Edit tour

Linux Analysis Report
5FteLLQ1oY.elf

Overview

General Information

Sample name:	5FteLLQ1oY.elf renamed because original name is a hash value
Original sample name:	d9d9bf404ee4d140658b2f84d2924795.elf
Analysis ID:	1529277
MD5:	d9d9bf404ee4d140658b2f84d2924795
SHA1:	281ef5fb0a7e619ebf9f5d35cd33318247060274
SHA256:	c15bcb9b5fbff2d7eeeae1c141b8aee193df7defa6e2e7a96a9033917578bc4c
Tags:	32elfmipsmirai
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Enumerates processes within the "proc" file system

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1529277
Start date and time:	2024-10-08 20:18:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	5FteLLQ1oY.elf renamed because original name is a hash value
Original Sample Name:	d9d9bf404ee4d140658b2f84d2924795.elf
Detection:	MAL
Classification:	mal48.linELF@0/0@2/0

Warnings

VT rate limit hit for: 5FteLLQ1oY.elf

Runtime Messages

Command:	/tmp/5FteLLQ1oY.elf
PID:	5540
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

5FteLLQ1oY.elf (PID: 5540, Parent: 5457, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/5FteLLQ1oY.elf

5FteLLQ1oY.elf New Fork (PID: 5544, Parent: 5540)

5FteLLQ1oY.elf New Fork (PID: 5546, Parent: 5540)

gnome-session-binary New Fork (PID: 5580, Parent: 1383)

sh (PID: 5580, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

gnome-shell (PID: 5580, Parent: 1383, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell

gnome-session-binary New Fork (PID: 5583, Parent: 1383)

sh (PID: 5583, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing

gsd-sharing (PID: 5583, Parent: 1383, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing

gdm3 New Fork (PID: 5584, Parent: 1289)

Default (PID: 5584, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5605, Parent: 1289)

Default (PID: 5605, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 5611, Parent: 1)

systemd-user-runtime-dir (PID: 5611, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 5FteLLQ1oY.elf

ReversingLabs: Detection: 23%

Source: /tmp/5FteLLQ1oY.elf (PID: 5540)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.59.243.227

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	SIGKILL sent: pid: 1444, result: successful	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	SIGKILL sent: pid: 1599, result: successful	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	SIGKILL sent: pid: 1610, result: successful	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	SIGKILL sent: pid: 5580, result: successful	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	SIGKILL sent: pid: 5583, result: successful	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	SIGKILL sent: pid: 5583, result: no such process	Jump to behavior

Source: classification engine

Classification label: mal48.linELF@0/0@2/0

Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3760/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3760/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3761/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3761/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1583/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1583/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/2672/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/2672/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3759/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3759/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1577/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1593/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1593/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3406/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3406/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1589/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3402/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3402/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3762/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3762/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/801/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/801/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/806/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/806/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/807/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/807/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/928/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/928/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3420/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3420/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1599/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3412/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3412/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1371/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5608/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1369/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3304/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3304/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3425/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3425/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/940/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/940/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/941/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/941/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1364/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5600/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5601/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5602/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5603/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5604/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5620/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1383/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1382/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1381/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5618/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5619/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5611/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5612/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5613/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5614/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5615/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5616/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3319/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3319/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5617/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/1394/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3329/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3329/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5629/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3207/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3207/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5621/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5622/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/725/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/725/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3687/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/3687/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/5623/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/726/cmdline	Jump to behavior
Source: /tmp/5FteLLQ1oY.elf (PID: 5544)	File opened: /proc/726/cmdline	Jump to behavior

Source: /tmp/5FteLLQ1oY.elf (PID: 5540)

Queries kernel information via 'uname':

Jump to behavior

Source: 5FteLLQ1oY.elf, 5540.1.000055e03e828000.000055e03e8d0000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: 5FteLLQ1oY.elf, 5540.1.00007ffd442bb000.00007ffd442dc000.rw-.sdmp	Binary or memory string: ex86_64/usr/bin/qemu-mipsel/tmp/5FteLLQ1oY.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/5FteLLQ1oY.elf
Source: 5FteLLQ1oY.elf, 5540.1.000055e03e828000.000055e03e8d0000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: 5FteLLQ1oY.elf, 5540.1.00007ffd442bb000.00007ffd442dc000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
5FteLLQ1oY.elf	24%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
199.59.243.227	unknown	United States		395082	BODIS-NJUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
199.59.243.227	enkJ6J7dAn.exe	Get hash	malicious	FormBook	Browse	www.polarmuseum.info/nuqv/
	PO59458.exe	Get hash	malicious	FormBook	Browse	www.notepad.mobi/42yt/
	NARLOG 08.10.2024.exe	Get hash	malicious	FormBook	Browse	www.online-dating28.xyz/xl8n/
	IRYzGMMbSw.exe	Get hash	malicious	FormBook	Browse	www.pmjjewels.online/aygf/
	SOA SIL TL382920.exe	Get hash	malicious	FormBook	Browse	www.online-dating28.xyz/6nb6/
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	www.polarmuseum.info/reui/
	PURCHASE ORDER-6350.exe	Get hash	malicious	FormBook	Browse	www.donante-de-ovulos.biz/8lrv/
	https://pancake-swapp.github.io/	Get hash	malicious	HTMLPhisher	Browse	ww25.blockaircypher.com/_tr
	http://wiki.hostmaster.chinametrogroup.com/	Get hash	malicious	Unknown	Browse	wiki.hostmaster.chinametrogroup.com/_tr
	PO#001498.exe	Get hash	malicious	FormBook	Browse	www.notepad.mobi/l4rw/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	gMYQFxufu0.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	k49syyxi7V.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	4LbWi40g57.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	NLHiAJgSnj.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	irods-runtime-4.1.9-centos7-x86_64.rpm	Get hash	malicious	Xmrig	Browse	162.213.35.24
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	logrotate_malware.elf	Get hash	malicious	Xmrig	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BODIS-NJUS	k49syyxi7V.elf	Get hash	malicious	Unknown	Browse	199.59.243.227
	enkJ6J7dAn.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	PO59458.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	NARLOG 08.10.2024.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	IRYzGMMbSw.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	Payment.vbs	Get hash	malicious	FormBook	Browse	199.59.243.227
	SOA SIL TL382920.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	PURCHASE ORDER-6350.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	https://pancake-swapp.github.io/	Get hash	malicious	HTMLPhisher	Browse	199.59.243.205

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.349174607156046
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	5FteLLQ1oY.elf
File size:	65'288 bytes
MD5:	d9d9bf404ee4d140658b2f84d2924795
SHA1:	281ef5fb0a7e619ebf9f5d35cd33318247060274
SHA256:	c15bcb9b5fbff2d7eeeae1c141b8aee193df7defa6e2e7a96a9033917578bc4c
SHA512:	3f7a761c12a96e302d2d5107fa7333343f08e1f2abf99402cc430a0d92c7e07845737ec12583de466b34a598100515527c34026f72ee90c1028267ea4d4f6bd2
SSDEEP:	1536:R0KfMygQc0F3ghpNfxTZT+0JU0+9Z6iY0Hi:R04MyPRF3ghvJ1+9LQ
TLSH:	C753950ABF610EF7EC5BDD3705E81B0634CD651A21A97F397934D928FA1A20B49E3C64
File Content Preview:	.ELF....................`.@.4...........4. ...(...............@...@.`...`...............d...d.D.d.D.D...$Y..........Q.td...............................<.w.'!......'.......................<.w.'!... .........9'.. ........................<hw.'!...........0.9

