33234	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:14.459397078 CEST	33234	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:14.464268923 CEST	80	33234	199.59.243.227	192.168.2.15
Oct 8, 2024 20:11:14.942815065 CEST	80	33234	199.59.243.227	192.168.2.15
Oct 8, 2024 20:11:14.942878962 CEST	33234	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:14.942922115 CEST	80	33234	199.59.243.227	192.168.2.15
Oct 8, 2024 20:11:14.943172932 CEST	33234	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:14.947988033 CEST	80	33234	199.59.243.227	192.168.2.15
Oct 8, 2024 20:11:33.856614113 CEST	33236	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:33.861819029 CEST	80	33236	199.59.243.227	192.168.2.15
Oct 8, 2024 20:11:33.861869097 CEST	33236	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:33.864978075 CEST	33236	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:33.870119095 CEST	80	33236	199.59.243.227	192.168.2.15
Oct 8, 2024 20:11:34.318993092 CEST	80	33236	199.59.243.227	192.168.2.15
Oct 8, 2024 20:11:34.319056034 CEST	80	33236	199.59.243.227	192.168.2.15
Oct 8, 2024 20:11:34.319062948 CEST	33236	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:34.319117069 CEST	33236	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:11:34.324316978 CEST	80	33236	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:02.406723022 CEST	33238	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:02.411957979 CEST	80	33238	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:02.412033081 CEST	33238	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:02.412709951 CEST	33238	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:02.417629004 CEST	80	33238	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:02.868792057 CEST	80	33238	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:02.869067907 CEST	33238	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:02.869179964 CEST	80	33238	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:02.869364023 CEST	33238	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:02.874490976 CEST	80	33238	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:20.348143101 CEST	33240	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:20.353792906 CEST	80	33240	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:20.354366064 CEST	33240	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:20.356813908 CEST	33240	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:20.362452030 CEST	80	33240	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:20.815593004 CEST	80	33240	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:20.815624952 CEST	80	33240	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:20.816278934 CEST	33240	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:20.816278934 CEST	33240	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:20.822530031 CEST	80	33240	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:44.823358059 CEST	33242	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:44.830552101 CEST	80	33242	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:44.830709934 CEST	33242	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:44.833265066 CEST	33242	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:44.838711023 CEST	80	33242	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:45.324721098 CEST	80	33242	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:45.325201988 CEST	80	33242	199.59.243.227	192.168.2.15
Oct 8, 2024 20:12:45.325206041 CEST	33242	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:45.325555086 CEST	33242	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:12:45.330719948 CEST	80	33242	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:03.484963894 CEST	33244	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:03.490142107 CEST	80	33244	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:03.490355968 CEST	33244	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:03.491970062 CEST	33244	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:03.497059107 CEST	80	33244	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:03.965955973 CEST	80	33244	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:03.966289043 CEST	80	33244	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:03.966438055 CEST	33244	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:03.966562033 CEST	33244	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:03.971895933 CEST	80	33244	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:26.972939014 CEST	33246	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:26.977854967 CEST	80	33246	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:26.977945089 CEST	33246	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:26.979118109 CEST	33246	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:26.984039068 CEST	80	33246	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:27.492124081 CEST	80	33246	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:27.492255926 CEST	33246	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:27.492429018 CEST	80	33246	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:27.492532015 CEST	33246	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:27.497713089 CEST	80	33246	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:45.486525059 CEST	33248	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:45.496448040 CEST	80	33248	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:45.496620893 CEST	33248	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:45.514878988 CEST	33248	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:45.520553112 CEST	80	33248	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:45.979238987 CEST	80	33248	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:45.979603052 CEST	80	33248	199.59.243.227	192.168.2.15
Oct 8, 2024 20:13:45.979674101 CEST	33248	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:45.980003119 CEST	33248	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:13:45.985049963 CEST	80	33248	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:14.015568972 CEST	33250	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:14.020575047 CEST	80	33250	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:14.020674944 CEST	33250	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:14.021754026 CEST	33250	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:14.026876926 CEST	80	33250	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:14.519364119 CEST	80	33250	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:14.519601107 CEST	33250	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:14.519963980 CEST	80	33250	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:14.520085096 CEST	33250	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:14.526670933 CEST	80	33250	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:32.447227955 CEST	33252	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:32.452400923 CEST	80	33252	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:32.452613115 CEST	33252	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:32.454310894 CEST	33252	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:32.459178925 CEST	80	33252	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:32.933480978 CEST	80	33252	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:32.933943987 CEST	80	33252	199.59.243.227	192.168.2.15
Oct 8, 2024 20:14:32.934000015 CEST	33252	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:32.934473991 CEST	33252	80	192.168.2.15	199.59.243.227
Oct 8, 2024 20:14:32.939604044 CEST	80	33252	199.59.243.227	192.168.2.15

