Edit tour

Linux Analysis Report
WiT9fhQAMr.elf

Overview

General Information

Sample name:	WiT9fhQAMr.elf renamed because original name is a hash value
Original sample name:	a6bd82aa4c66f9facb66c4c9260e3630.elf
Analysis ID:	1532247
MD5:	a6bd82aa4c66f9facb66c4c9260e3630
SHA1:	b8547aebf037105f6915ad362fc8cf0b57eedf89
SHA256:	0315df0d81d031364c86fec58531c58da99cb249fb0c0f34331e2498f9d24a73
Tags:	64elfmirai
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Sample deletes itself

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532247
Start date and time:	2024-10-12 22:48:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	WiT9fhQAMr.elf renamed because original name is a hash value
Original Sample Name:	a6bd82aa4c66f9facb66c4c9260e3630.elf
Detection:	MAL
Classification:	mal72.evad.linELF@0/0@46/0

Runtime Messages

Command:	/tmp/WiT9fhQAMr.elf
PID:	5486
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	listening to fbot
Standard Error:

Process Tree

system is lnxubuntu20

WiT9fhQAMr.elf (PID: 5486, Parent: 5411, MD5: a6bd82aa4c66f9facb66c4c9260e3630) Arguments: /tmp/WiT9fhQAMr.elf

WiT9fhQAMr.elf New Fork (PID: 5487, Parent: 5486)

WiT9fhQAMr.elf New Fork (PID: 5488, Parent: 5486)

WiT9fhQAMr.elf New Fork (PID: 5489, Parent: 5488)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
WiT9fhQAMr.elf	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x68ac:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
WiT9fhQAMr.elf	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x5ff6:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x605a:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x6125:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
WiT9fhQAMr.elf	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x6c8d:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
WiT9fhQAMr.elf	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x6f83:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
WiT9fhQAMr.elf	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x37e2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01

Memory Dumps

Source	Rule	Description	Author	Strings
5486.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x68ac:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5486.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x5ff6:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x605a:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x6125:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5486.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x6c8d:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5486.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x6f83:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5486.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x37e2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5489.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x68ac:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5489.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x5ff6:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x605a:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x6125:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5489.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x6c8d:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5489.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x6f83:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5489.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x37e2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5487.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x68ac:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5487.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x5ff6:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x605a:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x6125:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5487.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x6c8d:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5487.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x6f83:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5487.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x37e2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
Click to see the 10 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: WiT9fhQAMr.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: WiT9fhQAMr.elf	ReversingLabs: Detection: 57%
Source: WiT9fhQAMr.elf	Virustotal: Detection: 39%			Perma Link

Machine Learning detection for sample

Source: WiT9fhQAMr.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.14:36722 -> 93.123.85.140:31337

Source: /tmp/WiT9fhQAMr.elf (PID: 5486)

Socket: 127.0.0.1:21762

Jump to behavior

Source: global traffic

DNS traffic detected: DNS query: drumev.eu

System Summary

Malicious sample detected (through community Yara rule)

Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: WiT9fhQAMr.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5486.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5489.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5487.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16

Source: classification engine

Classification label: mal72.evad.linELF@0/0@46/0

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/WiT9fhQAMr.elf (PID: 5486)

File: /tmp/WiT9fhQAMr.elf

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
WiT9fhQAMr.elf	58%	ReversingLabs	Linux.Trojan.LnxMirai
WiT9fhQAMr.elf	39%	Virustotal		Browse
WiT9fhQAMr.elf	100%	Avira	EXP/ELF.Mirai.M
WiT9fhQAMr.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
drumev.eu	93.123.85.140	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
93.123.85.140	drumev.eu	Bulgaria		43561	NET1-ASBG	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
93.123.85.140	cVtkSwoYAC.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	5smI0bod9g.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	YEyJiVhE6B.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	mf3iQi8rW7.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	RyELGNtI56.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	QsD8ELgChf.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	7m1uCqHKh2.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	52ErF0zM1V.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	6HDv4ZDGd5.elf	Get hash	malicious	Unknown	Browse
	3CT22jEVgR.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NET1-ASBG	na.elf	Get hash	malicious	Gafgyt, Mirai	Browse	93.123.85.7
	na.elf	Get hash	malicious	Mirai	Browse	93.123.85.144
	na.elf	Get hash	malicious	Mirai	Browse	93.123.85.144
	na.elf	Get hash	malicious	Mirai	Browse	93.123.85.144
	N0xJhHp6pc.elf	Get hash	malicious	Mirai	Browse	93.123.85.144
	x0gGYx3yGe.elf	Get hash	malicious	Mirai	Browse	93.123.85.144
	OxsKbRJ60C.elf	Get hash	malicious	Mirai	Browse	93.123.85.144
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse	93.123.85.144
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	93.123.85.144
	boatnet.x86.elf	Get hash	malicious	Mirai	Browse	93.123.85.144