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	64768
Section Header Size:	40
Number of Section Headers:	13
Header String Table Index:	12

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0xec80	0x0	0x6	AX	16
.fini	PROGBITS	0x40eda0	0xeda0	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x40ee00	0xee00	0x760	0x0	0x2	A	16
.ctors	PROGBITS	0x44f564	0xf564	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x44f56c	0xf56c	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x44f578	0xf578	0x5c	0x0	0x3	WA	4
.data	PROGBITS	0x44f5e0	0xf5e0	0x280	0x0	0x3	WA	16
.got	PROGBITS	0x44f860	0xf860	0x448	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x44fca8	0xfca8	0x3c	0x0	0x10000003	WAp	4
.bss	NOBITS	0x44fcf0	0xfca8	0x5198	0x0	0x3	WA	16
.shstrtab	STRTAB	0x0	0xfca8	0x56	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xf560	0xf560	5.3722	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xf564	0x44f564	0x44f564	0x744	0x5924	3.8225	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 20:19:47.365628004 CEST	33104	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:19:47.372400999 CEST	80	33104	199.59.243.227	192.168.2.14
Oct 8, 2024 20:19:47.372457981 CEST	33104	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:19:47.373347998 CEST	33104	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:19:47.379403114 CEST	80	33104	199.59.243.227	192.168.2.14
Oct 8, 2024 20:19:47.843147993 CEST	80	33104	199.59.243.227	192.168.2.14
Oct 8, 2024 20:19:47.843316078 CEST	33104	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:19:47.843765020 CEST	80	33104	199.59.243.227	192.168.2.14
Oct 8, 2024 20:19:47.843843937 CEST	33104	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:19:47.850024939 CEST	80	33104	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:11.682131052 CEST	33106	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:11.687092066 CEST	80	33106	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:11.687150002 CEST	33106	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:11.695779085 CEST	33106	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:11.700978994 CEST	80	33106	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:12.173404932 CEST	80	33106	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:12.173477888 CEST	33106	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:12.173516035 CEST	80	33106	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:12.173574924 CEST	33106	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:12.178468943 CEST	80	33106	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:26.053037882 CEST	33108	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:26.058711052 CEST	80	33108	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:26.058772087 CEST	33108	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:26.059340000 CEST	33108	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:26.065340042 CEST	80	33108	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:26.526227951 CEST	80	33108	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:26.526283979 CEST	80	33108	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:26.526393890 CEST	33108	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:26.526437998 CEST	33108	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:26.531348944 CEST	80	33108	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:49.859952927 CEST	33110	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:49.865695953 CEST	80	33110	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:49.865767002 CEST	33110	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:49.866497993 CEST	33110	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:49.871352911 CEST	80	33110	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:50.344234943 CEST	80	33110	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:50.344350100 CEST	80	33110	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:50.344398975 CEST	33110	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:50.344537020 CEST	33110	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:50.349378109 CEST	80	33110	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:59.101859093 CEST	33112	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:59.108006954 CEST	80	33112	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:59.108098984 CEST	33112	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:59.109082937 CEST	33112	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:59.115457058 CEST	80	33112	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:59.797863007 CEST	80	33112	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:59.797882080 CEST	80	33112	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:59.797888994 CEST	80	33112	199.59.243.227	192.168.2.14
Oct 8, 2024 20:20:59.798033953 CEST	33112	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:59.798033953 CEST	33112	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:59.798141003 CEST	33112	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:20:59.803253889 CEST	80	33112	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:13.674357891 CEST	33114	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:13.679318905 CEST	80	33114	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:13.679395914 CEST	33114	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:13.680114985 CEST	33114	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:13.685018063 CEST	80	33114	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:14.162556887 CEST	80	33114	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:14.162638903 CEST	80	33114	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:14.162975073 CEST	33114	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:14.163007975 CEST	33114	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:14.168059111 CEST	80	33114	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:30.041249037 CEST	33116	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:30.046802044 CEST	80	33116	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:30.046906948 CEST	33116	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:30.048418045 CEST	33116	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:30.052959919 CEST	80	33116	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:30.053097010 CEST	33116	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:30.053875923 CEST	80	33116	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:30.058693886 CEST	80	33116	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:42.447593927 CEST	33118	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:42.452490091 CEST	80	33118	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:42.452581882 CEST	33118	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:42.453486919 CEST	33118	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:42.458334923 CEST	80	33118	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:42.927510977 CEST	80	33118	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:42.927668095 CEST	80	33118	199.59.243.227	192.168.2.14
Oct 8, 2024 20:21:42.927896976 CEST	33118	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:42.927980900 CEST	33118	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:21:42.934856892 CEST	80	33118	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:14.815640926 CEST	33120	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:14.820924044 CEST	80	33120	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:14.821052074 CEST	33120	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:14.822201967 CEST	33120	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:14.827188015 CEST	80	33120	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:15.279346943 CEST	80	33120	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:15.279478073 CEST	80	33120	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:15.279597044 CEST	33120	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:15.279673100 CEST	33120	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:15.284615040 CEST	80	33120	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:32.206984997 CEST	33122	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:32.212446928 CEST	80	33122	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:32.212616920 CEST	33122	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:32.213443995 CEST	33122	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:32.218233109 CEST	80	33122	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:32.218414068 CEST	33122	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:32.218513966 CEST	80	33122	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:32.223617077 CEST	80	33122	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:45.649241924 CEST	33124	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:45.654429913 CEST	80	33124	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:45.654553890 CEST	33124	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:45.655659914 CEST	33124	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:45.661699057 CEST	80	33124	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:46.120522976 CEST	80	33124	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:46.120574951 CEST	80	33124	199.59.243.227	192.168.2.14
Oct 8, 2024 20:22:46.120702982 CEST	33124	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:46.120702982 CEST	33124	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:22:46.127016068 CEST	80	33124	199.59.243.227	192.168.2.14
Oct 8, 2024 20:23:08.046067953 CEST	33126	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:23:08.051054001 CEST	80	33126	199.59.243.227	192.168.2.14
