Edit tour

Linux Analysis Report
vqkjf64.elf

Overview

General Information

Sample name:	vqkjf64.elf
Analysis ID:	1541233
MD5:	c82fae90d5afa7faa234118494709c0f
SHA1:	e0fe4479e4c72e31bfccb0e1fa87b9b3eddeeaf4
SHA256:	f7f2d8c4291f14dbc5332b69ad19b4e7972a96d9a17b9b1d5aa909eec486e324
Tags:	user-elfdigest
Infos:

Detection

Gafgyt, Mirai, Okiru

Score:	96
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Gafgyt

Yara detected Mirai

Yara detected Okiru

Machine Learning detection for sample

Sample deletes itself

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Found strings indicative of a multi-platform dropper

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541233
Start date and time:	2024-10-24 15:42:03 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	vqkjf64.elf
Detection:	MAL
Classification:	mal96.troj.evad.linELF@0/0@66/0

Runtime Messages

Command:	/tmp/vqkjf64.elf
PID:	5434
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	about to cum inside a femboy btw
Standard Error:

Process Tree

system is lnxubuntu20

vqkjf64.elf (PID: 5434, Parent: 5358, MD5: c82fae90d5afa7faa234118494709c0f) Arguments: /tmp/vqkjf64.elf

vqkjf64.elf New Fork (PID: 5435, Parent: 5434)

vqkjf64.elf New Fork (PID: 5436, Parent: 5435)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
vqkjf64.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
vqkjf64.elf	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
vqkjf64.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
vqkjf64.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x18a98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18aac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18ac0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18ad4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18ae8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18afc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18bb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18bc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18bd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18bec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18c00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18c14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18c28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
vqkjf64.elf	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xf148:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
vqkjf64.elf	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xf9bf:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
vqkjf64.elf	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0xc606:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x118d0:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
vqkjf64.elf	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x126fe:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
vqkjf64.elf	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x17992:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
vqkjf64.elf	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xf57f:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
vqkjf64.elf	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x15a72:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
vqkjf64.elf	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xf84a:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
vqkjf64.elf	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x15c6b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
vqkjf64.elf	Linux_Trojan_Mirai_520deeb8	unknown	unknown	0x38a:$a: ED 48 89 44 24 30 44 89 6C 24 10 7E 47 48 89 C1 44 89 E8 44
vqkjf64.elf	Linux_Trojan_Mirai_01e4a728	unknown	unknown	0x48d:$a: 44 24 23 48 8B 6C 24 28 83 F9 01 4A 8D 14 20 0F B6 02 88 45 08
vqkjf64.elf	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0x5ff2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
Click to see the 11 entries

Memory Dumps

Source	Rule	Description	Author	Strings
5434.1.0000000000400000.000000000041c000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
5434.1.0000000000400000.000000000041c000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
5434.1.0000000000400000.000000000041c000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x18a98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18aac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18ac0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18ad4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18ae8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18afc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18bb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18bc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18bd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18bec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18c00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18c14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18c28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xf148:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xf9bf:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0xc606:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x118d0:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x126fe:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x17992:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xf57f:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x15a72:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xf84a:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x15c6b:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Mirai_520deeb8	unknown	unknown	0x38a:$a: ED 48 89 44 24 30 44 89 6C 24 10 7E 47 48 89 C1 44 89 E8 44
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Mirai_01e4a728	unknown	unknown	0x48d:$a: 44 24 23 48 8B 6C 24 28 83 F9 01 4A 8D 14 20 0F B6 02 88 45 08
5434.1.0000000000400000.000000000041c000.r-x.sdmp	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0x5ff2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
Process Memory Space: vqkjf64.elf PID: 5434	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: vqkjf64.elf PID: 5434	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: vqkjf64.elf PID: 5434	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1a74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ab0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ac4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ad8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1aec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ba0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 14 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: vqkjf64.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: vqkjf64.elf

ReversingLabs: Detection: 47%

Machine Learning detection for sample

Source: vqkjf64.elf

Joe Sandbox ML: detected

Source: vqkjf64.elf

String: A/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverraw.eye-network.ruabcdefghijklmnopqrstuvwxyz/proc/%d/proc/self/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/sbin/poweroff/usr/bin/poweroff/usr/sbin/halt/usr/bin/halt

Source: global traffic

TCP traffic: 192.168.2.13:36322 -> 213.232.235.18:33966

Source: global traffic

DNS traffic detected: DNS query: raw.eye-network.ru

System Summary

Malicious sample detected (through community Yara rule)

Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: Process Memory Space: vqkjf64.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: A/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverraw.eye-network.ruabcdefghijklmnopqrstuvwxyz/proc/%d/proc/self/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/sbin/poweroff/usr/bin/poweroff/usr/sbin/halt/usr/bin/halt

Source: ELF static info symbol of initial sample

.symtab present: no

Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: vqkjf64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: Process Memory Space: vqkjf64.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal96.troj.evad.linELF@0/0@66/0

Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/5382/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/230/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/232/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/234/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/236/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/237/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/238/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/239/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/914/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/3634/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/5278/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/19/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/240/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/3095/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/241/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/242/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/244/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/245/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/246/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/247/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/248/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/249/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/129/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/1906/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/802/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/20/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/21/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/23/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/24/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/25/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/26/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/27/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/28/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/29/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/3420/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/1482/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/490/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/1480/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/250/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/371/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/130/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/251/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/131/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/252/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/132/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/253/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/254/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/1238/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/134/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/255/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/256/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/257/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/378/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/3413/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/258/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/259/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/1475/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/vqkjf64.elf (PID: 5436)	File opened: /proc/30/cmdline	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/vqkjf64.elf (PID: 5435)