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.545593131021595
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	WiT9fhQAMr.elf
File size:	54'208 bytes
MD5:	a6bd82aa4c66f9facb66c4c9260e3630
SHA1:	b8547aebf037105f6915ad362fc8cf0b57eedf89
SHA256:	0315df0d81d031364c86fec58531c58da99cb249fb0c0f34331e2498f9d24a73
SHA512:	130be3f834606bd57a31e15428a2b4f99bbb6d97b5f542fac073f4a921120e1fc29506bb574baf056fed9d0738f6432f8a9104f89c891b6cab2dfb2ac4aa8136
SSDEEP:	1536:j/Yu5/+O8LDRIeCTwjvJbiIItHlQ7Ycws:zYu5/+tLD6eCsjvJbiIc2o
TLSH:	40330B07AA4180FDC9AEC23446BBB139D433783D1279769B6BD8FD22AE56D301F2D944
File Content Preview:	.ELF..............>.......@.....@.......@...........@.8...@.......................@.......@....................... .......................`.......`............../........ .....Q.td....................................................H...._........H........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	53568
Section Header Size:	64
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	1
.text	PROGBITS	0x400100	0x100	0xa1b2	0x0	0x6	AX	16
.fini	PROGBITS	0x40a2b2	0xa2b2	0xe	0x0	0x6	AX	1
.rodata	PROGBITS	0x40a2c0	0xa2c0	0x10c8	0x0	0x2	A	16
.ctors	PROGBITS	0x60cd08	0xcd08	0x10	0x0	0x3	WA	8
.dtors	PROGBITS	0x60cd18	0xcd18	0x10	0x0	0x3	WA	8
.data	PROGBITS	0x60cd30	0xcd30	0x3d0	0x0	0x3	WA	16
.bss	NOBITS	0x60d100	0xd100	0x2b88	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0xd100	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xb388	0xb388	6.1349	0x5	R E	0x200000	.init .text .fini .rodata
LOAD	0xcd08	0x60cd08	0x60cd08	0x3f8	0x2f80	2.3879	0x6	RW	0x200000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 12, 2024 22:49:01.508594036 CEST	36722	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:01.513844967 CEST	31337	36722	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:01.513989925 CEST	36722	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:01.514940977 CEST	36722	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:01.520070076 CEST	31337	36722	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:01.520333052 CEST	36722	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:01.525866032 CEST	31337	36722	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:03.175610065 CEST	31337	36722	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:03.176043987 CEST	36722	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:03.181431055 CEST	31337	36722	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:04.195311069 CEST	36724	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:04.200928926 CEST	31337	36724	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:04.201050997 CEST	36724	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:04.202296972 CEST	36724	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:04.208321095 CEST	31337	36724	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:04.208621025 CEST	36724	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:04.214227915 CEST	31337	36724	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:05.848963976 CEST	31337	36724	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:05.849574089 CEST	36724	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:05.855303049 CEST	31337	36724	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:06.866185904 CEST	36726	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:06.871155977 CEST	31337	36726	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:06.871293068 CEST	36726	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:06.872653961 CEST	36726	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:06.877914906 CEST	31337	36726	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:06.878258944 CEST	36726	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:06.883456945 CEST	31337	36726	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:08.522245884 CEST	31337	36726	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:08.522713900 CEST	36726	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:08.528211117 CEST	31337	36726	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:09.568577051 CEST	36728	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:09.573376894 CEST	31337	36728	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:09.573478937 CEST	36728	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:09.574546099 CEST	36728	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:09.579344034 CEST	31337	36728	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:09.579413891 CEST	36728	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:09.584497929 CEST	31337	36728	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:11.209692955 CEST	31337	36728	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:11.210374117 CEST	36728	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:11.215697050 CEST	31337	36728	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:12.225509882 CEST	36730	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:12.230998039 CEST	31337	36730	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:12.231338978 CEST	36730	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:12.233386993 CEST	36730	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:12.238759995 CEST	31337	36730	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:12.239216089 CEST	36730	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:12.244601965 CEST	31337	36730	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:13.860523939 CEST	31337	36730	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:13.861285925 CEST	36730	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:13.866756916 CEST	31337	36730	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:14.876900911 CEST	36732	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:14.882008076 CEST	31337	36732	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:14.882267952 CEST	36732	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:14.884674072 CEST	36732	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:14.889611006 CEST	31337	36732	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:14.889859915 CEST	36732	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:14.894824028 CEST	31337	36732	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:16.538311958 CEST	31337	36732	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:16.539241076 CEST	36732	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:16.544845104 CEST	31337	36732	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:17.553555965 CEST	36734	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:17.558744907 CEST	31337	36734	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:17.558959007 CEST	36734	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:17.560396910 CEST	36734	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:17.565788984 CEST	31337	36734	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:17.566014051 CEST	36734	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:17.571568012 CEST	31337	36734	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:19.190057993 CEST	31337	36734	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:19.190332890 CEST	36734	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:19.195143938 CEST	31337	36734	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:20.205241919 CEST	36736	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:20.210144043 CEST	31337	36736	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:20.210340977 CEST	36736	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:20.211749077 CEST	36736	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:20.216567039 CEST	31337	36736	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:20.216747999 CEST	36736	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:20.221610069 CEST	31337	36736	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:21.854485989 CEST	31337	36736	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:21.854789019 CEST	36736	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:21.860506058 CEST	31337	36736	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:22.871634007 CEST	36738	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:22.876836061 CEST	31337	36738	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:22.877147913 CEST	36738	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:22.878557920 CEST	36738	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:22.883505106 CEST	31337	36738	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:22.883578062 CEST	36738	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:22.888633966 CEST	31337	36738	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:24.501929045 CEST	31337	36738	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:24.502403021 CEST	36738	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:24.507433891 CEST	31337	36738	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:25.516787052 CEST	36740	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:25.744343042 CEST	31337	36740	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:25.744561911 CEST	36740	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:25.746323109 CEST	36740	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:25.751302004 CEST	31337	36740	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:25.751363039 