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 20:11:02.536959887 CEST	45656	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:11:02.547074080 CEST	53	45656	116.203.104.203	192.168.2.15
Oct 8, 2024 20:11:02.588329077 CEST	37842	53	192.168.2.15	130.61.69.123
Oct 8, 2024 20:11:02.596376896 CEST	53	37842	130.61.69.123	192.168.2.15
Oct 8, 2024 20:11:02.640763044 CEST	44645	5353	192.168.2.15	54.36.111.116
Oct 8, 2024 20:11:07.645621061 CEST	48975	53	192.168.2.15	63.231.92.27
Oct 8, 2024 20:11:07.792643070 CEST	53	48975	63.231.92.27	192.168.2.15
Oct 8, 2024 20:11:07.793344975 CEST	38908	53	192.168.2.15	63.231.92.27
Oct 8, 2024 20:11:07.938402891 CEST	53	38908	63.231.92.27	192.168.2.15
Oct 8, 2024 20:11:07.939080954 CEST	53388	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:11:08.477679968 CEST	5353	53388	116.203.104.203	192.168.2.15
Oct 8, 2024 20:11:08.478388071 CEST	52227	53	192.168.2.15	130.61.64.122
Oct 8, 2024 20:11:08.487509012 CEST	53	52227	130.61.64.122	192.168.2.15
Oct 8, 2024 20:11:08.488137007 CEST	36755	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:11:09.034538031 CEST	5353	36755	116.203.104.203	192.168.2.15
Oct 8, 2024 20:11:09.035176992 CEST	54311	53	192.168.2.15	54.36.111.116
Oct 8, 2024 20:11:09.041205883 CEST	35250	53	192.168.2.15	161.97.219.84
Oct 8, 2024 20:11:09.229156971 CEST	53	35250	161.97.219.84	192.168.2.15
Oct 8, 2024 20:11:09.229712963 CEST	38130	53	192.168.2.15	63.231.92.27
Oct 8, 2024 20:11:09.377080917 CEST	53	38130	63.231.92.27	192.168.2.15
Oct 8, 2024 20:11:09.377573013 CEST	48676	5353	192.168.2.15	130.61.64.122
Oct 8, 2024 20:11:14.380363941 CEST	54933	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.386957884 CEST	53	54933	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:14.387522936 CEST	59781	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.393821955 CEST	53	59781	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:14.394315004 CEST	55779	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.400645018 CEST	53	55779	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:14.401223898 CEST	49480	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.407672882 CEST	53	49480	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:14.408350945 CEST	46285	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.414808989 CEST	53	46285	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:14.415447950 CEST	35983	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.422168016 CEST	53	35983	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:14.422662973 CEST	43577	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.429968119 CEST	53	43577	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:14.430442095 CEST	55871	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.436992884 CEST	53	55871	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:14.437632084 CEST	35388	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.443711996 CEST	53	35388	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:14.444224119 CEST	45307	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:14.453191996 CEST	53	45307	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:15.944751024 CEST	51914	53	192.168.2.15	185.84.81.194
Oct 8, 2024 20:11:15.955302954 CEST	53	51914	185.84.81.194	192.168.2.15
Oct 8, 2024 20:11:15.956006050 CEST	35688	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:11:20.962446928 CEST	42921	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:11:20.972620964 CEST	53	42921	116.203.104.203	192.168.2.15
Oct 8, 2024 20:11:20.973767996 CEST	46428	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:11:20.983678102 CEST	53	46428	116.203.104.203	192.168.2.15
Oct 8, 2024 20:11:20.984951973 CEST	53370	53	192.168.2.15	185.84.81.194
Oct 8, 2024 20:11:20.995601892 CEST	53	53370	185.84.81.194	192.168.2.15
Oct 8, 2024 20:11:20.996695995 CEST	41469	5353	192.168.2.15	54.36.111.116
Oct 8, 2024 20:11:25.999840975 CEST	42004	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:11:26.572063923 CEST	5353	42004	116.203.104.203	192.168.2.15
Oct 8, 2024 20:11:26.575748920 CEST	37454	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:11:27.128771067 CEST	5353	37454	116.203.104.203	192.168.2.15
Oct 8, 2024 20:11:27.131803989 CEST	51790	5353	192.168.2.15	130.61.64.122
Oct 8, 2024 20:11:32.138390064 CEST	56190	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:11:32.696480036 CEST	5353	56190	116.203.104.203	192.168.2.15
Oct 8, 2024 20:11:32.699415922 CEST	38176	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:11:33.293236017 CEST	5353	38176	116.203.104.203	192.168.2.15
Oct 8, 2024 20:11:33.295010090 CEST	51994	5353	192.168.2.15	192.3.165.37
Oct 8, 2024 20:11:33.752717972 CEST	5353	51994	192.3.165.37	192.168.2.15
Oct 8, 2024 20:11:33.757307053 CEST	45819	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.764128923 CEST	53	45819	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:33.767076015 CEST	40066	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.773895025 CEST	53	40066	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:33.777215004 CEST	39785	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.784164906 CEST	53	39785	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:33.786565065 CEST	59692	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.793889999 CEST	53	59692	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:33.795515060 CEST	57560	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.802926064 CEST	53	57560	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:33.804091930 CEST	48355	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.810738087 CEST	53	48355	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:33.812802076 CEST	39679	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.819281101 CEST	53	39679	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:33.822343111 CEST	38079	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.829166889 CEST	53	38079	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:33.832068920 CEST	51246	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.839745998 CEST	53	51246	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:33.844652891 CEST	44674	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:11:33.851882935 CEST	53	44674	8.8.8.8	192.168.2.15
Oct 8, 2024 20:11:35.322468042 CEST	35762	5353	192.168.2.15	185.84.81.194