File: /tmp/vqkjf64.elf

Jump to behavior

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match	File source: vqkjf64.elf, type: SAMPLE
Source: Yara match	File source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY

Yara detected Mirai

Source: Yara match	File source: vqkjf64.elf, type: SAMPLE
Source: Yara match	File source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vqkjf64.elf PID: 5434, type: MEMORYSTR

Yara detected Okiru

Source: Yara match	File source: vqkjf64.elf, type: SAMPLE
Source: Yara match	File source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vqkjf64.elf PID: 5434, type: MEMORYSTR

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match	File source: vqkjf64.elf, type: SAMPLE
Source: Yara match	File source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY

Yara detected Mirai

Source: Yara match	File source: vqkjf64.elf, type: SAMPLE
Source: Yara match	File source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vqkjf64.elf PID: 5434, type: MEMORYSTR

Yara detected Okiru

Source: Yara match	File source: vqkjf64.elf, type: SAMPLE
Source: Yara match	File source: 5434.1.0000000000400000.000000000041c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vqkjf64.elf PID: 5434, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 File Deletion	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
vqkjf64.elf	47%	ReversingLabs	Linux.Backdoor.Mirai
vqkjf64.elf	100%	Avira	EXP/ELF.Mirai.Z.A
vqkjf64.elf	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
raw.eye-network.ru	213.232.235.18	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
213.232.235.18	raw.eye-network.ru	Russian Federation		39824	ALMANET-ASKZ	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
213.232.235.18	vwkjebwi686.elf	Get hash	malicious	Mirai, Okiru	Browse
	dvwkja7.elf	Get hash	malicious	Mirai, Okiru	Browse
	wheiuwa4.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	qkbfi86.elf	Get hash	malicious	Mirai, Okiru	Browse
	vsbeps.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	qkbfi86.elf	Get hash	malicious	Mirai	Browse
	vsbeps.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
raw.eye-network.ru	vsbeps.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	213.232.235.18
	vsbeps.elf	Get hash	malicious	Mirai	Browse	213.232.235.18
	mhmdm9Hb6i.elf	Get hash	malicious	Mirai	Browse	213.130.144.69

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ALMANET-ASKZ	vwkjebwi686.elf	Get hash	malicious	Mirai, Okiru	Browse	213.232.235.18
	dvwkja7.elf	Get hash	malicious	Mirai, Okiru	Browse	213.232.235.18
	wheiuwa4.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	213.232.235.18
	qkbfi86.elf	Get hash	malicious	Mirai, Okiru	Browse	213.232.235.18
	vsbeps.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	213.232.235.18
	qkbfi86.elf	Get hash	malicious	Mirai	Browse	213.232.235.18
	vsbeps.elf	Get hash	malicious	Mirai	Browse	213.232.235.18
	192.142.103.80-x86-2024-08-09T11_47_41.elf	Get hash	malicious	Unknown	Browse	185.102.119.37
	WE4VRokml7.elf	Get hash	malicious	Mirai, Moobot	Browse	185.100.226.244