CEST	36740	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:25.756949902 CEST	31337	36740	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:27.377988100 CEST	31337	36740	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:27.378482103 CEST	36740	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:27.383510113 CEST	31337	36740	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:28.389861107 CEST	36742	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:28.394855022 CEST	31337	36742	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:28.394927025 CEST	36742	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:28.396461964 CEST	36742	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:28.401243925 CEST	31337	36742	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:28.401462078 CEST	36742	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:28.406235933 CEST	31337	36742	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:30.112464905 CEST	31337	36742	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:30.112948895 CEST	36742	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:30.118946075 CEST	31337	36742	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:31.310055017 CEST	36744	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:31.315012932 CEST	31337	36744	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:31.315119982 CEST	36744	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:31.315927029 CEST	36744	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:31.320756912 CEST	31337	36744	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:31.320842028 CEST	36744	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:31.325692892 CEST	31337	36744	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:32.987740993 CEST	31337	36744	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:32.988374949 CEST	36744	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:32.993490934 CEST	31337	36744	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:34.002115011 CEST	36746	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:34.007230043 CEST	31337	36746	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:34.007492065 CEST	36746	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:34.009001017 CEST	36746	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:34.014250994 CEST	31337	36746	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:34.014559031 CEST	36746	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:34.020539045 CEST	31337	36746	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:35.642337084 CEST	31337	36746	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:35.642898083 CEST	36746	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:35.648005962 CEST	31337	36746	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:36.655705929 CEST	36748	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:36.661139965 CEST	31337	36748	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:36.661287069 CEST	36748	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:36.662992001 CEST	36748	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:36.668411016 CEST	31337	36748	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:36.668565035 CEST	36748	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:36.673949003 CEST	31337	36748	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:38.282618999 CEST	31337	36748	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:38.283124924 CEST	36748	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:38.288443089 CEST	31337	36748	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:39.297682047 CEST	36750	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:39.303142071 CEST	31337	36750	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:39.303407907 CEST	36750	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:39.305105925 CEST	36750	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:39.310192108 CEST	31337	36750	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:39.310547113 CEST	36750	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:39.316013098 CEST	31337	36750	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:40.923945904 CEST	31337	36750	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:40.924601078 CEST	36750	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:40.930035114 CEST	31337	36750	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:41.940084934 CEST	36752	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:41.945461988 CEST	31337	36752	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:41.945729971 CEST	36752	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:41.947225094 CEST	36752	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:41.952416897 CEST	31337	36752	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:41.952634096 CEST	36752	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:41.957956076 CEST	31337	36752	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:43.582707882 CEST	31337	36752	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:43.583276033 CEST	36752	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:43.588321924 CEST	31337	36752	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:44.597866058 CEST	36754	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:44.603024960 CEST	31337	36754	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:44.603123903 CEST	36754	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:44.605093002 CEST	36754	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:44.610605955 CEST	31337	36754	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:44.610891104 CEST	36754	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:44.616244078 CEST	31337	36754	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:46.236516953 CEST	31337	36754	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:46.237184048 CEST	36754	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:46.244540930 CEST	31337	36754	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:47.252263069 CEST	36756	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:47.257260084 CEST	31337	36756	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:47.257513046 CEST	36756	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:47.259712934 CEST	36756	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:47.265505075 CEST	31337	36756	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:47.265747070 CEST	36756	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:47.270688057 CEST	31337	36756	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:48.877289057 CEST	31337	36756	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:48.877696991 CEST	36756	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:48.882813931 CEST	31337	36756	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:49.891676903 CEST	36758	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:49.896889925 CEST	31337	36758	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:49.896946907 CEST	36758	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:49.898818016 CEST	36758	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:49.903903008 CEST	31337	36758	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:49.904007912 CEST	36758	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:49.909487963 CEST	31337	36758	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:51.695178986 CEST	31337	36758	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:51.695894003 CEST	36758	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:51.700942039 CEST	31337	36758	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:52.709238052 CEST	36760	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:52.714170933 CEST	31337	36760	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:52.714391947 CEST	36760	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:52.715796947 CEST	36760	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:52.720779896 CEST	31337	36760	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:52.721122026 CEST	36760	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:52.726016998 CEST	31337	36760	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:54.346357107 CEST	31337	36760	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:54.347105026 CEST	36760	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:54.352757931 CEST	31337	36760	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:55.364538908 CEST	36762	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:55.370058060 CEST	31337	36762	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:55.370491028 CEST	36762	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:55.373302937 CEST	36762	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:55.378591061 CEST	31337	36762	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:55.379138947 CEST	36762	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:55.384965897 CEST	31337	36762	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:57.839184046 CEST	31337	36762	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:57.839632988 CEST	31337	36762	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:57.839776039 CEST	36762	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:57.840023994 CEST	36762	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:57.840078115 CEST	31337	36762	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:57.840303898 CEST	36762	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:57.848588943 CEST	31337	36762	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:57.848675013 CEST	36762	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:57.854914904 CEST	31337	36762	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:58.855926991 CEST	36764	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:58.864092112 CEST	31337	36764	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:58.864165068 CEST	36764	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:58.866247892 CEST	36764	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:58.871289015 CEST	31337	36764	93.123.85.140	192.168.2.14