Oct 8, 2024 20:11:35.847052097 CEST	5353	35762	185.84.81.194	192.168.2.15
Oct 8, 2024 20:11:35.848551989 CEST	49832	53	192.168.2.15	162.243.19.47
Oct 8, 2024 20:11:35.932559013 CEST	53	49832	162.243.19.47	192.168.2.15
Oct 8, 2024 20:11:35.933372974 CEST	42690	53	192.168.2.15	162.243.19.47
Oct 8, 2024 20:11:36.023972988 CEST	53	42690	162.243.19.47	192.168.2.15
Oct 8, 2024 20:11:36.024713039 CEST	44622	5353	192.168.2.15	54.36.111.116
Oct 8, 2024 20:11:41.030177116 CEST	49747	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:11:46.035226107 CEST	52742	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:11:51.039901972 CEST	44564	53	192.168.2.15	161.97.219.84
Oct 8, 2024 20:11:51.226799011 CEST	53	44564	161.97.219.84	192.168.2.15
Oct 8, 2024 20:11:51.228534937 CEST	40566	5353	192.168.2.15	161.97.219.84
Oct 8, 2024 20:11:51.728236914 CEST	5353	40566	161.97.219.84	192.168.2.15
Oct 8, 2024 20:11:51.730406046 CEST	58298	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:11:56.735019922 CEST	45480	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:12:01.741750956 CEST	52487	53	192.168.2.15	185.84.81.194
Oct 8, 2024 20:12:01.752990007 CEST	53	52487	185.84.81.194	192.168.2.15
Oct 8, 2024 20:12:01.754776001 CEST	59141	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:12:02.322995901 CEST	5353	59141	116.203.104.203	192.168.2.15
Oct 8, 2024 20:12:02.324810982 CEST	43744	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.335566998 CEST	53	43744	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:02.336381912 CEST	40495	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.343146086 CEST	53	40495	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:02.343802929 CEST	45848	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.350580931 CEST	53	45848	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:02.351290941 CEST	42866	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.358403921 CEST	53	42866	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:02.359572887 CEST	60833	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.366584063 CEST	53	60833	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:02.367990971 CEST	55194	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.374712944 CEST	53	55194	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:02.375649929 CEST	56298	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.382862091 CEST	53	56298	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:02.383759975 CEST	37909	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.390311956 CEST	53	37909	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:02.391221046 CEST	40859	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.398200989 CEST	53	40859	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:02.399137974 CEST	39846	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:02.405859947 CEST	53	39846	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:03.873423100 CEST	38061	53	192.168.2.15	54.36.111.116
Oct 8, 2024 20:12:03.881366968 CEST	59182	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:12:08.888684034 CEST	35044	53	192.168.2.15	162.243.19.47
Oct 8, 2024 20:12:08.979577065 CEST	53	35044	162.243.19.47	192.168.2.15
Oct 8, 2024 20:12:08.981539965 CEST	59102	53	192.168.2.15	130.61.69.123
Oct 8, 2024 20:12:08.990298033 CEST	53	59102	130.61.69.123	192.168.2.15
Oct 8, 2024 20:12:08.992963076 CEST	53860	5353	192.168.2.15	54.36.111.116
Oct 8, 2024 20:12:14.001941919 CEST	43495	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:12:14.013044119 CEST	53	43495	116.203.104.203	192.168.2.15
Oct 8, 2024 20:12:14.015824080 CEST	40437	5353	192.168.2.15	161.97.219.84
Oct 8, 2024 20:12:14.526752949 CEST	5353	40437	161.97.219.84	192.168.2.15
Oct 8, 2024 20:12:14.529851913 CEST	35590	5353	192.168.2.15	192.3.165.37
Oct 8, 2024 20:12:15.021559954 CEST	5353	35590	192.3.165.37	192.168.2.15
Oct 8, 2024 20:12:15.024039984 CEST	34473	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:12:15.034756899 CEST	53	34473	116.203.104.203	192.168.2.15
Oct 8, 2024 20:12:15.037259102 CEST	38985	53	192.168.2.15	161.97.219.84
Oct 8, 2024 20:12:15.224266052 CEST	53	38985	161.97.219.84	192.168.2.15
Oct 8, 2024 20:12:15.228897095 CEST	35612	5353	192.168.2.15	54.36.111.116
Oct 8, 2024 20:12:20.232415915 CEST	53368	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:12:20.242923975 CEST	53	53368	116.203.104.203	192.168.2.15
Oct 8, 2024 20:12:20.245915890 CEST	54532	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.253056049 CEST	53	54532	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:20.256711006 CEST	58420	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.263787985 CEST	53	58420	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:20.267010927 CEST	44302	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.274120092 CEST	53	44302	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:20.277579069 CEST	55576	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.284862995 CEST	53	55576	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:20.287786007 CEST	48624	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.294522047 CEST	53	48624	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:20.297168970 CEST	50132	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.304269075 CEST	53	50132	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:20.307584047 CEST	57959	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.314538002 CEST	53	57959	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:20.317536116 CEST	39696	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.324601889 CEST	53	39696	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:20.327497005 CEST	47804	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.334709883 CEST	53	47804	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:20.338417053 CEST	36834	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:20.345585108 CEST	53	36834	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:21.823555946 CEST	49405	53	192.168.2.15	130.61.69.123
Oct 8, 2024 20:12:21.832169056 CEST	53	49405	130.61.69.123	192.168.2.15
Oct 8, 2024 20:12:21.834907055 CEST	56178	5353	192.168.2.15	192.3.165.37
Oct 8, 2024 20:12:22.309067011 CEST	5353	56178	192.3.165.37	192.168.2.15
Oct 8, 2024 20:12:22.313651085 CEST	49251	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:12:27.316812992 CEST	48998	53	192.168.2.15	130.61.69.123