Oct 8, 2024 20:23:08.051145077 CEST	33126	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:23:08.052462101 CEST	33126	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:23:08.057257891 CEST	80	33126	199.59.243.227	192.168.2.14
Oct 8, 2024 20:23:08.529373884 CEST	80	33126	199.59.243.227	192.168.2.14
Oct 8, 2024 20:23:08.529603958 CEST	33126	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:23:08.529694080 CEST	80	33126	199.59.243.227	192.168.2.14
Oct 8, 2024 20:23:08.529803038 CEST	33126	80	192.168.2.14	199.59.243.227
Oct 8, 2024 20:23:08.535788059 CEST	80	33126	199.59.243.227	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 20:19:40.450983047 CEST	33218	53	192.168.2.14	63.231.92.27
Oct 8, 2024 20:19:40.597141981 CEST	53	33218	63.231.92.27	192.168.2.14
Oct 8, 2024 20:19:40.600852013 CEST	35711	53	192.168.2.14	192.3.165.37
Oct 8, 2024 20:19:40.699297905 CEST	53	35711	192.3.165.37	192.168.2.14
Oct 8, 2024 20:19:40.700542927 CEST	37951	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:19:40.710639000 CEST	53	37951	185.84.81.194	192.168.2.14
Oct 8, 2024 20:19:40.712369919 CEST	57251	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:19:40.723932028 CEST	53	57251	116.203.104.203	192.168.2.14
Oct 8, 2024 20:19:40.725243092 CEST	56864	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:19:40.735186100 CEST	53	56864	116.203.104.203	192.168.2.14
Oct 8, 2024 20:19:40.736689091 CEST	39131	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:19:42.061801910 CEST	5353	39131	116.203.104.203	192.168.2.14
Oct 8, 2024 20:19:42.063604116 CEST	36922	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:19:42.074065924 CEST	53	36922	116.203.104.203	192.168.2.14
Oct 8, 2024 20:19:42.076646090 CEST	36197	53	192.168.2.14	63.231.92.27
Oct 8, 2024 20:19:42.235573053 CEST	53	36197	63.231.92.27	192.168.2.14
Oct 8, 2024 20:19:42.239484072 CEST	49106	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:19:42.250123978 CEST	53	49106	185.84.81.194	192.168.2.14
Oct 8, 2024 20:19:42.252120972 CEST	53325	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:19:42.262043953 CEST	53	53325	116.203.104.203	192.168.2.14
Oct 8, 2024 20:19:42.265103102 CEST	52231	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:19:42.274955034 CEST	53	52231	116.203.104.203	192.168.2.14
Oct 8, 2024 20:19:42.279901028 CEST	46773	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:19:47.280822992 CEST	58891	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.288454056 CEST	53	58891	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:47.289040089 CEST	34698	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.297095060 CEST	53	34698	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:47.297669888 CEST	36968	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.304200888 CEST	53	36968	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:47.304749966 CEST	39734	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.311883926 CEST	53	39734	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:47.312786102 CEST	55483	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.319752932 CEST	53	55483	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:47.320370913 CEST	36370	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.329379082 CEST	53	36370	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:47.329984903 CEST	55654	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.341173887 CEST	53	55654	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:47.341712952 CEST	56061	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.349178076 CEST	53	56061	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:47.349677086 CEST	42762	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.357510090 CEST	53	42762	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:47.358007908 CEST	59312	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:19:47.365142107 CEST	53	59312	8.8.8.8	192.168.2.14
Oct 8, 2024 20:19:48.845206022 CEST	35093	5353	192.168.2.14	130.61.64.122
Oct 8, 2024 20:19:53.849376917 CEST	54522	5353	192.168.2.14	54.36.111.116
Oct 8, 2024 20:19:58.855736971 CEST	58382	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:19:58.866183043 CEST	53	58382	185.84.81.194	192.168.2.14
Oct 8, 2024 20:19:58.866838932 CEST	43325	53	192.168.2.14	130.61.64.122
Oct 8, 2024 20:19:58.875030041 CEST	53	43325	130.61.64.122	192.168.2.14
Oct 8, 2024 20:19:58.875930071 CEST	39888	5353	192.168.2.14	161.97.219.84
Oct 8, 2024 20:19:59.684346914 CEST	5353	39888	161.97.219.84	192.168.2.14
Oct 8, 2024 20:19:59.685667038 CEST	58531	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:19:59.697520018 CEST	53	58531	116.203.104.203	192.168.2.14
Oct 8, 2024 20:19:59.698436022 CEST	59048	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:19:59.708340883 CEST	53	59048	116.203.104.203	192.168.2.14
Oct 8, 2024 20:19:59.709052086 CEST	55067	5353	192.168.2.14	162.243.19.47
Oct 8, 2024 20:20:04.715361118 CEST	58622	5353	192.168.2.14	54.36.111.116
Oct 8, 2024 20:20:09.721781969 CEST	52637	5353	192.168.2.14	192.3.165.37
Oct 8, 2024 20:20:10.968718052 CEST	5353	52637	192.3.165.37	192.168.2.14
Oct 8, 2024 20:20:10.979000092 CEST	47965	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:11.519974947 CEST	5353	47965	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:11.525162935 CEST	33139	53	192.168.2.14	54.36.111.116
Oct 8, 2024 20:20:11.547236919 CEST	43498	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.555303097 CEST	53	43498	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:11.562331915 CEST	36615	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.569261074 CEST	53	36615	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:11.578017950 CEST	44836	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.584671021 CEST	53	44836	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:11.589751005 CEST	45152	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.596559048 CEST	53	45152	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:11.602782965 CEST	56753	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.609913111 CEST	53	56753	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:11.615158081 CEST	57257	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.622176886 CEST	53	57257	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:11.627296925 CEST	38768	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.633910894 CEST	53	38768	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:11.639364004 CEST	42501	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.646716118 CEST	53	42501	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:11.650760889 CEST	55693	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.657272100 CEST	53	55693	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:11.673908949 CEST	52739	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:11.680421114 CEST	53	52739	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:13.175182104 CEST	36185	53	192.168.2.14	130.61.69.123
Oct 8, 2024 20:20:13.182322025 CEST	53	36185	130.61.69.123	192.168.2.14
Oct 8, 2024 20:20:13.182934999 CEST	44986	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:20:13.193257093 CEST	53	44986	185.84.81.194	192.168.2.14
Oct 8, 2024 20:20:13.193872929 CEST	51500	53	192.168.2.14	192.3.165.37
Oct 8, 2024 20:20:13.298801899 CEST	53	51500	192.3.165.37	192.168.2.14
Oct 8, 2024 20:20:13.300033092 CEST	43268	5353	192.168.2.14	162.243.19.47
Oct 8, 2024 20:20:18.303220987 CEST	44425	5353	192.168.2.14	162.243.19.47
Oct 8, 2024 20:20:23.309140921 CEST	48699	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:23.319907904 CEST	53	48699	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:23.320707083 CEST	56179	53	192.168.2.14	161.97.219.84
Oct 8, 2024 20:20:23.507981062 CEST	53	56179	161.97.219.84	192.168.2.14
Oct 8, 2024 20:20:23.508842945 CEST	46844	53	192.168.2.14	161.97.219.84
Oct 8, 2024 20:20:23.697593927 CEST	53	46844	161.97.219.84	192.168.2.14
Oct 8, 2024 20:20:23.699348927 CEST	34301	5353	192.168.2.14	192.3.165.37
Oct 8, 2024 20:20:24.781743050 CEST	5353	34301	192.3.165.37	192.168.2.14
Oct 8, 2024 20:20:24.782831907 CEST	52459	53	192.168.2.14	63.231.92.27
Oct 8, 2024 20:20:25.458728075 CEST	53	52459	63.231.92.27	192.168.2.14
Oct 8, 2024 20:20:25.459841013 CEST	46787	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:25.470024109 CEST	53	46787	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:25.470882893 CEST	36787	5353	192.168.2.14	161.97.219.84
Oct 8, 2024 20:20:25.974101067 CEST	5353	36787	161.97.219.84	192.168.2.14
Oct 8, 2024 20:20:25.975157022 CEST	44831	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:25.981693029 CEST	53	44831	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:25.982712984 CEST	55221	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:25.989029884 CEST	53	55221	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:25.989943981 CEST	48454	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:25.997886896 CEST	53	48454	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:25.998733044 CEST	35305	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:26.008369923 CEST	53	35305	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:26.009068966 CEST	56391	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:26.015908957 CEST	53	56391	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:26.016515017 CEST	34081	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:26.022845030 CEST	53	34081	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:26.023590088 CEST	52729	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:26.030278921 CEST	53	52729	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:26.031186104 CEST	48942	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:26.037839890 CEST	53	48942	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:26.038435936 CEST	37902	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:26.045129061 CEST	53	37902	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:26.045814991 CEST	44663	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:26.052700043 CEST	53	44663	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:27.528486013 CEST	33820	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:27.541825056 CEST	53	33820	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:27.542772055 CEST	55890	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:27.552789927 CEST	53	55890	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:27.553750992 CEST	53320	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:28.104345083 CEST	5353	53320	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:28.105355978 CEST	51820	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:20:33.110677004 CEST	47340	5353	192.168.2.14	130.61.64.122