Oct 12, 2024 22:49:58.871350050 CEST	36764	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:49:58.876260042 CEST	31337	36764	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:00.504599094 CEST	31337	36764	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:00.504971027 CEST	36764	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:00.510464907 CEST	31337	36764	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:01.521092892 CEST	36766	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:01.526886940 CEST	31337	36766	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:01.527004004 CEST	36766	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:01.529340029 CEST	36766	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:01.534382105 CEST	31337	36766	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:01.534554005 CEST	36766	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:01.539609909 CEST	31337	36766	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:03.161663055 CEST	31337	36766	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:03.162026882 CEST	36766	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:03.167265892 CEST	31337	36766	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:04.175542116 CEST	36768	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:04.180851936 CEST	31337	36768	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:04.181096077 CEST	36768	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:04.182327032 CEST	36768	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:04.187402964 CEST	31337	36768	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:04.187480927 CEST	36768	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:04.192739964 CEST	31337	36768	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:05.817549944 CEST	31337	36768	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:05.818049908 CEST	36768	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:05.824204922 CEST	31337	36768	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:06.833256960 CEST	36770	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:06.838399887 CEST	31337	36770	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:06.838682890 CEST	36770	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:06.840126991 CEST	36770	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:06.845165014 CEST	31337	36770	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:06.845349073 CEST	36770	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:06.851187944 CEST	31337	36770	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:08.471451044 CEST	31337	36770	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:08.471942902 CEST	36770	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:08.477323055 CEST	31337	36770	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:10.119891882 CEST	36772	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:10.129323959 CEST	31337	36772	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:10.129426003 CEST	36772	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:10.130580902 CEST	36772	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:10.135360003 CEST	31337	36772	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:10.135433912 CEST	36772	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:10.140786886 CEST	31337	36772	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:11.752446890 CEST	31337	36772	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:11.753220081 CEST	36772	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:11.758604050 CEST	31337	36772	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:13.531127930 CEST	36774	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:13.542896986 CEST	31337	36774	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:13.542967081 CEST	36774	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:13.544677973 CEST	36774	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:13.549612045 CEST	31337	36774	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:13.549673080 CEST	36774	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:13.555039883 CEST	31337	36774	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:15.175694942 CEST	31337	36774	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:15.176048994 CEST	36774	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:15.181045055 CEST	31337	36774	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:16.187011003 CEST	36776	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:16.191849947 CEST	31337	36776	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:16.191951036 CEST	36776	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:16.192955017 CEST	36776	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:16.197890997 CEST	31337	36776	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:16.197962046 CEST	36776	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:16.203012943 CEST	31337	36776	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:17.836244106 CEST	31337	36776	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:17.836620092 CEST	36776	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:17.842118025 CEST	31337	36776	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:18.853120089 CEST	36778	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:18.864383936 CEST	31337	36778	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:18.864476919 CEST	36778	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:18.866091967 CEST	36778	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:18.875849962 CEST	31337	36778	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:18.875925064 CEST	36778	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:18.881252050 CEST	31337	36778	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:20.504945993 CEST	31337	36778	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:20.505454063 CEST	36778	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:20.510524035 CEST	31337	36778	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:21.631827116 CEST	36780	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:21.637541056 CEST	31337	36780	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:21.637897015 CEST	36780	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:21.639885902 CEST	36780	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:21.645260096 CEST	31337	36780	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:21.645477057 CEST	36780	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:21.650935888 CEST	31337	36780	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:23.269565105 CEST	31337	36780	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:23.270283937 CEST	36780	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:23.275492907 CEST	31337	36780	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:24.285083055 CEST	36782	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:24.290455103 CEST	31337	36782	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:24.290750980 CEST	36782	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:24.291825056 CEST	36782	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:24.296933889 CEST	31337	36782	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:24.297002077 CEST	36782	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:24.302270889 CEST	31337	36782	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:25.924719095 CEST	31337	36782	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:25.925246954 CEST	36782	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:25.930587053 CEST	31337	36782	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:26.938702106 CEST	36784	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:26.944219112 CEST	31337	36784	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:26.944650888 CEST	36784	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:26.945967913 CEST	36784	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:26.951282024 CEST	31337	36784	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:26.951378107 CEST	36784	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:26.956505060 CEST	31337	36784	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:28.565236092 CEST	31337	36784	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:28.565525055 CEST	36784	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:28.570554018 CEST	31337	36784	