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.285790896410619
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	vqkjf64.elf
File size:	151'096 bytes
MD5:	c82fae90d5afa7faa234118494709c0f
SHA1:	e0fe4479e4c72e31bfccb0e1fa87b9b3eddeeaf4
SHA256:	f7f2d8c4291f14dbc5332b69ad19b4e7972a96d9a17b9b1d5aa909eec486e324
SHA512:	919a7573a00723b3bb6d79e888663bf3b61e26c2f76e06954867ecb52bd2a5fcbdd257147f4774be66ab1f5c8b95f032d26843f8a07c4f4e668575ccf8c8373d
SSDEEP:	3072:Py0EBBhEjt9M9WZBR2bvmYdGCNCyCFO+A/OMyP9h3/bV/Hp:Py0EBBhEjt9M9WPmX2Mg/R/Hp
TLSH:	F0E33A07B5C188FDC4DAC1B44BAEB53AED31F89D1138B26B27D4AE261E4DE305E1DA04
File Content Preview:	.ELF..............>.......@.....@........K..........@.8...@.......................@.......@...............................................Q.......Q.............................Q.td....................................................H...._........H........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	150456
Section Header Size:	64
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	1
.text	PROGBITS	0x400100	0x100	0x18206	0x0	0x6	AX	16
.fini	PROGBITS	0x418306	0x18306	0xe	0x0	0x6	AX	1
.rodata	PROGBITS	0x418320	0x18320	0x39a0	0x0	0x2	A	32
.ctors	PROGBITS	0x51bcc8	0x1bcc8	0x18	0x0	0x3	WA	8
.dtors	PROGBITS	0x51bce0	0x1bce0	0x10	0x0	0x3	WA	8
.data	PROGBITS	0x51bd00	0x1bd00	0x8e78	0x0	0x3	WA	32
.bss	NOBITS	0x524b80	0x24b78	0x7260	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x24b78	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1bcc0	0x1bcc0	6.3543	0x5	R E	0x100000	.init .text .fini .rodata
LOAD	0x1bcc8	0x51bcc8	0x51bcc8	0x8eb0	0x10118	0.2561	0x6	RW	0x100000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 15:42:52.258344889 CEST	36322	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:52.263849974 CEST	33966	36322	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:52.263905048 CEST	36322	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:52.264764071 CEST	36322	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:52.270077944 CEST	33966	36322	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:52.270119905 CEST	36322	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:52.275509119 CEST	33966	36322	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:53.159514904 CEST	33966	36322	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:53.159589052 CEST	36322	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:53.159589052 CEST	36322	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:53.185859919 CEST	36324	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:53.191190004 CEST	33966	36324	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:53.191246986 CEST	36324	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:53.195002079 CEST	36324	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:53.200294018 CEST	33966	36324	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:53.200354099 CEST	36324	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:53.205888033 CEST	33966	36324	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:54.093585968 CEST	33966	36324	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:54.093641996 CEST	36324	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:54.093673944 CEST	36324	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:54.117412090 CEST	36326	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:54.122838974 CEST	33966	36326	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:54.122884989 CEST	36326	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:54.124897003 CEST	36326	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:54.130342007 CEST	33966	36326	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:54.130383968 CEST	36326	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:54.135672092 CEST	33966	36326	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:55.018275023 CEST	33966	36326	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:55.018393040 CEST	36326	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.018393040 CEST	36326	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.058635950 CEST	36328	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.064276934 CEST	33966	36328	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:55.064352036 CEST	36328	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.068056107 CEST	36328	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.073385000 CEST	33966	36328	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:55.073442936 CEST	36328	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.078846931 CEST	33966	36328	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:55.972295046 CEST	33966	36328	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:55.972373009 CEST	36328	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.972373962 CEST	36328	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.993311882 CEST	36330	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.998651981 CEST	33966	36330	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:55.998716116 CEST	36330	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:55.999553919 CEST	36330	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:56.005613089 CEST	33966	36330	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:56.005662918 CEST	36330	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:56.011034966 CEST	33966	36330	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:56.883754015 CEST	33966	36330	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:56.883836031 CEST	36330	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:56.883836031 CEST	36330	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:56.907535076 CEST	36332	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:56.912878036 CEST	33966	36332	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:56.912965059 CEST	36332	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:56.914951086 CEST	36332	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:56.920308113 CEST	33966	36332	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:56.920475960 CEST	36332	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:56.925786972 CEST	33966	36332	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:57.817627907 CEST	33966	36332	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:57.817687035 CEST	36332	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:57.817687035 CEST	36332	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:57.839766979 CEST	36334	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:57.845231056 CEST	33966	36334	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:57.845290899 CEST	36334	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:57.846221924 CEST	36334	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:57.851690054 CEST	33966	36334	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:57.851726055 CEST	36334	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:57.857112885 CEST	33966	36334	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:58.743995905 CEST	33966	36334	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:58.744183064 CEST	36334	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:58.744184017 CEST	36334	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:58.768352985 CEST	36336	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:58.773788929 CEST	33966	36336	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:58.773844957 CEST	36336	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:58.776263952 CEST	36336	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:58.781708002 CEST	33966	36336	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:58.781763077 CEST	36336	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:58.787389040 CEST	33966	36336	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:59.682718992 CEST	33966	36336	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:59.683607101 CEST	36336	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:59.683608055 CEST	36336	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:59.818834066 CEST	36338	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:59.824667931 CEST	33966	36338	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:59.824728012 CEST	36338	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:59.825295925 CEST	36338	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:59.831288099 CEST	33966	36338	213.232.235.18	192.168.2.13