Oct 8, 2024 20:20:38.113682032 CEST	35855	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:20:43.119775057 CEST	43253	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:43.670248985 CEST	5353	43253	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:43.672161102 CEST	57030	53	192.168.2.14	54.36.111.116
Oct 8, 2024 20:20:43.679327011 CEST	38941	5353	192.168.2.14	192.3.165.37
Oct 8, 2024 20:20:44.161928892 CEST	5353	38941	192.3.165.37	192.168.2.14
Oct 8, 2024 20:20:44.163414955 CEST	44875	5353	192.168.2.14	185.84.81.194
Oct 8, 2024 20:20:44.688043118 CEST	5353	44875	185.84.81.194	192.168.2.14
Oct 8, 2024 20:20:44.689743042 CEST	34063	5353	192.168.2.14	130.61.64.122
Oct 8, 2024 20:20:49.692643881 CEST	38758	53	192.168.2.14	162.243.19.47
Oct 8, 2024 20:20:49.780920982 CEST	53	38758	162.243.19.47	192.168.2.14
Oct 8, 2024 20:20:49.782166004 CEST	55568	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.788589954 CEST	53	55568	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:49.789650917 CEST	36319	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.795938015 CEST	53	36319	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:49.797028065 CEST	56734	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.803431034 CEST	53	56734	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:49.804451942 CEST	57490	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.811760902 CEST	53	57490	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:49.812952042 CEST	38327	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.819536924 CEST	53	38327	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:49.820633888 CEST	59323	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.827713966 CEST	53	59323	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:49.828922987 CEST	42480	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.836491108 CEST	53	42480	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:49.837496042 CEST	35668	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.844433069 CEST	53	35668	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:49.845491886 CEST	48604	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.852263927 CEST	53	48604	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:49.853162050 CEST	58005	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:49.859569073 CEST	53	58005	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:51.347414970 CEST	41683	53	192.168.2.14	192.3.165.37
Oct 8, 2024 20:20:51.442116976 CEST	53	41683	192.3.165.37	192.168.2.14
Oct 8, 2024 20:20:51.443342924 CEST	48513	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:51.455539942 CEST	53	48513	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:51.456608057 CEST	33118	5353	192.168.2.14	130.61.64.122
Oct 8, 2024 20:20:56.461132050 CEST	47605	53	192.168.2.14	192.3.165.37
Oct 8, 2024 20:20:56.715090036 CEST	53	47605	192.3.165.37	192.168.2.14
Oct 8, 2024 20:20:56.716491938 CEST	34969	53	192.168.2.14	192.3.165.37
Oct 8, 2024 20:20:56.809453011 CEST	53	34969	192.3.165.37	192.168.2.14
Oct 8, 2024 20:20:56.810951948 CEST	35867	53	192.168.2.14	130.61.64.122
Oct 8, 2024 20:20:56.818171978 CEST	53	35867	130.61.64.122	192.168.2.14
Oct 8, 2024 20:20:56.819364071 CEST	33190	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:57.382746935 CEST	5353	33190	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:57.384193897 CEST	52608	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:57.932131052 CEST	5353	52608	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:57.933525085 CEST	51332	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:20:57.944401026 CEST	53	51332	185.84.81.194	192.168.2.14
Oct 8, 2024 20:20:57.945282936 CEST	56145	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:20:58.484025955 CEST	5353	56145	116.203.104.203	192.168.2.14
Oct 8, 2024 20:20:58.485313892 CEST	32969	53	192.168.2.14	130.61.69.123
Oct 8, 2024 20:20:58.492290020 CEST	53	32969	130.61.69.123	192.168.2.14
Oct 8, 2024 20:20:58.493094921 CEST	39098	5353	192.168.2.14	185.84.81.194
Oct 8, 2024 20:20:59.024666071 CEST	5353	39098	185.84.81.194	192.168.2.14
Oct 8, 2024 20:20:59.025871992 CEST	56171	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.032149076 CEST	53	56171	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:59.032972097 CEST	40992	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.039442062 CEST	53	40992	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:59.040292025 CEST	38133	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.047205925 CEST	53	38133	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:59.048290014 CEST	47240	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.054913998 CEST	53	47240	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:59.055947065 CEST	58828	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.062561989 CEST	53	58828	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:59.063580036 CEST	34892	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.070183039 CEST	53	34892	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:59.071166992 CEST	54762	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.077792883 CEST	53	54762	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:59.078754902 CEST	49089	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.085407972 CEST	53	49089	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:59.086365938 CEST	44292	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.093630075 CEST	53	44292	8.8.8.8	192.168.2.14
Oct 8, 2024 20:20:59.094623089 CEST	41039	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:20:59.101254940 CEST	53	41039	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:00.800580978 CEST	38202	53	192.168.2.14	130.61.69.123
Oct 8, 2024 20:21:00.808069944 CEST	53	38202	130.61.69.123	192.168.2.14
Oct 8, 2024 20:21:00.808980942 CEST	34886	53	192.168.2.14	161.97.219.84
Oct 8, 2024 20:21:00.994215965 CEST	53	34886	161.97.219.84	192.168.2.14
Oct 8, 2024 20:21:00.995496988 CEST	49983	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:21:01.008327007 CEST	53	49983	116.203.104.203	192.168.2.14
Oct 8, 2024 20:21:01.009392023 CEST	38177	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:21:01.549860001 CEST	5353	38177	116.203.104.203	192.168.2.14
Oct 8, 2024 20:21:01.551254034 CEST	57944	53	192.168.2.14	162.243.19.47
Oct 8, 2024 20:21:01.646045923 CEST	53	57944	162.243.19.47	192.168.2.14
Oct 8, 2024 20:21:01.647310972 CEST	36819	53	192.168.2.14	162.243.19.47
Oct 8, 2024 20:21:01.732405901 CEST	53	36819	162.243.19.47	192.168.2.14
Oct 8, 2024 20:21:01.733743906 CEST	32832	5353	192.168.2.14	192.3.165.37
Oct 8, 2024 20:21:02.215987921 CEST	5353	32832	192.3.165.37	192.168.2.14
Oct 8, 2024 20:21:02.217674017 CEST	33777	5353	192.168.2.14	63.231.92.27
Oct 8, 2024 20:21:02.790657043 CEST	5353	33777	63.231.92.27	192.168.2.14
Oct 8, 2024 20:21:02.791832924 CEST	54833	53	192.168.2.14	162.243.19.47
Oct 8, 2024 20:21:03.396605015 CEST	53	54833	162.243.19.47	192.168.2.14
Oct 8, 2024 20:21:03.397970915 CEST	45353	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:21:08.401266098 CEST	53729	5353	192.168.2.14	54.36.111.116
Oct 8, 2024 20:21:13.405407906 CEST	57738	53	192.168.2.14	161.97.219.84
Oct 8, 2024 20:21:13.593156099 CEST	53	57738	161.97.219.84	192.168.2.14
Oct 8, 2024 20:21:13.594742060 CEST	40723	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.602981091 CEST	53	40723	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:13.604020119 CEST	34453	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.611471891 CEST	53	34453	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:13.612463951 CEST	40525	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.620152950 CEST	53	40525	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:13.621126890 CEST	59445	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.629000902 CEST	53	59445	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:13.629873037 CEST	36547	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.636547089 CEST	53	36547	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:13.638679981 CEST	51278	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.645260096 CEST	53	51278	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:13.646039963 CEST	57436	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.652364016 CEST	53	57436	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:13.653098106 CEST	56889	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.659559965 CEST	53	56889	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:13.660479069 CEST	44158	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.666831970 CEST	53	44158	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:13.667658091 CEST	33964	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:13.673963070 CEST	53	33964	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:15.165838957 CEST	39478	5353	192.168.2.14	185.84.81.194