Oct 8, 2024 20:12:27.324448109 CEST	53	48998	130.61.69.123	192.168.2.15
Oct 8, 2024 20:12:27.327147961 CEST	55769	53	192.168.2.15	161.97.219.84
Oct 8, 2024 20:12:27.515604019 CEST	53	55769	161.97.219.84	192.168.2.15
Oct 8, 2024 20:12:27.519431114 CEST	48241	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:12:28.084198952 CEST	5353	48241	116.203.104.203	192.168.2.15
Oct 8, 2024 20:12:28.088566065 CEST	55641	5353	192.168.2.15	185.84.81.194
Oct 8, 2024 20:12:28.634988070 CEST	5353	55641	185.84.81.194	192.168.2.15
Oct 8, 2024 20:12:28.639497042 CEST	52576	5353	192.168.2.15	63.231.92.27
Oct 8, 2024 20:12:29.174027920 CEST	5353	52576	63.231.92.27	192.168.2.15
Oct 8, 2024 20:12:29.177397966 CEST	36966	5353	192.168.2.15	161.97.219.84
Oct 8, 2024 20:12:29.680649042 CEST	5353	36966	161.97.219.84	192.168.2.15
Oct 8, 2024 20:12:29.684907913 CEST	43114	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:12:34.692447901 CEST	57367	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:12:39.697105885 CEST	51858	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:12:44.706630945 CEST	38087	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.714263916 CEST	53	38087	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:44.717426062 CEST	51275	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.725773096 CEST	53	51275	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:44.729811907 CEST	47343	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.737582922 CEST	53	47343	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:44.741447926 CEST	51931	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.748756886 CEST	53	51931	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:44.752207041 CEST	42483	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.759643078 CEST	53	42483	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:44.763098001 CEST	55872	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.775151968 CEST	53	55872	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:44.778697968 CEST	44247	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.786936045 CEST	53	44247	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:44.790863991 CEST	46723	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.798531055 CEST	53	46723	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:44.802664042 CEST	34855	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.810134888 CEST	53	34855	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:44.812922001 CEST	40155	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:12:44.820817947 CEST	53	40155	8.8.8.8	192.168.2.15
Oct 8, 2024 20:12:46.334439993 CEST	37017	53	192.168.2.15	130.61.69.123
Oct 8, 2024 20:12:46.342348099 CEST	53	37017	130.61.69.123	192.168.2.15
Oct 8, 2024 20:12:46.345500946 CEST	35631	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:12:46.888560057 CEST	5353	35631	116.203.104.203	192.168.2.15
Oct 8, 2024 20:12:46.893455029 CEST	45962	53	192.168.2.15	161.97.219.84
Oct 8, 2024 20:12:47.077455997 CEST	53	45962	161.97.219.84	192.168.2.15
Oct 8, 2024 20:12:47.080749989 CEST	55158	5353	192.168.2.15	192.3.165.37
Oct 8, 2024 20:12:47.537614107 CEST	5353	55158	192.3.165.37	192.168.2.15
Oct 8, 2024 20:12:47.541973114 CEST	57838	53	192.168.2.15	63.231.92.27
Oct 8, 2024 20:12:47.688894033 CEST	53	57838	63.231.92.27	192.168.2.15
Oct 8, 2024 20:12:47.691721916 CEST	48055	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:12:52.697598934 CEST	39713	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:12:57.706166029 CEST	56535	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:13:02.713654041 CEST	33257	5353	192.168.2.15	63.231.92.27
Oct 8, 2024 20:13:03.284635067 CEST	5353	33257	63.231.92.27	192.168.2.15
Oct 8, 2024 20:13:03.286612034 CEST	42412	53	192.168.2.15	54.36.111.116
Oct 8, 2024 20:13:03.294209003 CEST	37173	53	192.168.2.15	162.243.19.47
Oct 8, 2024 20:13:03.383755922 CEST	53	37173	162.243.19.47	192.168.2.15
Oct 8, 2024 20:13:03.385854006 CEST	53360	53	192.168.2.15	130.61.64.122
Oct 8, 2024 20:13:03.393457890 CEST	53	53360	130.61.64.122	192.168.2.15
Oct 8, 2024 20:13:03.394768953 CEST	41167	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.401686907 CEST	53	41167	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:03.403409004 CEST	48472	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.410437107 CEST	53	48472	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:03.412087917 CEST	49278	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.419567108 CEST	53	49278	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:03.420861959 CEST	34766	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.427834988 CEST	53	34766	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:03.429245949 CEST	60144	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.435919046 CEST	53	60144	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:03.437453032 CEST	56405	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.444788933 CEST	53	56405	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:03.446826935 CEST	38514	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.453598022 CEST	53	38514	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:03.454991102 CEST	46818	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.465006113 CEST	53	46818	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:03.467118979 CEST	43814	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.474345922 CEST	53	43814	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:03.476598024 CEST	43915	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:03.483516932 CEST	53	43915	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:04.969567060 CEST	34541	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:13:05.770262003 CEST	5353	34541	116.203.104.203	192.168.2.15
Oct 8, 2024 20:13:05.772464991 CEST	40845	53	192.168.2.15	192.3.165.37
Oct 8, 2024 20:13:05.873689890 CEST	53	40845	192.3.165.37	192.168.2.15
Oct 8, 2024 20:13:05.875425100 CEST	54897	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:13:05.885695934 CEST	53	54897	116.203.104.203	192.168.2.15
Oct 8, 2024 20:13:05.887058973 CEST	56196	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:13:10.893234968 CEST	50523	53	192.168.2.15	192.3.165.37
Oct 8, 2024 20:13:10.996841908 CEST	53	50523	192.3.165.37	192.168.2.15