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:29.578785896 CEST	36786	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:29.584280968 CEST	31337	36786	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:29.584374905 CEST	36786	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:29.585809946 CEST	36786	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:29.590857983 CEST	31337	36786	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:29.590919971 CEST	36786	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:29.597858906 CEST	31337	36786	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:31.221725941 CEST	31337	36786	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:31.221999884 CEST	36786	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:31.227363110 CEST	31337	36786	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:32.235088110 CEST	36788	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:32.240547895 CEST	31337	36788	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:32.240755081 CEST	36788	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:32.242259026 CEST	36788	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:32.247519970 CEST	31337	36788	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:32.247756958 CEST	36788	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:32.253196955 CEST	31337	36788	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:33.880714893 CEST	31337	36788	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:33.881406069 CEST	36788	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:33.887593985 CEST	31337	36788	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:34.894742966 CEST	36790	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:34.900196075 CEST	31337	36790	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:34.900449038 CEST	36790	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:34.902090073 CEST	36790	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:34.906934977 CEST	31337	36790	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:34.907075882 CEST	36790	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:34.911938906 CEST	31337	36790	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:36.538924932 CEST	31337	36790	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:36.539526939 CEST	36790	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:36.544863939 CEST	31337	36790	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:37.553606033 CEST	36792	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:37.560077906 CEST	31337	36792	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:37.560151100 CEST	36792	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:37.561496019 CEST	36792	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:37.566370010 CEST	31337	36792	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:37.566433907 CEST	36792	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:37.571528912 CEST	31337	36792	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:39.238703012 CEST	31337	36792	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:39.239202023 CEST	36792	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:39.244441986 CEST	31337	36792	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:40.257188082 CEST	36794	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:40.262680054 CEST	31337	36794	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:40.263103008 CEST	36794	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:40.264874935 CEST	36794	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:40.270416021 CEST	31337	36794	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:40.270775080 CEST	36794	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:40.275985956 CEST	31337	36794	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:41.922209024 CEST	31337	36794	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:41.922698975 CEST	36794	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:41.928556919 CEST	31337	36794	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:42.937453032 CEST	36796	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:42.943002939 CEST	31337	36796	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:42.943372965 CEST	36796	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:42.945101023 CEST	36796	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:42.950177908 CEST	31337	36796	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:42.950402975 CEST	36796	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:42.955815077 CEST	31337	36796	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:44.566096067 CEST	31337	36796	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:44.566565037 CEST	36796	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:44.572947025 CEST	31337	36796	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:45.580718994 CEST	36798	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:45.585741997 CEST	31337	36798	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:45.586030006 CEST	36798	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:45.588438034 CEST	36798	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:45.593306065 CEST	31337	36798	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:45.593534946 CEST	36798	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:45.598474026 CEST	31337	36798	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:47.205549955 CEST	31337	36798	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:47.206147909 CEST	36798	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:47.211437941 CEST	31337	36798	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:48.220247030 CEST	36800	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:48.225152016 CEST	31337	36800	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:48.225269079 CEST	36800	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:48.227143049 CEST	36800	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:48.231971979 CEST	31337	36800	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:48.232100010 CEST	36800	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:48.236984015 CEST	31337	36800	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:49.864376068 CEST	31337	36800	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:49.865178108 CEST	36800	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:49.877949953 CEST	31337	36800	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:50.883028984 CEST	36802	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:50.888714075 CEST	31337	36802	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:50.889007092 CEST	36802	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:50.891053915 CEST	36802	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:50.896389961 CEST	31337	36802	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:50.896640062 CEST	36802	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:50.902302027 CEST	31337	36802	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:52.519126892 CEST	31337	36802	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:52.519820929 CEST	36802	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:52.525357008 CEST	31337	36802	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:53.535306931 CEST	36804	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:53.540857077 CEST	31337	36804	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:53.541091919 CEST	36804	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:53.542623997 CEST	36804	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:53.548188925 CEST	31337	36804	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:53.548530102 CEST	36804	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:53.554094076 CEST	31337	36804	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:55.225754976 CEST	31337	36804	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:55.225944042 CEST	36804	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:55.230756998 CEST	31337	36804	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:56.236886024 CEST	36806	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:56.241754055 CEST	31337	36806	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:56.241842031 CEST	36806	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:56.242702961 CEST	36806	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:56.247555971 CEST	31337	36806	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:56.247628927 CEST	36806	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:56.252501965 CEST	31337	36806	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:57.862699032 CEST	31337	36806	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:57.862942934 CEST	36806	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:57.867810965 CEST	31337	36806	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:58.874445915 CEST	36808	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:58.879703045 CEST	31337	36808	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:58.879864931 CEST	36808	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:58.880980015 CEST	36808	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:58.886123896 CEST	31337	36808	93.123.85.140	192.168.2.14