Oct 8, 2024 20:21:16.009663105 CEST	5353	39478	185.84.81.194	192.168.2.14
Oct 8, 2024 20:21:16.011054039 CEST	54623	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:21:16.022658110 CEST	53	54623	116.203.104.203	192.168.2.14
Oct 8, 2024 20:21:16.023665905 CEST	37319	53	192.168.2.14	130.61.64.122
Oct 8, 2024 20:21:16.032110929 CEST	53	37319	130.61.64.122	192.168.2.14
Oct 8, 2024 20:21:16.032900095 CEST	40806	5353	192.168.2.14	130.61.64.122
Oct 8, 2024 20:21:21.039083958 CEST	44043	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:21:22.265096903 CEST	5353	44043	116.203.104.203	192.168.2.14
Oct 8, 2024 20:21:22.266781092 CEST	40723	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:21:22.813466072 CEST	5353	40723	116.203.104.203	192.168.2.14
Oct 8, 2024 20:21:22.814754963 CEST	58602	5353	192.168.2.14	63.231.92.27
Oct 8, 2024 20:21:23.438535929 CEST	5353	58602	63.231.92.27	192.168.2.14
Oct 8, 2024 20:21:23.439995050 CEST	37506	53	192.168.2.14	54.36.111.116
Oct 8, 2024 20:21:23.447798967 CEST	38594	53	192.168.2.14	130.61.64.122
Oct 8, 2024 20:21:23.455792904 CEST	53	38594	130.61.64.122	192.168.2.14
Oct 8, 2024 20:21:23.456909895 CEST	56671	5353	192.168.2.14	162.243.19.47
Oct 8, 2024 20:21:28.464844942 CEST	35159	53	192.168.2.14	192.3.165.37
Oct 8, 2024 20:21:28.891568899 CEST	53	35159	192.3.165.37	192.168.2.14
Oct 8, 2024 20:21:28.894387007 CEST	35433	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:21:29.558475018 CEST	5353	35433	116.203.104.203	192.168.2.14
Oct 8, 2024 20:21:29.560635090 CEST	40349	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:29.965619087 CEST	53	40349	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:29.967777014 CEST	40137	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:29.974853039 CEST	53	40137	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:29.975598097 CEST	37870	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:29.981831074 CEST	53	37870	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:29.982559919 CEST	56038	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:29.989073038 CEST	53	56038	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:29.990434885 CEST	54757	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:29.997533083 CEST	53	54757	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:29.999114037 CEST	37568	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:30.006899118 CEST	53	37568	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:30.008266926 CEST	44220	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:30.014919996 CEST	53	44220	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:30.016427994 CEST	47454	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:30.022896051 CEST	53	47454	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:30.024295092 CEST	60247	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:30.030936956 CEST	53	60247	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:30.032936096 CEST	49610	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:30.039921999 CEST	53	49610	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:31.055622101 CEST	44422	53	192.168.2.14	162.243.19.47
Oct 8, 2024 20:21:31.148807049 CEST	53	44422	162.243.19.47	192.168.2.14
Oct 8, 2024 20:21:31.149867058 CEST	51655	53	192.168.2.14	161.97.219.84
Oct 8, 2024 20:21:31.338769913 CEST	53	51655	161.97.219.84	192.168.2.14
Oct 8, 2024 20:21:31.341202021 CEST	44003	53	192.168.2.14	130.61.69.123
Oct 8, 2024 20:21:31.349564075 CEST	53	44003	130.61.69.123	192.168.2.14
Oct 8, 2024 20:21:31.350853920 CEST	53816	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:21:36.355684042 CEST	50649	5353	192.168.2.14	130.61.64.122
Oct 8, 2024 20:21:41.359081984 CEST	59974	53	192.168.2.14	63.231.92.27
Oct 8, 2024 20:21:41.505295992 CEST	53	59974	63.231.92.27	192.168.2.14
Oct 8, 2024 20:21:41.506524086 CEST	39150	53	192.168.2.14	192.3.165.37
Oct 8, 2024 20:21:41.612451077 CEST	53	39150	192.3.165.37	192.168.2.14
Oct 8, 2024 20:21:41.613893986 CEST	54325	53	192.168.2.14	54.36.111.116
Oct 8, 2024 20:21:41.620345116 CEST	54621	53	192.168.2.14	63.231.92.27
Oct 8, 2024 20:21:41.769054890 CEST	53	54621	63.231.92.27	192.168.2.14
Oct 8, 2024 20:21:41.770298004 CEST	54197	53	192.168.2.14	130.61.64.122
Oct 8, 2024 20:21:41.779650927 CEST	53	54197	130.61.64.122	192.168.2.14
Oct 8, 2024 20:21:41.780842066 CEST	59100	5353	192.168.2.14	192.3.165.37
Oct 8, 2024 20:21:42.261579037 CEST	5353	59100	192.3.165.37	192.168.2.14
Oct 8, 2024 20:21:42.263192892 CEST	44446	53	192.168.2.14	192.3.165.37
Oct 8, 2024 20:21:42.368673086 CEST	53	44446	192.3.165.37	192.168.2.14
Oct 8, 2024 20:21:42.369926929 CEST	40294	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.376421928 CEST	53	40294	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:42.377404928 CEST	52272	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.383863926 CEST	53	52272	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:42.384810925 CEST	54531	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.390993118 CEST	53	54531	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:42.391942024 CEST	56634	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.398338079 CEST	53	56634	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:42.399290085 CEST	50901	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.406636000 CEST	53	50901	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:42.407660961 CEST	38585	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.414947987 CEST	53	38585	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:42.415918112 CEST	33326	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.423352957 CEST	53	33326	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:42.424295902 CEST	59436	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.432316065 CEST	53	59436	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:42.433295965 CEST	41267	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.439754009 CEST	53	41267	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:42.440684080 CEST	42229	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:21:42.447081089 CEST	53	42229	8.8.8.8	192.168.2.14
Oct 8, 2024 20:21:43.932143927 CEST	54515	5353	192.168.2.14	54.36.111.116
Oct 8, 2024 20:21:48.938949108 CEST	44895	53	192.168.2.14	130.61.64.122
Oct 8, 2024 20:21:48.947310925 CEST	53	44895	130.61.64.122	192.168.2.14
Oct 8, 2024 20:21:48.948759079 CEST	56672	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:21:53.952384949 CEST	45091	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:21:54.529213905 CEST	5353	45091	116.203.104.203	192.168.2.14
Oct 8, 2024 20:21:54.530980110 CEST	58298	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:21:54.541337013 CEST	53	58298	185.84.81.194	192.168.2.14
Oct 8, 2024 20:21:54.542673111 CEST	37103	5353	192.168.2.14	54.36.111.116
Oct 8, 2024 20:21:59.549328089 CEST	45796	5353	192.168.2.14	130.61.64.122
Oct 8, 2024 20:22:04.554044008 CEST	33157	5353	192.168.2.14	54.36.111.116
Oct 8, 2024 20:22:09.560681105 CEST	39902	53	192.168.2.14	130.61.69.123
Oct 8, 2024 20:22:09.567987919 CEST	53	39902	130.61.69.123	192.168.2.14
Oct 8, 2024 20:22:09.569088936 CEST	45284	53	192.168.2.14	63.231.92.27
Oct 8, 2024 20:22:09.716829062 CEST	53	45284	63.231.92.27	192.168.2.14
Oct 8, 2024 20:22:09.718280077 CEST	52634	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:22:09.729362011 CEST	53	52634	185.84.81.194	192.168.2.14
Oct 8, 2024 20:22:09.730479956 CEST	57950	5353	192.168.2.14	162.243.19.47
Oct 8, 2024 20:22:14.734802961 CEST	56566	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.741763115 CEST	53	56566	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:14.742727041 CEST	40058	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.750847101 CEST	53	40058	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:14.751638889 CEST	39617	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.759644985 CEST	53	39617	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:14.760427952 CEST	49719	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.767240047 CEST	53	49719	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:14.768131971 CEST	50054	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.774918079 CEST	53	50054	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:14.775957108 CEST	49846	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.782553911 CEST	53	49846	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:14.783574104 CEST	46339	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.790153027 CEST	53	46339	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:14.791421890 CEST	45578	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.799017906 CEST	53	45578	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:14.800326109 CEST	47402	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.807483912 CEST	53	47402	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:14.808465958 CEST	58814	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:14.814989090 CEST	53	58814	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:16.282881021 CEST	34492	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:22:16.293931007 CEST	53	34492	116.203.104.203	192.168.2.14
Oct 8, 2024 20:22:16.295285940 CEST	58125	53	192.168.2.14	130.61.69.123
Oct 8, 2024 20:22:16.303002119 CEST	53	58125	130.61.69.123	192.168.2.14
Oct 8, 2024 20:22:16.304280996 CEST	51692	53	192.168.2.14	54.36.111.116
Oct 8, 2024 20:22:16.311481953 CEST	41221	53	192.168.2.14	130.61.64.122