Oct 24, 2024 15:42:59.831345081 CEST	36338	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:42:59.836708069 CEST	33966	36338	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:00.718930960 CEST	33966	36338	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:00.719211102 CEST	36338	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:00.719211102 CEST	36338	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:00.741208076 CEST	36340	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:00.746778965 CEST	33966	36340	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:00.746834993 CEST	36340	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:00.747766018 CEST	36340	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:00.753220081 CEST	33966	36340	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:00.753261089 CEST	36340	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:00.758558989 CEST	33966	36340	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:01.642435074 CEST	33966	36340	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:01.642725945 CEST	36340	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:01.642726898 CEST	36340	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:01.672979116 CEST	36342	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:01.678428888 CEST	33966	36342	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:01.678500891 CEST	36342	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:01.679594994 CEST	36342	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:01.685168982 CEST	33966	36342	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:01.685240030 CEST	36342	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:01.691814899 CEST	33966	36342	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:02.582264900 CEST	33966	36342	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:02.582433939 CEST	36342	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:02.582433939 CEST	36342	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:02.599895954 CEST	36344	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:02.605274916 CEST	33966	36344	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:02.605328083 CEST	36344	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:02.605988026 CEST	36344	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:02.611938000 CEST	33966	36344	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:02.611989021 CEST	36344	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:02.617425919 CEST	33966	36344	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:03.490220070 CEST	33966	36344	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:03.490509987 CEST	36344	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:03.490509987 CEST	36344	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:03.510030031 CEST	36346	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:03.518166065 CEST	33966	36346	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:03.518227100 CEST	36346	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:03.519443989 CEST	36346	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:03.526434898 CEST	33966	36346	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:03.526488066 CEST	36346	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:03.532699108 CEST	33966	36346	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:04.416553974 CEST	33966	36346	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:04.416776896 CEST	36346	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:04.416778088 CEST	36346	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:04.432524920 CEST	36348	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:04.437839031 CEST	33966	36348	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:04.437891006 CEST	36348	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:04.438483953 CEST	36348	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:04.444498062 CEST	33966	36348	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:04.444545984 CEST	36348	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:04.449855089 CEST	33966	36348	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:05.322093964 CEST	33966	36348	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:05.322343111 CEST	36348	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:05.322343111 CEST	36348	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:05.340934992 CEST	36350	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:05.346477032 CEST	33966	36350	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:05.346591949 CEST	36350	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:06.355285883 CEST	36350	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:06.360985994 CEST	33966	36350	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:06.361085892 CEST	36350	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:06.361855030 CEST	36350	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:06.367369890 CEST	33966	36350	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:06.367451906 CEST	36350	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:06.372805119 CEST	33966	36350	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:07.263632059 CEST	33966	36350	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:07.263880014 CEST	36350	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:07.263880968 CEST	36350	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:07.281399012 CEST	36352	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:07.286963940 CEST	33966	36352	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:07.287041903 CEST	36352	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:07.287828922 CEST	36352	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:07.293661118 CEST	33966	36352	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:07.293742895 CEST	36352	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:07.299108028 CEST	33966	36352	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:08.191668034 CEST	33966	36352	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:08.192060947 CEST	36352	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:08.192061901 CEST	36352	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:08.209137917 CEST	36354	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:08.214528084 CEST	33966	36354	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:08.214605093 CEST	36354	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:08.215218067 CEST	36354	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:08.220669985 CEST	33966	36354	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:08.220757008 CEST	36354	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:08.226160049 CEST	33966	36354	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:09.413801908 CEST	33966	36354	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:09.413917065 CEST	33966	36354	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:09.414047956 CEST	36354	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:09.414047956 CEST	36354	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:09.414047956 CEST	36354	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:09.431653023 CEST	36356	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:09.437160969 CEST	33966	36356	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:09.437237978 CEST	36356	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:09.437815905 CEST	36356	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:09.443085909 CEST	33966	36356	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:09.443136930 CEST	36356	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:09.448491096 CEST	33966	36356	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:10.332556963 CEST	33966	36356	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:10.332801104 CEST	36356	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:10.332801104 CEST	36356	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:10.352662086 CEST	36358	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:10.358067989 CEST	33966	36358	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:10.358139038 CEST	36358	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:10.359091997 CEST	36358	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:10.364490986 CEST	33966	36358	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:10.364561081 CEST	36358	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:10.370038986 CEST	33966	36358	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:11.856072903 CEST	33966	36358	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:11.856101036 CEST	33966	36358	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:11.856302023 CEST	33966	36358	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:11.856376886 CEST	36358	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:11.856376886 CEST	36358	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:11.856376886 CEST	36358	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:11.856378078 CEST	36358	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:11.874032974 CEST	36360	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:11.879461050 CEST	33966	36360	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:11.879513979 CEST	36360	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:11.880186081 CEST	36360	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:11.885591030 CEST	33966	36360	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:11.885685921 CEST	36360	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:11.891078949 CEST	33966	36360	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:12.810642958 CEST	33966	36360	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:12.810903072 CEST	36360	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:12.810903072 CEST	36360	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:12.829413891 CEST	36362	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:12.834899902 CEST	33966	36362	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:12.834969044 CEST	36362	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:12.835995913 CEST	36362	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:12.841373920 CEST	33966	36362	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:12.841427088 CEST	36362	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:12.846780062 CEST	33966	36362	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:13.728673935 CEST	33966	36362	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:13.728846073 CEST	36362	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:13.728879929 CEST	36362	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:13.971750975 CEST	33966	36362	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:13.971899986 CEST	36362	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:13.983366013 CEST	36364	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:13.988753080 CEST	33966	36364	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:13.988796949 CEST	36364	