Oct 8, 2024 20:13:10.998200893 CEST	40544	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:13:16.004997015 CEST	49183	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:13:16.655025005 CEST	5353	49183	116.203.104.203	192.168.2.15
Oct 8, 2024 20:13:16.656965017 CEST	36145	5353	192.168.2.15	54.36.111.116
Oct 8, 2024 20:13:21.660337925 CEST	53014	53	192.168.2.15	192.3.165.37
Oct 8, 2024 20:13:21.766000032 CEST	53	53014	192.3.165.37	192.168.2.15
Oct 8, 2024 20:13:21.769529104 CEST	44408	53	192.168.2.15	192.3.165.37
Oct 8, 2024 20:13:21.865075111 CEST	53	44408	192.3.165.37	192.168.2.15
Oct 8, 2024 20:13:21.867275953 CEST	60474	53	192.168.2.15	130.61.69.123
Oct 8, 2024 20:13:21.874231100 CEST	53	60474	130.61.69.123	192.168.2.15
Oct 8, 2024 20:13:21.876379013 CEST	49071	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:13:26.880789995 CEST	48254	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.888093948 CEST	53	48254	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:26.890002012 CEST	55865	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.896930933 CEST	53	55865	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:26.898931026 CEST	52868	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.905646086 CEST	53	52868	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:26.907273054 CEST	57168	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.914648056 CEST	53	57168	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:26.916754961 CEST	43980	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.924320936 CEST	53	43980	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:26.926198959 CEST	52568	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.933907986 CEST	53	52568	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:26.935779095 CEST	47615	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.945455074 CEST	53	47615	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:26.947191000 CEST	57184	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.955751896 CEST	53	57184	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:26.957133055 CEST	35239	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.964654922 CEST	53	35239	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:26.965897083 CEST	50911	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:26.972280979 CEST	53	50911	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:28.495551109 CEST	33583	53	192.168.2.15	63.231.92.27
Oct 8, 2024 20:13:28.641360998 CEST	53	33583	63.231.92.27	192.168.2.15
Oct 8, 2024 20:13:28.643042088 CEST	52307	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:13:33.650531054 CEST	52791	5353	192.168.2.15	63.231.92.27
Oct 8, 2024 20:13:34.159140110 CEST	5353	52791	63.231.92.27	192.168.2.15
Oct 8, 2024 20:13:34.160696983 CEST	45938	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:13:34.707196951 CEST	5353	45938	116.203.104.203	192.168.2.15
Oct 8, 2024 20:13:34.709705114 CEST	54995	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:13:39.714169979 CEST	44992	53	192.168.2.15	130.61.64.122
Oct 8, 2024 20:13:39.721455097 CEST	53	44992	130.61.64.122	192.168.2.15
Oct 8, 2024 20:13:39.723284960 CEST	50161	53	192.168.2.15	185.84.81.194
Oct 8, 2024 20:13:39.733808994 CEST	53	50161	185.84.81.194	192.168.2.15
Oct 8, 2024 20:13:39.735075951 CEST	52460	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:13:43.421477079 CEST	51135	53	192.168.2.15	1.1.1.1
Oct 8, 2024 20:13:43.421542883 CEST	49869	53	192.168.2.15	1.1.1.1
Oct 8, 2024 20:13:43.430448055 CEST	53	51135	1.1.1.1	192.168.2.15
Oct 8, 2024 20:13:43.431396008 CEST	53	49869	1.1.1.1	192.168.2.15
Oct 8, 2024 20:13:44.753011942 CEST	50212	53	192.168.2.15	185.84.81.194
Oct 8, 2024 20:13:44.766283035 CEST	53	50212	185.84.81.194	192.168.2.15
Oct 8, 2024 20:13:44.770905018 CEST	53388	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:13:44.781730890 CEST	53	53388	116.203.104.203	192.168.2.15
Oct 8, 2024 20:13:44.782877922 CEST	41982	53	192.168.2.15	130.61.69.123
Oct 8, 2024 20:13:44.790050030 CEST	53	41982	130.61.69.123	192.168.2.15
Oct 8, 2024 20:13:44.793629885 CEST	33785	5353	192.168.2.15	63.231.92.27
Oct 8, 2024 20:13:45.313420057 CEST	5353	33785	63.231.92.27	192.168.2.15
Oct 8, 2024 20:13:45.327549934 CEST	45922	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.334697962 CEST	53	45922	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:45.342578888 CEST	54950	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.349585056 CEST	53	54950	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:45.354418039 CEST	56043	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.365494967 CEST	53	56043	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:45.375579119 CEST	42317	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.383177042 CEST	53	42317	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:45.401599884 CEST	42613	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.409069061 CEST	53	42613	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:45.412709951 CEST	38752	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.419925928 CEST	53	38752	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:45.424570084 CEST	50129	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.431919098 CEST	53	50129	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:45.445306063 CEST	54671	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.452110052 CEST	53	54671	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:45.456621885 CEST	45701	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.466037035 CEST	53	45701	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:45.473416090 CEST	59695	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:13:45.481606960 CEST	53	59695	8.8.8.8	192.168.2.15
Oct 8, 2024 20:13:46.983166933 CEST	39046	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:13:46.994704962 CEST	53	39046	116.203.104.203	192.168.2.15
Oct 8, 2024 20:13:46.995815992 CEST	47823	5353	192.168.2.15	185.84.81.194
Oct 8, 2024 20:13:47.562517881 CEST	5353	47823	185.84.81.194	192.168.2.15
Oct 8, 2024 20:13:47.563909054 CEST	55020	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:13:52.569011927 CEST	48762	5353	192.168.2.15	185.84.81.194
Oct 8, 2024 20:13:53.133572102 CEST	5353	48762	185.84.81.194	192.168.2.15