Oct 8, 2024 20:22:16.318576097 CEST	53	41221	130.61.64.122	192.168.2.14
Oct 8, 2024 20:22:16.319652081 CEST	38723	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:22:16.330110073 CEST	53	38723	116.203.104.203	192.168.2.14
Oct 8, 2024 20:22:16.331590891 CEST	52723	53	192.168.2.14	54.36.111.116
Oct 8, 2024 20:22:16.341183901 CEST	57275	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:22:20.754434109 CEST	44368	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:20.754586935 CEST	34209	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:20.761200905 CEST	53	44368	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:20.761496067 CEST	53	34209	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:21.348764896 CEST	36462	53	192.168.2.14	161.97.219.84
Oct 8, 2024 20:22:21.536858082 CEST	53	36462	161.97.219.84	192.168.2.14
Oct 8, 2024 20:22:21.543078899 CEST	52770	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:22:26.545972109 CEST	38680	53	192.168.2.14	54.36.111.116
Oct 8, 2024 20:22:26.552232981 CEST	50046	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:22:27.114208937 CEST	5353	50046	116.203.104.203	192.168.2.14
Oct 8, 2024 20:22:27.115492105 CEST	52123	5353	192.168.2.14	162.243.19.47
Oct 8, 2024 20:22:32.118746996 CEST	50498	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.125714064 CEST	53	50498	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:32.127082109 CEST	50623	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.134011030 CEST	53	50623	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:32.135212898 CEST	51057	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.143198967 CEST	53	51057	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:32.144542933 CEST	50048	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.153439999 CEST	53	50048	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:32.154838085 CEST	39202	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.162220001 CEST	53	39202	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:32.163469076 CEST	49083	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.171412945 CEST	53	49083	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:32.173027039 CEST	35007	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.180496931 CEST	53	35007	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:32.181912899 CEST	37857	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.189418077 CEST	53	37857	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:32.190607071 CEST	34325	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.197966099 CEST	53	34325	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:32.198987007 CEST	33701	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:32.206382990 CEST	53	33701	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:33.220758915 CEST	40370	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:22:33.233248949 CEST	53	40370	116.203.104.203	192.168.2.14
Oct 8, 2024 20:22:33.234226942 CEST	45830	5353	192.168.2.14	192.3.165.37
Oct 8, 2024 20:22:33.697509050 CEST	5353	45830	192.3.165.37	192.168.2.14
Oct 8, 2024 20:22:33.699328899 CEST	43519	5353	192.168.2.14	162.243.19.47
Oct 8, 2024 20:22:38.706227064 CEST	43032	53	192.168.2.14	130.61.69.123
Oct 8, 2024 20:22:38.712991953 CEST	53	43032	130.61.69.123	192.168.2.14
Oct 8, 2024 20:22:38.714258909 CEST	49023	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:22:38.723984003 CEST	53	49023	116.203.104.203	192.168.2.14
Oct 8, 2024 20:22:38.725347042 CEST	38991	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:22:38.735179901 CEST	53	38991	116.203.104.203	192.168.2.14
Oct 8, 2024 20:22:38.736512899 CEST	56888	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:22:39.296905994 CEST	5353	56888	116.203.104.203	192.168.2.14
Oct 8, 2024 20:22:39.298621893 CEST	33570	5353	192.168.2.14	185.84.81.194
Oct 8, 2024 20:22:39.845391035 CEST	5353	33570	185.84.81.194	192.168.2.14
Oct 8, 2024 20:22:39.847116947 CEST	47881	5353	192.168.2.14	192.3.165.37
Oct 8, 2024 20:22:40.306348085 CEST	5353	47881	192.3.165.37	192.168.2.14
Oct 8, 2024 20:22:40.308465958 CEST	45588	53	192.168.2.14	63.231.92.27
Oct 8, 2024 20:22:40.455329895 CEST	53	45588	63.231.92.27	192.168.2.14
Oct 8, 2024 20:22:40.457556963 CEST	44982	53	192.168.2.14	192.3.165.37
Oct 8, 2024 20:22:40.558485985 CEST	53	44982	192.3.165.37	192.168.2.14
Oct 8, 2024 20:22:40.561372995 CEST	47012	5353	192.168.2.14	162.243.19.47
Oct 8, 2024 20:22:45.568222046 CEST	43182	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.575251102 CEST	53	43182	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:45.576523066 CEST	60185	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.584537029 CEST	53	60185	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:45.585745096 CEST	35795	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.592187881 CEST	53	35795	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:45.593265057 CEST	51490	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.600178957 CEST	53	51490	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:45.601440907 CEST	34683	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.607706070 CEST	53	34683	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:45.608937979 CEST	43813	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.616080999 CEST	53	43813	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:45.617265940 CEST	59361	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.623949051 CEST	53	59361	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:45.625127077 CEST	44305	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.631994963 CEST	53	44305	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:45.633183002 CEST	52004	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.640497923 CEST	53	52004	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:45.641671896 CEST	46723	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:22:45.648638964 CEST	53	46723	8.8.8.8	192.168.2.14
Oct 8, 2024 20:22:47.124106884 CEST	58689	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:22:47.134983063 CEST	53	58689	185.84.81.194	192.168.2.14
Oct 8, 2024 20:22:47.136147976 CEST	56539	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:22:47.146492004 CEST	53	56539	116.203.104.203	192.168.2.14
Oct 8, 2024 20:22:47.147855997 CEST	49260	53	192.168.2.14	161.97.219.84
Oct 8, 2024 20:22:47.335040092 CEST	53	49260	161.97.219.84	192.168.2.14
Oct 8, 2024 20:22:47.337193012 CEST	44033	5353	192.168.2.14	130.61.64.122
Oct 8, 2024 20:22:52.343523979 CEST	54008	53	192.168.2.14	130.61.64.122
Oct 8, 2024 20:22:52.351399899 CEST	53	54008	130.61.64.122	192.168.2.14
Oct 8, 2024 20:22:52.352430105 CEST	33472	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:22:52.366350889 CEST	53	33472	185.84.81.194	192.168.2.14
Oct 8, 2024 20:22:52.367400885 CEST	58161	53	192.168.2.14	185.84.81.194
Oct 8, 2024 20:22:52.379476070 CEST	53	58161	185.84.81.194	192.168.2.14
Oct 8, 2024 20:22:52.380722046 CEST	60913	53	192.168.2.14	130.61.64.122
Oct 8, 2024 20:22:52.389607906 CEST	53	60913	130.61.64.122	192.168.2.14
Oct 8, 2024 20:22:52.390939951 CEST	58204	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:22:57.397502899 CEST	36267	5353	192.168.2.14	130.61.69.123
Oct 8, 2024 20:23:02.403951883 CEST	59901	5353	192.168.2.14	130.61.64.122
Oct 8, 2024 20:23:07.410006046 CEST	56413	5353	192.168.2.14	116.203.104.203
Oct 8, 2024 20:23:07.959861994 CEST	5353	56413	116.203.104.203	192.168.2.14
Oct 8, 2024 20:23:07.962085009 CEST	48766	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:07.969052076 CEST	53	48766	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:07.970398903 CEST	47691	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:07.977313042 CEST	53	47691	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:07.978710890 CEST	42722	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:07.985136032 CEST	53	42722	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:07.986160994 CEST	50698	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:07.992619991 CEST	53	50698	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:07.993621111 CEST	48795	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:08.000884056 CEST	53	48795	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:08.002306938 CEST	42368	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:08.009398937 CEST	53	42368	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:08.010793924 CEST	60662	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:08.020190954 CEST	53	60662	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:08.021522045 CEST	58811	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:08.028004885 CEST	53	58811	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:08.029375076 CEST	48270	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:08.036195993 CEST	53	48270	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:08.037600040 CEST	44615	53	192.168.2.14	8.8.8.8
Oct 8, 2024 20:23:08.045350075 CEST	53	44615	8.8.8.8	192.168.2.14
Oct 8, 2024 20:23:09.533267975 CEST	57951	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:23:09.546632051 CEST	53	57951	116.203.104.203	192.168.2.14
Oct 8, 2024 20:23:09.548034906 CEST	47017	53	192.168.2.14	54.36.111.116
Oct 8, 2024 20:23:09.557205915 CEST	48938	53	192.168.2.14	162.243.19.47
Oct 8, 2024 20:23:09.642429113 CEST	53	48938	162.243.19.47	192.168.2.14
Oct 8, 2024 20:23:09.644006968 CEST	39296	53	192.168.2.14	116.203.104.203
Oct 8, 2024 20:23:09.655893087 CEST	53	39296	116.203.104.203	192.168.2.14
Oct 8, 2024 20:23:09.657084942 CEST	53398	5353	192.168.2.14	162.243.19.47
Oct 8, 2024 20:23:14.665608883 CEST	55630	5353	192.168.2.14	54.36.111.116