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:13.989790916 CEST	36364	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:13.995052099 CEST	33966	36364	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:13.995093107 CEST	36364	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:14.000427008 CEST	33966	36364	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:14.881835938 CEST	33966	36364	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:14.882028103 CEST	36364	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:14.882072926 CEST	36364	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:14.900825024 CEST	36366	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:14.906760931 CEST	33966	36366	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:14.906829119 CEST	36366	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:14.907814980 CEST	36366	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:14.913502932 CEST	33966	36366	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:14.913567066 CEST	36366	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:14.918920994 CEST	33966	36366	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:15.792412996 CEST	33966	36366	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:15.792558908 CEST	36366	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:15.792598963 CEST	36366	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:15.812505960 CEST	36368	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:15.817971945 CEST	33966	36368	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:15.818193913 CEST	36368	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:15.818958044 CEST	36368	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:15.824374914 CEST	33966	36368	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:15.824421883 CEST	36368	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:15.829941034 CEST	33966	36368	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:16.713381052 CEST	33966	36368	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:16.713566065 CEST	36368	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:16.713567019 CEST	36368	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:16.732366085 CEST	36370	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:16.737714052 CEST	33966	36370	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:16.737798929 CEST	36370	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:16.738738060 CEST	36370	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:16.744040012 CEST	33966	36370	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:16.744112015 CEST	36370	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:16.749501944 CEST	33966	36370	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:17.622725964 CEST	33966	36370	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:17.623012066 CEST	36370	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:17.623012066 CEST	36370	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:17.644036055 CEST	36372	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:17.649605989 CEST	33966	36372	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:17.649693966 CEST	36372	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:17.650825024 CEST	36372	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:17.658598900 CEST	33966	36372	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:17.658674955 CEST	36372	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:17.664707899 CEST	33966	36372	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:52.203329086 CEST	33966	36372	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:52.203598976 CEST	36372	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:52.209445953 CEST	33966	36372	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:53.225296974 CEST	36374	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:53.230710030 CEST	33966	36374	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:53.230964899 CEST	36374	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:53.232907057 CEST	36374	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:53.239531994 CEST	33966	36374	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:53.239893913 CEST	36374	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:53.245243073 CEST	33966	36374	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:54.134358883 CEST	33966	36374	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:54.134587049 CEST	36374	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:54.134587049 CEST	36374	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:54.155766010 CEST	36376	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:54.161395073 CEST	33966	36376	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:54.161480904 CEST	36376	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:54.162460089 CEST	36376	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:54.167814016 CEST	33966	36376	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:54.167882919 CEST	36376	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:54.173294067 CEST	33966	36376	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:55.066627026 CEST	33966	36376	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:55.066771030 CEST	36376	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:55.066822052 CEST	36376	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:55.085077047 CEST	36378	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:55.090564013 CEST	33966	36378	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:55.090624094 CEST	36378	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:55.091398954 CEST	36378	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:55.299216986 CEST	36378	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:55.511163950 CEST	36378	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:55.923233986 CEST	36378	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:56.145905018 CEST	33966	36378	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:56.145973921 CEST	33966	36378	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:56.145988941 CEST	33966	36378	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:56.146028996 CEST	33966	36378	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:56.414367914 CEST	33966	36378	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:56.414520979 CEST	36378	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:56.414585114 CEST	36378	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:56.434524059 CEST	36380	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:56.439989090 CEST	33966	36380	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:56.440048933 CEST	36380	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:56.440993071 CEST	36380	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:56.446794987 CEST	33966	36380	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:56.446836948 CEST	36380	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:56.452255964 CEST	33966	36380	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:57.344930887 CEST	33966	36380	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:57.345026970 CEST	36380	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:57.345057964 CEST	36380	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:57.369574070 CEST	36382	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:57.376919985 CEST	33966	36382	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:57.377027035 CEST	36382	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:57.378470898 CEST	36382	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:57.386071920 CEST	33966	36382	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:57.386137009 CEST	36382	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:57.394577026 CEST	33966	36382	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:58.265945911 CEST	33966	36382	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:58.266088963 CEST	36382	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:58.266125917 CEST	36382	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:58.285912037 CEST	36384	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:58.291382074 CEST	33966	36384	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:58.291450024 CEST	36384	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:58.292682886 CEST	36384	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:58.298048973 CEST	33966	36384	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:58.298110008 CEST	36384	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:58.303559065 CEST	33966	36384	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:59.196083069 CEST	33966	36384	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:59.196183920 CEST	36384	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:59.196183920 CEST	36384	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:59.215523958 CEST	36386	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:59.220840931 CEST	33966	36386	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:59.220896006 CEST	36386	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:59.221649885 CEST	36386	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:59.227000952 CEST	33966	36386	213.232.235.18	192.168.2.13
Oct 24, 2024 15:43:59.227041960 CEST	36386	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:43:59.232489109 CEST	33966	36386	213.232.235.18	192.168.2.13
Oct 24, 2024 15:44:39.255156994 CEST	36386	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:44:39.353827000 CEST	33966	36386	213.232.235.18	192.168.2.13
Oct 24, 2024 15:44:49.263310909 CEST	36386	33966	192.168.2.13	213.232.235.18
Oct 24, 2024 15:44:49.268973112 CEST	33966	36386	213.232.235.18	192.168.2.13