Oct 12, 2024 22:50:58.886269093 CEST	36808	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:50:58.891650915 CEST	31337	36808	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:00.503478050 CEST	31337	36808	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:00.503678083 CEST	36808	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:00.509181023 CEST	31337	36808	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:01.518090010 CEST	36810	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:01.523199081 CEST	31337	36810	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:01.523350954 CEST	36810	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:01.524703979 CEST	36810	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:01.529902935 CEST	31337	36810	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:01.530085087 CEST	36810	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:01.535315990 CEST	31337	36810	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:03.161659956 CEST	31337	36810	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:03.161899090 CEST	36810	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:03.167305946 CEST	31337	36810	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:04.173530102 CEST	36812	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:04.178446054 CEST	31337	36812	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:04.178529024 CEST	36812	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:04.179748058 CEST	36812	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:04.184848070 CEST	31337	36812	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:04.184958935 CEST	36812	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:04.190165043 CEST	31337	36812	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:05.804176092 CEST	31337	36812	93.123.85.140	192.168.2.14
Oct 12, 2024 22:51:05.804600000 CEST	36812	31337	192.168.2.14	93.123.85.140
Oct 12, 2024 22:51:05.809750080 CEST	31337	36812	93.123.85.140	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 12, 2024 22:49:01.493798971 CEST	47604	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:01.508229017 CEST	53	47604	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:04.181977987 CEST	38721	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:04.193500996 CEST	53	38721	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:06.853869915 CEST	43933	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:06.864970922 CEST	53	43933	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:09.529042959 CEST	59701	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:09.567796946 CEST	53	59701	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:12.215903044 CEST	36767	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:12.223472118 CEST	53	36767	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:14.866298914 CEST	40869	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:14.874804974 CEST	53	40869	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:17.544490099 CEST	52647	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:17.552062988 CEST	53	52647	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:20.193612099 CEST	47729	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:20.203829050 CEST	53	47729	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:22.858659029 CEST	56281	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:22.870280027 CEST	53	56281	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:25.507134914 CEST	48276	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:25.514997959 CEST	53	48276	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:28.382015944 CEST	60440	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:28.388782978 CEST	53	60440	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:31.115767002 CEST	47110	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:31.309113026 CEST	53	47110	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:33.993515968 CEST	48646	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:34.000741959 CEST	53	48646	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:36.646553993 CEST	49117	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:36.654503107 CEST	53	49117	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:39.288552046 CEST	50168	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:39.296159029 CEST	53	50168	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:41.930053949 CEST	35428	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:41.938786030 CEST	53	35428	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:44.588808060 CEST	43323	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:44.596270084 CEST	53	43323	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:47.242717028 CEST	45982	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:47.250494003 CEST	53	45982	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:49.882700920 CEST	33232	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:49.890322924 CEST	53	33232	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:52.700681925 CEST	46573	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:52.707534075 CEST	53	46573	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:55.353980064 CEST	59018	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:55.361728907 CEST	53	59018	8.8.8.8	192.168.2.14
Oct 12, 2024 22:49:58.846187115 CEST	52823	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:49:58.853954077 CEST	53	52823	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:01.511183977 CEST	60448	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:01.519375086 CEST	53	60448	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:04.166373014 CEST	39904	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:04.173985004 CEST	53	39904	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:06.823551893 CEST	60561	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:06.831572056 CEST	53	60561	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:09.476716995 CEST	53162	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:10.118598938 CEST	53	53162	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:12.757141113 CEST	56053	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:13.529529095 CEST	53	56053	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:16.179338932 CEST	56428	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:16.186372042 CEST	53	56428	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:18.840068102 CEST	55240	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:18.852381945 CEST	53	55240	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:21.510623932 CEST	43351	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:21.629584074 CEST	53	43351	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:24.276349068 CEST	55745	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:24.284256935 CEST	53	55745	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:26.929759979 CEST	44913	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:26.936795950 CEST	53	44913	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:29.569571018 CEST	59460	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:29.577397108 CEST	53	59460	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:32.225961924 CEST	35832	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:32.233638048 CEST	53	35832	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:34.886286020 CEST	54221	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:34.893390894 CEST	53	54221	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:37.545196056 CEST	48186	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:37.552651882 CEST	53	48186	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:40.244091988 CEST	54501	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:40.254508972 CEST	53	54501	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:42.927617073 CEST	33833	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:42.935642004 CEST	53	33833	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:45.570962906 CEST	54208	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:45.578502893 CEST	53	54208	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:48.212424994 CEST	55339	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:48.218878031 CEST	53	55339	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:50.873311996 CEST	57131	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:50.881084919 CEST	53	57131	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:53.526068926 CEST	60091	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:53.533768892 CEST	53	60091	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:56.228988886 CEST	33722	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:56.236330986 CEST	53	33722	8.8.8.8	192.168.2.14
Oct 12, 2024 22:50:58.866013050 CEST	51017	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:50:58.873589039 CEST	53	51017	8.8.8.8	192.168.2.14
Oct 12, 2024 22:51:01.509308100 CEST	50954	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:51:01.516704082 CEST	53	50954	8.8.8.8	192.168.2.14
Oct 12, 2024 22:51:04.165205002 CEST	39761	53	192.168.2.14	8.8.8.8