Oct 8, 2024 20:13:53.135174036 CEST	58291	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:13:58.141151905 CEST	38070	5353	192.168.2.15	130.61.64.122
Oct 8, 2024 20:14:03.146051884 CEST	37521	5353	192.168.2.15	130.61.69.123
Oct 8, 2024 20:14:08.150779963 CEST	57343	5353	192.168.2.15	130.61.64.122
Oct 8, 2024 20:14:13.152964115 CEST	59788	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:14:13.737433910 CEST	5353	59788	116.203.104.203	192.168.2.15
Oct 8, 2024 20:14:13.739310026 CEST	39216	53	192.168.2.15	162.243.19.47
Oct 8, 2024 20:14:13.825357914 CEST	53	39216	162.243.19.47	192.168.2.15
Oct 8, 2024 20:14:13.826885939 CEST	59438	53	192.168.2.15	185.84.81.194
Oct 8, 2024 20:14:13.837181091 CEST	53	59438	185.84.81.194	192.168.2.15
Oct 8, 2024 20:14:13.838319063 CEST	59427	53	192.168.2.15	192.3.165.37
Oct 8, 2024 20:14:13.933316946 CEST	53	59427	192.3.165.37	192.168.2.15
Oct 8, 2024 20:14:13.935002089 CEST	37205	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:13.941520929 CEST	53	37205	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:13.942297935 CEST	55801	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:13.948750019 CEST	53	55801	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:13.949551105 CEST	54774	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:13.957417011 CEST	53	54774	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:13.958218098 CEST	51481	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:13.964854956 CEST	53	51481	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:13.966133118 CEST	42252	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:13.972955942 CEST	53	42252	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:13.974033117 CEST	40923	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:13.981401920 CEST	53	40923	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:13.982546091 CEST	39301	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:13.989368916 CEST	53	39301	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:13.990531921 CEST	49163	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:13.997718096 CEST	53	49163	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:13.999145985 CEST	39627	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:14.006310940 CEST	53	39627	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:14.007611036 CEST	41435	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:14.014903069 CEST	53	41435	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:15.522676945 CEST	41730	5353	192.168.2.15	130.61.64.122
Oct 8, 2024 20:14:20.529021978 CEST	37328	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:14:25.536133051 CEST	45249	53	192.168.2.15	130.61.64.122
Oct 8, 2024 20:14:25.543740988 CEST	53	45249	130.61.64.122	192.168.2.15
Oct 8, 2024 20:14:25.545027018 CEST	58945	53	192.168.2.15	192.3.165.37
Oct 8, 2024 20:14:25.642258883 CEST	53	58945	192.3.165.37	192.168.2.15
Oct 8, 2024 20:14:25.644222975 CEST	36007	5353	192.168.2.15	116.203.104.203
Oct 8, 2024 20:14:26.206517935 CEST	5353	36007	116.203.104.203	192.168.2.15
Oct 8, 2024 20:14:26.208913088 CEST	50581	5353	192.168.2.15	162.243.19.47
Oct 8, 2024 20:14:31.216325998 CEST	43014	53	192.168.2.15	130.61.64.122
Oct 8, 2024 20:14:31.223845959 CEST	53	43014	130.61.64.122	192.168.2.15
Oct 8, 2024 20:14:31.225578070 CEST	34391	53	192.168.2.15	192.3.165.37
Oct 8, 2024 20:14:31.329673052 CEST	53	34391	192.3.165.37	192.168.2.15
Oct 8, 2024 20:14:31.330909967 CEST	38971	53	192.168.2.15	54.36.111.116
Oct 8, 2024 20:14:31.337373972 CEST	47832	5353	192.168.2.15	192.3.165.37
Oct 8, 2024 20:14:31.802256107 CEST	5353	47832	192.3.165.37	192.168.2.15
Oct 8, 2024 20:14:31.803977966 CEST	39222	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:14:31.814368963 CEST	53	39222	116.203.104.203	192.168.2.15
Oct 8, 2024 20:14:31.815658092 CEST	44835	5353	192.168.2.15	161.97.219.84
Oct 8, 2024 20:14:32.357300043 CEST	5353	44835	161.97.219.84	192.168.2.15
Oct 8, 2024 20:14:32.358774900 CEST	38421	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.365955114 CEST	53	38421	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:32.366864920 CEST	39649	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.375210047 CEST	53	39649	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:32.376023054 CEST	60047	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.383821964 CEST	53	60047	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:32.385128975 CEST	33575	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.393382072 CEST	53	33575	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:32.394778967 CEST	54597	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.402571917 CEST	53	54597	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:32.404290915 CEST	59864	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.412919044 CEST	53	59864	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:32.414232969 CEST	35008	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.422301054 CEST	53	35008	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:32.423739910 CEST	49171	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.430185080 CEST	53	49171	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:32.431442022 CEST	47871	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.438118935 CEST	53	47871	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:32.439532042 CEST	41710	53	192.168.2.15	8.8.8.8
Oct 8, 2024 20:14:32.446188927 CEST	53	41710	8.8.8.8	192.168.2.15
Oct 8, 2024 20:14:33.940249920 CEST	33038	5353	192.168.2.15	161.97.219.84
Oct 8, 2024 20:14:34.484376907 CEST	5353	33038	161.97.219.84	192.168.2.15
Oct 8, 2024 20:14:34.487739086 CEST	53723	53	192.168.2.15	63.231.92.27
Oct 8, 2024 20:14:34.633681059 CEST	53	53723	63.231.92.27	192.168.2.15
Oct 8, 2024 20:14:34.635868073 CEST	48566	5353	192.168.2.15	185.84.81.194
Oct 8, 2024 20:14:35.164110899 CEST	5353	48566	185.84.81.194	192.168.2.15
Oct 8, 2024 20:14:35.167885065 CEST	52781	53	192.168.2.15	130.61.69.123
Oct 8, 2024 20:14:35.175621033 CEST	53	52781	130.61.69.123	192.168.2.15
Oct 8, 2024 20:14:35.177588940 CEST	48249	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:14:35.187952042 CEST	53	48249	116.203.104.203	192.168.2.15
Oct 8, 2024 20:14:35.190278053 CEST	37638	53	192.168.2.15	116.203.104.203
Oct 8, 2024 20:14:35.200645924 CEST	53	37638	116.203.104.203	192.168.2.15
Oct 8, 2024 20:14:35.203564882 CEST	43389	5353	192.168.2.15	130.61.64.122