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 15:42:52.231347084 CEST	41705	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:52.244014025 CEST	53	41705	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:52.245270967 CEST	37835	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:52.257906914 CEST	53	37835	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:53.163311005 CEST	39548	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:53.171456099 CEST	53	39548	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:53.175975084 CEST	32858	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:53.183697939 CEST	53	32858	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:54.095134020 CEST	44925	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:54.102937937 CEST	53	44925	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:54.104414940 CEST	53714	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:54.116523981 CEST	53	53714	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:55.021867037 CEST	39536	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:55.033356905 CEST	53	39536	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:55.037456989 CEST	41440	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:55.056629896 CEST	53	41440	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:55.973225117 CEST	43209	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:55.984003067 CEST	53	43209	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:55.984935045 CEST	36433	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:55.992866039 CEST	53	36433	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:56.886888981 CEST	60673	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:56.895148039 CEST	53	60673	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:56.897613049 CEST	36881	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:56.906444073 CEST	53	36881	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:57.818639994 CEST	47044	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:57.826971054 CEST	53	47044	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:57.827961922 CEST	52865	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:57.839339018 CEST	53	52865	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:58.747404099 CEST	57329	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:58.756072044 CEST	53	57329	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:58.759134054 CEST	55896	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:58.767079115 CEST	53	55896	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:59.781527996 CEST	46918	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:59.789129019 CEST	53	46918	8.8.8.8	192.168.2.13
Oct 24, 2024 15:42:59.810477972 CEST	60337	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:42:59.818525076 CEST	53	60337	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:00.720905066 CEST	42120	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:00.728601933 CEST	53	42120	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:00.729605913 CEST	41001	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:00.740582943 CEST	53	41001	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:01.644519091 CEST	35059	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:01.663587093 CEST	53	35059	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:01.664870977 CEST	38950	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:01.672482014 CEST	53	38950	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:02.583420992 CEST	36330	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:02.591118097 CEST	53	36330	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:02.592006922 CEST	48187	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:02.599481106 CEST	53	48187	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:03.491539955 CEST	33854	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:03.499144077 CEST	53	33854	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:03.500068903 CEST	33775	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:03.509427071 CEST	53	33775	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:04.417592049 CEST	36921	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:04.424348116 CEST	53	36921	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:04.425019026 CEST	58523	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:04.432154894 CEST	53	58523	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:05.323556900 CEST	51183	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:05.331299067 CEST	53	51183	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:05.332448959 CEST	44044	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:05.340483904 CEST	53	44044	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:07.264745951 CEST	53678	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:07.271974087 CEST	53	53678	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:07.272979021 CEST	45736	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:07.280868053 CEST	53	45736	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:08.193042040 CEST	48309	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:08.200167894 CEST	53	48309	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:08.201303005 CEST	59955	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:08.208682060 CEST	53	59955	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:09.414866924 CEST	39750	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:09.422883987 CEST	53	39750	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:09.423743963 CEST	43805	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:09.431247950 CEST	53	43805	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:10.333842993 CEST	43993	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:10.342000961 CEST	53	43993	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:10.342832088 CEST	42147	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:10.351969957 CEST	53	42147	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:11.857491016 CEST	59646	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:11.865030050 CEST	53	59646	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:11.865752935 CEST	38846	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:11.873584986 CEST	53	38846	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:12.812171936 CEST	39211	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:12.819641113 CEST	53	39211	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:12.820770025 CEST	59924	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:12.828789949 CEST	53	59924	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:13.730065107 CEST	40129	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:13.974031925 CEST	53	40129	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:13.975332975 CEST	33540	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:13.982773066 CEST	53	33540	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:14.883229971 CEST	57229	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:14.891211987 CEST	53	57229	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:14.892314911 CEST	35296	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:14.900357962 CEST	53	35296	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:15.793734074 CEST	46146	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:15.801826000 CEST	53	46146	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:15.802809954 CEST	34022	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:15.811964035 CEST	53	34022	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:16.715183020 CEST	56597	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:16.722609997 CEST	53	56597	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:16.723692894 CEST	39671	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:16.731740952 CEST	53	39671	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:17.624437094 CEST	51630	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:17.634563923 CEST	53	51630	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:17.635773897 CEST	48320	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:17.643218040 CEST	53	48320	