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 8, 2024 20:20:11.540188074 CEST	54.36.111.116	192.168.2.14	6584	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:20:43.678117037 CEST	54.36.111.116	192.168.2.14	6585	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:21:23.446410894 CEST	54.36.111.116	192.168.2.14	6584	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:21:41.619246960 CEST	54.36.111.116	192.168.2.14	6587	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:22:16.310312986 CEST	54.36.111.116	192.168.2.14	6586	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:22:16.340018034 CEST	54.36.111.116	192.168.2.14	6585	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:22:26.551542997 CEST	54.36.111.116	192.168.2.14	6586	(Port unreachable)	Destination Unreachable
Oct 8, 2024 20:23:09.555955887 CEST	54.36.111.116	192.168.2.14	6587	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 20:22:20.754434109 CEST	192.168.2.14	8.8.8.8	0x2745	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:22:20.754586935 CEST	192.168.2.14	8.8.8.8	0xd145	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 20:19:40.699297905 CEST	192.3.165.37	192.168.2.14	0xc22a	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:19:42.074065924 CEST	116.203.104.203	192.168.2.14	0xeb34	Format error (1)	75cents.libre	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:19:59.697520018 CEST	116.203.104.203	192.168.2.14	0x217e	Format error (1)	fortyfivehundred.dyn	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:20:25.458728075 CEST	63.231.92.27	192.168.2.14	0xa0fa	Format error (1)	kr2ddnsnet.dyn	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:20:27.552789927 CEST	116.203.104.203	192.168.2.14	0x4171	Format error (1)	r3racegame.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:20:56.715090036 CEST	192.3.165.37	192.168.2.14	0xb86	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:20:56.809453011 CEST	192.3.165.37	192.168.2.14	0xcde3	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:21:01.732405901 CEST	162.243.19.47	192.168.2.14	0x2783	Format error (1)	kr3ddnsnet1.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:21:41.612451077 CEST	192.3.165.37	192.168.2.14	0x3753	Format error (1)	75cents.libre	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:21:42.368673086 CEST	192.3.165.37	192.168.2.14	0xd0a2	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:21:48.947310925 CEST	130.61.64.122	192.168.2.14	0x1aea	Format error (1)	r3racegame.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:22:09.716829062 CEST	63.231.92.27	192.168.2.14	0x8ede	Format error (1)	kr2ddnsnet.dyn	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:22:20.761200905 CEST	8.8.8.8	192.168.2.14	0x2745	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:22:20.761200905 CEST	8.8.8.8	192.168.2.14	0x2745	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:22:38.723984003 CEST	116.203.104.203	192.168.2.14	0xdb8a	Format error (1)	nineteen.libre	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:22:38.735179901 CEST	116.203.104.203	192.168.2.14	0x6312	Format error (1)	eighteen.pirate	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:22:40.455329895 CEST	63.231.92.27	192.168.2.14	0x7b3b	Format error (1)	eighteen.pirate	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:22:52.351399899 CEST	130.61.64.122	192.168.2.14	0x548d	Format error (1)	r3racegame.indy	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:23:09.655893087 CEST	116.203.104.203	192.168.2.14	0xaac3	Format error (1)	subcarrace.indy	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.14	33104	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:19:47.373347998 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:19:47.843147993 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.14	33106	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:20:11.695779085 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:20:12.173404932 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.14	33108	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:20:26.059340000 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:20:26.526227951 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.14	33110	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:20:49.866497993 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:20:50.344234943 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.14	33112	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:20:59.109082937 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:20:59.797863007 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.14	33114	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:21:13.680114985 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:21:14.162556887 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.14	33116	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:21:30.048418045 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.14	33118	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:21:42.453486919 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:21:42.927510977 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.14	33120	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:22:14.822201967 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:22:15.279346943 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.14	33122	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:22:32.213443995 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.14	33124	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:22:45.655659914 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:22:46.120522976 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.14	33126	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 20:23:08.052462101 CEST	20	OUT	Data Raw: 66 75 63 6b 01 32 ff ff Data Ascii: fuck2
Oct 8, 2024 20:23:08.529373884 CEST	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