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 8, 2024 20:11:09.040664911 CEST	54.36.111.116	192.168.2.15	6587	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:12:03.879549980 CEST	54.36.111.116	192.168.2.15	6586	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:13:03.292488098 CEST	54.36.111.116	192.168.2.15	6586	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:14:31.336117983 CEST	54.36.111.116	192.168.2.15	6585	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 20:13:43.421477079 CEST	192.168.2.15	1.1.1.1	0xdbd5	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:13:43.421542883 CEST	192.168.2.15	1.1.1.1	0xd976	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 20:11:02.547074080 CEST	116.203.104.203	192.168.2.15	0x28cd	Format error (1)	imaverygoodbadboy.libre	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:11:07.792643070 CEST	63.231.92.27	192.168.2.15	0x86f0	Format error (1)	eighteen.pirate	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:11:07.938402891 CEST	63.231.92.27	192.168.2.15	0x3b9	Format error (1)	imaverygoodbadboy.libre	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:11:09.377080917 CEST	63.231.92.27	192.168.2.15	0x2476	Format error (1)	r3racegame.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:11:20.995601892 CEST	185.84.81.194	192.168.2.15	0xf343	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:11:35.932559013 CEST	162.243.19.47	192.168.2.15	0x8cd5	Format error (1)	r3racegame.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:11:36.023972988 CEST	162.243.19.47	192.168.2.15	0x6817	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:12:08.990298033 CEST	130.61.69.123	192.168.2.15	0xa876	Format error (1)	eighteen.pirate	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:12:14.013044119 CEST	116.203.104.203	192.168.2.15	0xbaf5	Format error (1)	fortyfivehundred.dyn	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:12:15.034756899 CEST	116.203.104.203	192.168.2.15	0xde8b	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:12:21.832169056 CEST	130.61.69.123	192.168.2.15	0x4103	Format error (1)	kr3ddnsnet1.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:12:27.515604019 CEST	161.97.219.84	192.168.2.15	0x55a9	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:12:47.688894033 CEST	63.231.92.27	192.168.2.15	0xcb90	Format error (1)	r3racegame.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:13:03.383755922 CEST	162.243.19.47	192.168.2.15	0xe5e7	Format error (1)	r3racegame.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:13:03.393457890 CEST	130.61.64.122	192.168.2.15	0x156a	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:13:28.641360998 CEST	63.231.92.27	192.168.2.15	0x448f	Format error (1)	fortyfivehundred.dyn	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:13:43.430448055 CEST	1.1.1.1	192.168.2.15	0xdbd5	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:13:43.430448055 CEST	1.1.1.1	192.168.2.15	0xdbd5	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:13:44.766283035 CEST	185.84.81.194	192.168.2.15	0x1e0f	Format error (1)	imaverygoodbadboy.libre	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:14:31.223845959 CEST	130.61.64.122	192.168.2.15	0xd48d	Format error (1)	fortyfivehundred.dyn	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:14:35.175621033 CEST	130.61.69.123	192.168.2.15	0x6a6	Format error (1)	nineteen.libre	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.15	33234	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:11:14.459397078 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:11:14.942815065 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.15	33236	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:11:33.864978075 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:11:34.318993092 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.15	33238	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:12:02.412709951 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:12:02.868792057 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.15	33240	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:12:20.356813908 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:12:20.815593004 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.15	33242	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:12:44.833265066 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:12:45.324721098 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.15	33244	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:13:03.491970062 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:13:03.965955973 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.15	33246	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:13:26.979118109 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:13:27.492124081 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.15	33248	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:13:45.514878988 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:13:45.979238987 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.15	33250	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:14:14.021754026 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:14:14.519364119 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.15	33252	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:14:32.454310894 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:14:32.933480978 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