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:53.206588030 CEST	54913	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:53.214303017 CEST	53	54913	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:53.216459990 CEST	54577	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:53.223773956 CEST	53	54577	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:54.135695934 CEST	60893	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:54.143008947 CEST	53	60893	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:54.144072056 CEST	47533	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:54.155002117 CEST	53	47533	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:55.068078995 CEST	44223	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:55.075721025 CEST	53	44223	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:55.076708078 CEST	49342	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:55.084650040 CEST	53	49342	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:56.415951014 CEST	53870	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:56.425201893 CEST	53	53870	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:56.426436901 CEST	57028	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:56.434050083 CEST	53	57028	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:57.345844984 CEST	51943	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:57.358062029 CEST	53	51943	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:57.359456062 CEST	56794	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:57.368350983 CEST	53	56794	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:58.267426014 CEST	44344	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:58.276309013 CEST	53	44344	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:58.277329922 CEST	60196	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:58.285409927 CEST	53	60196	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:59.197374105 CEST	49372	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:59.204547882 CEST	53	49372	8.8.8.8	192.168.2.13
Oct 24, 2024 15:43:59.205360889 CEST	35673	53	192.168.2.13	8.8.8.8
Oct 24, 2024 15:43:59.215034962 CEST	53	35673	8.8.8.8	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 15:42:52.231347084 CEST	192.168.2.13	8.8.8.8	0x73b1	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:52.245270967 CEST	192.168.2.13	8.8.8.8	0xc50a	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:53.163311005 CEST	192.168.2.13	8.8.8.8	0xda9c	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:53.175975084 CEST	192.168.2.13	8.8.8.8	0xca8e	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:54.095134020 CEST	192.168.2.13	8.8.8.8	0x45b4	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:54.104414940 CEST	192.168.2.13	8.8.8.8	0x8fd8	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:55.021867037 CEST	192.168.2.13	8.8.8.8	0x91a	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:55.037456989 CEST	192.168.2.13	8.8.8.8	0x7072	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:55.973225117 CEST	192.168.2.13	8.8.8.8	0xd290	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:55.984935045 CEST	192.168.2.13	8.8.8.8	0xee2	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:56.886888981 CEST	192.168.2.13	8.8.8.8	0x6139	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:56.897613049 CEST	192.168.2.13	8.8.8.8	0xd76	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:57.818639994 CEST	192.168.2.13	8.8.8.8	0xdb65	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:57.827961922 CEST	192.168.2.13	8.8.8.8	0x38ac	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:58.747404099 CEST	192.168.2.13	8.8.8.8	0x9221	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:58.759134054 CEST	192.168.2.13	8.8.8.8	0xb7b4	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:59.781527996 CEST	192.168.2.13	8.8.8.8	0x398c	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:59.810477972 CEST	192.168.2.13	8.8.8.8	0x9344	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:00.720905066 CEST	192.168.2.13	8.8.8.8	0xa654	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:00.729605913 CEST	192.168.2.13	8.8.8.8	0x4592	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:01.644519091 CEST	192.168.2.13	8.8.8.8	0xf499	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:01.664870977 CEST	192.168.2.13	8.8.8.8	0xef3	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:02.583420992 CEST	192.168.2.13	8.8.8.8	0x2571	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:02.592006922 CEST	192.168.2.13	8.8.8.8	0xc455	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:03.491539955 CEST	192.168.2.13	8.8.8.8	0xaea1	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:03.500068903 CEST	192.168.2.13	8.8.8.8	0x4d3b	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:04.417592049 CEST	192.168.2.13	8.8.8.8	0xffd2	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:04.425019026 CEST	192.168.2.13	8.8.8.8	0xfa29	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:05.323556900 CEST	192.168.2.13	8.8.8.8	0xc047	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:05.332448959 CEST	192.168.2.13	8.8.8.8	0x9a52	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:07.264745951 CEST	192.168.2.13	8.8.8.8	0x6414	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:07.272979021 CEST	192.168.2.13	8.8.8.8	0xcfbc	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:08.193042040 CEST	192.168.2.13	8.8.8.8	0x74c0	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:08.201303005 CEST	192.168.2.13	8.8.8.8	0xa9bf	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:09.414866924 CEST	192.168.2.13	8.8.8.8	0x8374	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:09.423743963 CEST	192.168.2.13	8.8.8.8	0x3187	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:10.333842993 CEST	192.168.2.13	8.8.8.8	0xa467	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:10.342832088 CEST	192.168.2.13	8.8.8.8	0x1c28	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:11.857491016 CEST	192.168.2.13	8.8.8.8	0xa771	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:11.865752935 CEST	192.168.2.13	8.8.8.8	0xced4	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:12.812171936 CEST	192.168.2.13	8.8.8.8	0xb658	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:12.820770025 CEST	192.168.2.13	8.8.8.8	0x160	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:13.730065107 CEST	192.168.2.13	8.8.8.8	0xcf22	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:13.975332975 CEST	192.168.2.13	8.8.8.8	0x7a75	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:14.883229971 CEST	192.168.2.13	8.8.8.8	0x110b	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:14.892314911 CEST	192.168.2.13	8.8.8.8	0xfcdc	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:15.793734074 CEST	192.168.2.13	8.8.8.8	0x71b0	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:15.802809954 CEST	192.168.2.13	8.8.8.8	0xb0ba	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:16.715183020 CEST	192.168.2.13	8.8.8.8	0xf191	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:16.723692894 CEST	192.168.2.13	8.8.8.8	0x4e5d	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:17.624437094 CEST	192.168.2.13	8.8.8.8	0xa622	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:17.635773897 CEST	192.168.2.13	8.8.8.8	0x2339	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:53.206588030 CEST	192.168.2.13	8.8.8.8	0x8326	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:53.216459990 CEST	192.168.2.13	8.8.8.8	0x2ec9	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:54.135695934 CEST	192.168.2.13	8.8.8.8	0x28b5	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:54.144072056 CEST	192.168.2.13	8.8.8.8	0x697a	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:55.068078995 CEST	192.168.2.13	8.8.8.8	0x2c50	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:55.076708078 CEST	192.168.2.13	8.8.8.8	0xf17e	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:56.415951014 CEST	192.168.2.13	8.8.8.8	0xee50	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:56.426436901 CEST	192.168.2.13	8.8.8.8	0x8267	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:57.345844984 CEST	192.168.2.13	8.8.8.8	0xbbc2	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:57.359456062 CEST	192.168.2.13	8.8.8.8	0xd7d6	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:58.267426014 CEST	192.168.2.13	8.8.8.8	0xf289	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:58.277329922 CEST	192.168.2.13	8.8.8.8	0x1cfd	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:59.197374105 CEST	192.168.2.13	8.8.8.8	0x7079	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:59.205360889 CEST	192.168.2.13	8.8.8.8	0x7b26	Standard query (0)	raw.eye-network.