Oct 12, 2024 22:51:04.172770023 CEST	53	39761	8.8.8.8	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 12, 2024 22:49:01.493798971 CEST	192.168.2.14	8.8.8.8	0x3040	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:04.181977987 CEST	192.168.2.14	8.8.8.8	0x1196	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:06.853869915 CEST	192.168.2.14	8.8.8.8	0x3fc1	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:09.529042959 CEST	192.168.2.14	8.8.8.8	0x49d6	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:12.215903044 CEST	192.168.2.14	8.8.8.8	0x7885	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:14.866298914 CEST	192.168.2.14	8.8.8.8	0x3638	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:17.544490099 CEST	192.168.2.14	8.8.8.8	0x4553	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:20.193612099 CEST	192.168.2.14	8.8.8.8	0xfd91	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:22.858659029 CEST	192.168.2.14	8.8.8.8	0xa618	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:25.507134914 CEST	192.168.2.14	8.8.8.8	0x4716	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:28.382015944 CEST	192.168.2.14	8.8.8.8	0xb974	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:31.115767002 CEST	192.168.2.14	8.8.8.8	0xc2d	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:33.993515968 CEST	192.168.2.14	8.8.8.8	0x3e75	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:36.646553993 CEST	192.168.2.14	8.8.8.8	0x6c52	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:39.288552046 CEST	192.168.2.14	8.8.8.8	0x1571	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:41.930053949 CEST	192.168.2.14	8.8.8.8	0x8eda	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:44.588808060 CEST	192.168.2.14	8.8.8.8	0x4579	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:47.242717028 CEST	192.168.2.14	8.8.8.8	0xe615	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:49.882700920 CEST	192.168.2.14	8.8.8.8	0x4ab8	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:52.700681925 CEST	192.168.2.14	8.8.8.8	0x88f	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:55.353980064 CEST	192.168.2.14	8.8.8.8	0x6bd2	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:58.846187115 CEST	192.168.2.14	8.8.8.8	0xf97c	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:01.511183977 CEST	192.168.2.14	8.8.8.8	0x192	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:04.166373014 CEST	192.168.2.14	8.8.8.8	0x2edb	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:06.823551893 CEST	192.168.2.14	8.8.8.8	0xd2b1	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:09.476716995 CEST	192.168.2.14	8.8.8.8	0x1714	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:12.757141113 CEST	192.168.2.14	8.8.8.8	0x89f2	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:16.179338932 CEST	192.168.2.14	8.8.8.8	0x7a3b	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:18.840068102 CEST	192.168.2.14	8.8.8.8	0x844b	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:21.510623932 CEST	192.168.2.14	8.8.8.8	0x9099	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:24.276349068 CEST	192.168.2.14	8.8.8.8	0x2bfa	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:26.929759979 CEST	192.168.2.14	8.8.8.8	0x986	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:29.569571018 CEST	192.168.2.14	8.8.8.8	0x62a	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:32.225961924 CEST	192.168.2.14	8.8.8.8	0xbc02	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:34.886286020 CEST	192.168.2.14	8.8.8.8	0xbbca	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:37.545196056 CEST	192.168.2.14	8.8.8.8	0xba52	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:40.244091988 CEST	192.168.2.14	8.8.8.8	0x8c68	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:42.927617073 CEST	192.168.2.14	8.8.8.8	0xbf66	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:45.570962906 CEST	192.168.2.14	8.8.8.8	0x60c9	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:48.212424994 CEST	192.168.2.14	8.8.8.8	0x8782	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:50.873311996 CEST	192.168.2.14	8.8.8.8	0x971a	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:53.526068926 CEST	192.168.2.14	8.8.8.8	0x78c6	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:56.228988886 CEST	192.168.2.14	8.8.8.8	0x34	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:58.866013050 CEST	192.168.2.14	8.8.8.8	0x6811	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:51:01.509308100 CEST	192.168.2.14	8.8.8.8	0x8a83	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:51:04.165205002 CEST	192.168.2.14	8.8.8.8	0x287e	Standard query (0)	drumev.eu	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 12, 2024 22:49:01.508229017 CEST	8.8.8.8	192.168.2.14	0x3040	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:04.193500996 CEST	8.8.8.8	192.168.2.14	0x1196	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:06.864970922 CEST	8.8.8.8	192.168.2.14	0x3fc1	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:09.567796946 CEST	8.8.8.8	192.168.2.14	0x49d6	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:12.223472118 CEST	8.8.8.8	192.168.2.14	0x7885	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:14.874804974 CEST	8.8.8.8	192.168.2.14	0x3638	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:17.552062988 CEST	8.8.8.8	192.168.2.14	0x4553	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:20.203829050 CEST	8.8.8.8	192.168.2.14	0xfd91	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:22.870280027 CEST	8.8.8.8	192.168.2.14	0xa618	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:25.514997959 CEST	8.8.8.8	192.168.2.14	0x4716	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:28.388782978 CEST	8.8.8.8	192.168.2.14	0xb974	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:31.309113026 CEST	8.8.8.8	192.168.2.14	0xc2d	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:34.000741959 CEST	8.8.8.8	192.168.2.14	0x3e75	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:36.654503107 CEST	8.8.8.8	192.168.2.14	0x6c52	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:39.296159029 CEST	8.8.8.8	192.168.2.14	0x1571	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:41.938786030 CEST	8.8.8.8	192.168.2.14	0x8eda	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:44.596270084 CEST	8.8.8.8	192.168.2.14	0x4579	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:47.250494003 CEST	8.8.8.8	192.168.2.14	0xe615	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:49.890322924 CEST	8.8.8.8	192.168.2.14	0x4ab8	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:52.707534075 CEST	8.8.8.8	192.168.2.14	0x88f	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:55.361728907 CEST	8.8.8.8	192.168.2.14	0x6bd2	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:49:58.853954077 CEST	8.8.8.8	192.168.2.14	0xf97c	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:01.519375086 CEST	8.8.8.8	192.168.2.14	0x192	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:04.173985004 CEST	8.8.8.8	192.168.2.14	0x2edb	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:06.831572056 CEST	8.8.8.8	192.168.2.14	0xd2b1	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:10.118598938 CEST	8.8.8.8	192.168.2.14	0x1714	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:13.529529095 CEST	8.8.8.8	192.168.2.14	0x89f2	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:16.186372042 CEST	8.8.8.8	192.168.2.14	0x7a3b	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:18.852381945 CEST	8.8.8.8	192.168.2.14	0x844b	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:21.629584074 CEST	8.8.8.8	192.168.2.14	0x9099	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:24.284256935 CEST	8.8.8.8	192.168.2.14	0x2bfa	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:26.936795950 CEST	8.8.8.8	192.168.2.14	0x986	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:29.577397108 CEST	8.8.8.8	192.168.2.14	0x62a	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:32.233638048 CEST	8.8.8.8	192.168.2.14	0xbc02	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:34.893390894 CEST	8.8.8.8	192.168.2.14	0xbbca	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:37.552651882 CEST	8.8.8.8	192.168.2.14	0xba52	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:40.254508972 CEST	8.8.8.8	192.168.2.14	0x8c68	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:42.935642004 CEST	8.8.8.8	192.168.2.14	0xbf66	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:45.578502893 CEST	8.8.8.8	192.168.2.14	0x60c9	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:48.218878031 CEST	8.8.8.8	192.168.2.14	0x8782	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:50.881084919 CEST	8.8.8.8	192.168.2.14	0x971a	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:53.533768892 CEST	8.8.8.8	192.168.2.14	0x78c6	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:56.236330986 CEST	8.8.8.8	192.168.2.14	0x34	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:50:58.873589039 CEST	8.8.8.8	192.168.2.14	0x6811	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:51:01.516704082 CEST	8.8.8.8	192.168.2.14	0x8a83	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false
Oct 12, 2024 22:51:04.172770023 CEST	8.8.8.8	192.168.2.14	0x287e	No error (0)	drumev.eu	93.123.85.140	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: WiT9fhQAMr.elf PID: 5486, Parent PID: 5411