System Behavior

Analysis Process: k49syyxi7V.elf PID: 5528, Parent PID: 5445

General

Start time (UTC):	18:10:59
Start date (UTC):	08/10/2024
Path:	/tmp/k49syyxi7V.elf
Arguments:	/tmp/k49syyxi7V.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: k49syyxi7V.elf PID: 5532, Parent PID: 5528

General

Start time (UTC):	18:11:01
Start date (UTC):	08/10/2024
Path:	/tmp/k49syyxi7V.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: k49syyxi7V.elf PID: 5534, Parent PID: 5528

General

Start time (UTC):	18:11:01
Start date (UTC):	08/10/2024
Path:	/tmp/k49syyxi7V.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: gnome-session-binary PID: 5567, Parent PID: 1498

General

Start time (UTC):	18:11:31
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5567, Parent PID: 1498

General

Start time (UTC):	18:11:31
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gnome-shell PID: 5567, Parent PID: 1498

General

Start time (UTC):	18:11:31
Start date (UTC):	08/10/2024
Path:	/usr/bin/gnome-shell
Arguments:	/usr/bin/gnome-shell
File size:	23168 bytes
MD5 hash:	da7a257239677622fe4b3a65972c9e87

Chronological Activities

Analysis Process: gnome-session-binary PID: 5569, Parent PID: 1498

General

Start time (UTC):	18:11:31
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5569, Parent PID: 1498

General

Start time (UTC):	18:11:31
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-sharing PID: 5569, Parent PID: 1498

General

Start time (UTC):	18:11:31
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-sharing
Arguments:	/usr/libexec/gsd-sharing
File size:	35424 bytes
MD5 hash:	e29d9025d98590fbb69f89fdbd4438b3

Chronological Activities

Analysis Process: gdm3 PID: 5572, Parent PID: 1333

General

Start time (UTC):	18:11:32
Start date (UTC):	08/10/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 5572, Parent PID: 1333

General

Start time (UTC):	18:11:32
Start date (UTC):	08/10/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm3 PID: 5573, Parent PID: 1333

General

Start time (UTC):	18:11:32
Start date (UTC):	08/10/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 5573, Parent PID: 1333

General

Start time (UTC):	18:11:32
Start date (UTC):	08/10/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 5597, Parent PID: 1

General

Start time (UTC):	18:11:42
Start date (UTC):	08/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-user-runtime-dir PID: 5597, Parent PID: 1

General

Start time (UTC):	18:11:42
Start date (UTC):	08/10/2024
Path:	/lib/systemd/systemd-user-runtime-dir
Arguments:	/lib/systemd/systemd-user-runtime-dir stop 127
File size:	22672 bytes
MD5 hash:	d55f4b0847f88131dbcfb07435178e54

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report k49syyxi7V.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Packets

System Behavior

Analysis Process: k49syyxi7V.elf PID: 5528, Parent PID: 5445

General

Chronological Activities

Analysis Process: k49syyxi7V.elf PID: 5532, Parent PID: 5528

General

Chronological Activities

Analysis Process: k49syyxi7V.elf PID: 5534, Parent PID: 5528

General

Chronological Activities

Analysis Process: gnome-session-binary PID: 5567, Parent PID: 1498

General

Chronological Activities

Analysis Process: sh PID: 5567, Parent PID: 1498

General

Chronological Activities

Analysis Process: gnome-shell PID: 5567, Parent PID: 1498

General

Chronological Activities

Analysis Process: gnome-session-binary PID: 5569, Parent PID: 1498

Linux Analysis Report
k49syyxi7V.elf