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 15:42:52.244014025 CEST	8.8.8.8	192.168.2.13	0x73b1	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:52.257906914 CEST	8.8.8.8	192.168.2.13	0xc50a	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:53.171456099 CEST	8.8.8.8	192.168.2.13	0xda9c	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:53.183697939 CEST	8.8.8.8	192.168.2.13	0xca8e	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:54.102937937 CEST	8.8.8.8	192.168.2.13	0x45b4	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:54.116523981 CEST	8.8.8.8	192.168.2.13	0x8fd8	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:55.033356905 CEST	8.8.8.8	192.168.2.13	0x91a	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:55.056629896 CEST	8.8.8.8	192.168.2.13	0x7072	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:55.984003067 CEST	8.8.8.8	192.168.2.13	0xd290	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:55.992866039 CEST	8.8.8.8	192.168.2.13	0xee2	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:56.895148039 CEST	8.8.8.8	192.168.2.13	0x6139	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:56.906444073 CEST	8.8.8.8	192.168.2.13	0xd76	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:57.826971054 CEST	8.8.8.8	192.168.2.13	0xdb65	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:57.839339018 CEST	8.8.8.8	192.168.2.13	0x38ac	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:58.756072044 CEST	8.8.8.8	192.168.2.13	0x9221	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:58.767079115 CEST	8.8.8.8	192.168.2.13	0xb7b4	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:59.789129019 CEST	8.8.8.8	192.168.2.13	0x398c	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:42:59.818525076 CEST	8.8.8.8	192.168.2.13	0x9344	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:00.728601933 CEST	8.8.8.8	192.168.2.13	0xa654	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:00.740582943 CEST	8.8.8.8	192.168.2.13	0x4592	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:01.663587093 CEST	8.8.8.8	192.168.2.13	0xf499	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:01.672482014 CEST	8.8.8.8	192.168.2.13	0xef3	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:02.591118097 CEST	8.8.8.8	192.168.2.13	0x2571	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:02.599481106 CEST	8.8.8.8	192.168.2.13	0xc455	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:03.499144077 CEST	8.8.8.8	192.168.2.13	0xaea1	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:03.509427071 CEST	8.8.8.8	192.168.2.13	0x4d3b	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:04.424348116 CEST	8.8.8.8	192.168.2.13	0xffd2	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:04.432154894 CEST	8.8.8.8	192.168.2.13	0xfa29	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:05.331299067 CEST	8.8.8.8	192.168.2.13	0xc047	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:05.340483904 CEST	8.8.8.8	192.168.2.13	0x9a52	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:07.271974087 CEST	8.8.8.8	192.168.2.13	0x6414	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:07.280868053 CEST	8.8.8.8	192.168.2.13	0xcfbc	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:08.200167894 CEST	8.8.8.8	192.168.2.13	0x74c0	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:08.208682060 CEST	8.8.8.8	192.168.2.13	0xa9bf	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:09.422883987 CEST	8.8.8.8	192.168.2.13	0x8374	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:09.431247950 CEST	8.8.8.8	192.168.2.13	0x3187	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:10.342000961 CEST	8.8.8.8	192.168.2.13	0xa467	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:10.351969957 CEST	8.8.8.8	192.168.2.13	0x1c28	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:11.865030050 CEST	8.8.8.8	192.168.2.13	0xa771	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:11.873584986 CEST	8.8.8.8	192.168.2.13	0xced4	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:12.819641113 CEST	8.8.8.8	192.168.2.13	0xb658	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:12.828789949 CEST	8.8.8.8	192.168.2.13	0x160	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:13.974031925 CEST	8.8.8.8	192.168.2.13	0xcf22	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:13.982773066 CEST	8.8.8.8	192.168.2.13	0x7a75	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:14.891211987 CEST	8.8.8.8	192.168.2.13	0x110b	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:14.900357962 CEST	8.8.8.8	192.168.2.13	0xfcdc	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:15.801826000 CEST	8.8.8.8	192.168.2.13	0x71b0	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:15.811964035 CEST	8.8.8.8	192.168.2.13	0xb0ba	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:16.722609997 CEST	8.8.8.8	192.168.2.13	0xf191	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:16.731740952 CEST	8.8.8.8	192.168.2.13	0x4e5d	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:17.634563923 CEST	8.8.8.8	192.168.2.13	0xa622	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:17.643218040 CEST	8.8.8.8	192.168.2.13	0x2339	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:53.214303017 CEST	8.8.8.8	192.168.2.13	0x8326	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:53.223773956 CEST	8.8.8.8	192.168.2.13	0x2ec9	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:54.143008947 CEST	8.8.8.8	192.168.2.13	0x28b5	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:54.155002117 CEST	8.8.8.8	192.168.2.13	0x697a	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:55.075721025 CEST	8.8.8.8	192.168.2.13	0x2c50	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:55.084650040 CEST	8.8.8.8	192.168.2.13	0xf17e	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:56.425201893 CEST	8.8.8.8	192.168.2.13	0xee50	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:56.434050083 CEST	8.8.8.8	192.168.2.13	0x8267	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:57.358062029 CEST	8.8.8.8	192.168.2.13	0xbbc2	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:57.368350983 CEST	8.8.8.8	192.168.2.13	0xd7d6	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:58.276309013 CEST	8.8.8.8	192.168.2.13	0xf289	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:58.285409927 CEST	8.8.8.8	192.168.2.13	0x1cfd	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:59.204547882 CEST	8.8.8.8	192.168.2.13	0x7079	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:43:59.215034962 CEST	8.8.8.8	192.168.2.13	0x7b26	No error (0)	raw.eye-network.ru	213.232.235.18	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: vqkjf64.elf PID: 5434, Parent PID: 5358

General

Start time (UTC):	13:42:51
Start date (UTC):	24/10/2024
Path:	/tmp/vqkjf64.elf
Arguments:	/tmp/vqkjf64.elf
File size:	151096 bytes
MD5 hash:	c82fae90d5afa7faa234118494709c0f

Start time (UTC):	13:42:51
Start date (UTC):	24/10/2024
Path:	/tmp/vqkjf64.elf
Arguments:	-
File size:	151096 bytes
MD5 hash:	c82fae90d5afa7faa234118494709c0f

Start time (UTC):	13:42:51
Start date (UTC):	24/10/2024
Path:	/tmp/vqkjf64.elf
Arguments:	-
File size:	151096 bytes
MD5 hash:	c82fae90d5afa7faa234118494709c0f

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report vqkjf64.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: vqkjf64.elf PID: 5434, Parent PID: 5358

General

Chronological Activities

Analysis Process: vqkjf64.elf PID: 5435, Parent PID: 5434

General

Chronological Activities

Analysis Process: vqkjf64.elf PID: 5436, Parent PID: 5435

General

Chronological Activities

Linux Analysis Report
vqkjf64.elf