System Behavior

Analysis Process: 5FteLLQ1oY.elf PID: 5540, Parent PID: 5457

General

Start time (UTC):	18:19:34
Start date (UTC):	08/10/2024
Path:	/tmp/5FteLLQ1oY.elf
Arguments:	/tmp/5FteLLQ1oY.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: 5FteLLQ1oY.elf PID: 5544, Parent PID: 5540

General

Start time (UTC):	18:19:39
Start date (UTC):	08/10/2024
Path:	/tmp/5FteLLQ1oY.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: 5FteLLQ1oY.elf PID: 5546, Parent PID: 5540

General

Start time (UTC):	18:19:39
Start date (UTC):	08/10/2024
Path:	/tmp/5FteLLQ1oY.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: gnome-session-binary PID: 5580, Parent PID: 1383

General

Start time (UTC):	18:20:09
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5580, Parent PID: 1383

General

Start time (UTC):	18:20:09
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gnome-shell PID: 5580, Parent PID: 1383

General

Start time (UTC):	18:20:09
Start date (UTC):	08/10/2024
Path:	/usr/bin/gnome-shell
Arguments:	/usr/bin/gnome-shell
File size:	23168 bytes
MD5 hash:	da7a257239677622fe4b3a65972c9e87

Chronological Activities

Analysis Process: gnome-session-binary PID: 5583, Parent PID: 1383

General

Start time (UTC):	18:20:09
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5583, Parent PID: 1383

General

Start time (UTC):	18:20:09
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-sharing PID: 5583, Parent PID: 1383

General

Start time (UTC):	18:20:09
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-sharing
Arguments:	/usr/libexec/gsd-sharing
File size:	35424 bytes
MD5 hash:	e29d9025d98590fbb69f89fdbd4438b3

Chronological Activities

Analysis Process: gdm3 PID: 5584, Parent PID: 1289

General

Start time (UTC):	18:20:10
Start date (UTC):	08/10/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 5584, Parent PID: 1289

General

Start time (UTC):	18:20:10
Start date (UTC):	08/10/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm3 PID: 5605, Parent PID: 1289

General

Start time (UTC):	18:20:10
Start date (UTC):	08/10/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 5605, Parent PID: 1289

General

Start time (UTC):	18:20:10
Start date (UTC):	08/10/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 5611, Parent PID: 1

General

Start time (UTC):	18:20:21
Start date (UTC):	08/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-user-runtime-dir PID: 5611, Parent PID: 1

General

Start time (UTC):	18:20:21
Start date (UTC):	08/10/2024
Path:	/lib/systemd/systemd-user-runtime-dir
Arguments:	/lib/systemd/systemd-user-runtime-dir stop 127
File size:	22672 bytes
MD5 hash:	d55f4b0847f88131dbcfb07435178e54

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report 5FteLLQ1oY.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Packets

System Behavior

Analysis Process: 5FteLLQ1oY.elf PID: 5540, Parent PID: 5457

General

Chronological Activities

Analysis Process: 5FteLLQ1oY.elf PID: 5544, Parent PID: 5540

General

Chronological Activities

Analysis Process: 5FteLLQ1oY.elf PID: 5546, Parent PID: 5540

General

Chronological Activities

Analysis Process: gnome-session-binary PID: 5580, Parent PID: 1383

General

Chronological Activities

Analysis Process: sh PID: 5580, Parent PID: 1383

General

Chronological Activities

Analysis Process: gnome-shell PID: 5580, Parent PID: 1383

General

Chronological Activities

Analysis Process: gnome-session-binary PID: 5583, Parent PID: 1383

General

Chronological Activities

Linux Analysis Report
5FteLLQ1oY.elf