General

Start time (UTC):	20:49:00
Start date (UTC):	12/10/2024
Path:	/tmp/WiT9fhQAMr.elf
Arguments:	/tmp/WiT9fhQAMr.elf
File size:	54208 bytes
MD5 hash:	a6bd82aa4c66f9facb66c4c9260e3630

Chronological Activities

Analysis Process: WiT9fhQAMr.elf PID: 5487, Parent PID: 5486

General

Start time (UTC):	20:49:00
Start date (UTC):	12/10/2024
Path:	/tmp/WiT9fhQAMr.elf
Arguments:	-
File size:	54208 bytes
MD5 hash:	a6bd82aa4c66f9facb66c4c9260e3630

Chronological Activities

Analysis Process: WiT9fhQAMr.elf PID: 5488, Parent PID: 5486

General

Start time (UTC):	20:49:00
Start date (UTC):	12/10/2024
Path:	/tmp/WiT9fhQAMr.elf
Arguments:	-
File size:	54208 bytes
MD5 hash:	a6bd82aa4c66f9facb66c4c9260e3630

Chronological Activities

Analysis Process: WiT9fhQAMr.elf PID: 5489, Parent PID: 5488

General

Start time (UTC):	20:49:00
Start date (UTC):	12/10/2024
Path:	/tmp/WiT9fhQAMr.elf
Arguments:	-
File size:	54208 bytes
MD5 hash:	a6bd82aa4c66f9facb66c4c9260e3630

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report WiT9fhQAMr.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: WiT9fhQAMr.elf PID: 5486, Parent PID: 5411

General

Chronological Activities

Analysis Process: WiT9fhQAMr.elf PID: 5487, Parent PID: 5486

General

Chronological Activities

Analysis Process: WiT9fhQAMr.elf PID: 5488, Parent PID: 5486

General

Chronological Activities

Analysis Process: WiT9fhQAMr.elf PID: 5489, Parent PID: 5488

General

Chronological Activities

Linux Analysis Report
WiT9fhQAMr.elf