Malware Analysis Report

2024-11-13 12:58

Sample ID 240426-1ds5nsdd8v
Target x86_64(1)
SHA256 b6538d6af7fc74e1f6d2d49177df9d83debbf5972f485812f5811920fd86ca11
Tags
evasion mirai mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b6538d6af7fc74e1f6d2d49177df9d83debbf5972f485812f5811920fd86ca11

Threat Level: Known bad

The file x86_64(1) was found to be: Known bad.

Malicious Activity Summary

evasion mirai mirai

Mirai family

Deletes Audit logs

Deletes journal logs

Deletes itself

Deletes system logs

Modifies Watchdog functionality

Deletes log files

Enumerates running processes

Changes its process name

Reads CPU attributes

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-26 21:32

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-26 21:32

Reported

2024-04-26 21:42

Platform

ubuntu1804-amd64-20240418-en

Max time kernel

599s

Max time network

598s

Command Line

[/tmp/x86_64(1)]

Signatures

Deletes Audit logs

evasion
Description Indicator Process Target
File deleted /var/log/audit/audit.log /tmp/x86_64(1) N/A

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/x86_64(1) N/A

Deletes journal logs

evasion
Description Indicator Process Target
File deleted /var/log/journal/11c67417355f45d397f6be11f62e85a6/system.journal /tmp/x86_64(1) N/A

Deletes system logs

evasion
Description Indicator Process Target
File deleted /var/log/syslog /tmp/x86_64(1) N/A

Modifies Watchdog functionality

Description Indicator Process Target
File opened for modification /dev/watchdog /tmp/x86_64(1) N/A
File opened for modification /dev/misc/watchdog /tmp/x86_64(1) N/A

Deletes log files

Description Indicator Process Target
File deleted /var/log/cups/error_log /tmp/x86_64(1) N/A

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself ebualweajs4c8e64s2f8jbs8lqfd /tmp/x86_64(1) N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pkill N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/9/status /usr/bin/pkill N/A
File opened for reading /proc/1141/status /usr/bin/pkill N/A
File opened for reading /proc/183/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1314/status /usr/bin/pkill N/A
File opened for reading /proc/11/cmdline /usr/bin/pkill N/A
File opened for reading /proc/178/status /usr/bin/pkill N/A
File opened for reading /proc/1129/cmdline /usr/bin/pkill N/A
File opened for reading /proc/7401/cmdline /tmp/x86_64(1) N/A
File opened for reading /proc/1105/status /usr/bin/pkill N/A
File opened for reading /proc/958/status /usr/bin/pkill N/A
File opened for reading /proc/4599/cmdline /tmp/x86_64(1) N/A
File opened for reading /proc/89/status /usr/bin/pkill N/A
File opened for reading /proc/184/cmdline /usr/bin/pkill N/A
File opened for reading /proc/213/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1548/cmdline /usr/bin/pkill N/A
File opened for reading /proc/8/status /usr/bin/pkill N/A
File opened for reading /proc/10/status /usr/bin/pkill N/A
File opened for reading /proc/176/status /usr/bin/pkill N/A
File opened for reading /proc/734/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1543/status /usr/bin/pkill N/A
File opened for reading /proc/1535/cmdline /usr/bin/pkill N/A
File opened for reading /proc/14/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1141/cmdline /tmp/x86_64(1) N/A
File opened for reading /proc/1/status /usr/bin/pkill N/A
File opened for reading /proc/10/status /usr/bin/pkill N/A
File opened for reading /proc/481/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1125/cmdline /usr/bin/pkill N/A
File opened for reading /proc/8153/cmdline /tmp/x86_64(1) N/A
File opened for reading /proc/183/status /usr/bin/pkill N/A
File opened for reading /proc/610/status /usr/bin/pkill N/A
File opened for reading /proc/966/status /usr/bin/pkill N/A
File opened for reading /proc/1528/status /usr/bin/pkill N/A
File opened for reading /proc/19/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1178/status /usr/bin/pkill N/A
File opened for reading /proc/1191/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1204/status /usr/bin/pkill N/A
File opened for reading /proc/1541/status /usr/bin/pkill N/A
File opened for reading /proc/21/status /usr/bin/pkill N/A
File opened for reading /proc/98/cmdline /usr/bin/pkill N/A
File opened for reading /proc/188/status /usr/bin/pkill N/A
File opened for reading /proc/188/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1178/status /usr/bin/pkill N/A
File opened for reading /proc/1288/status /usr/bin/pkill N/A
File opened for reading /proc/1160/cmdline /usr/bin/pkill N/A
File opened for reading /proc/20/status /usr/bin/pkill N/A
File opened for reading /proc/664/status /usr/bin/pkill N/A
File opened for reading /proc/672/cmdline /usr/bin/pkill N/A
File opened for reading /proc/1137/cmdline /usr/bin/pkill N/A
File opened for reading /proc/7/cmdline /usr/bin/pkill N/A
File opened for reading /proc/178/status /usr/bin/pkill N/A
File opened for reading /proc/1133/status /usr/bin/pkill N/A
File opened for reading /proc/1512/cmdline /tmp/x86_64(1) N/A
File opened for reading /proc/175/status /usr/bin/pkill N/A
File opened for reading /proc/14/cmdline /tmp/x86_64(1) N/A
File opened for reading /proc/2455/cmdline /tmp/x86_64(1) N/A
File opened for reading /proc/6424/cmdline /tmp/x86_64(1) N/A
File opened for reading /proc/184/status /usr/bin/pkill N/A
File opened for reading /proc/1133/status /usr/bin/pkill N/A
File opened for reading /proc/1201/status /usr/bin/pkill N/A
File opened for reading /proc/1201/status /usr/bin/pkill N/A
File opened for reading /proc/2879/cmdline /tmp/x86_64(1) N/A
File opened for reading /proc/83/status /usr/bin/pkill N/A
File opened for reading /proc/115/cmdline /usr/bin/pkill N/A
File opened for reading /proc/185/status /usr/bin/pkill N/A

Processes

/tmp/x86_64(1)

[/tmp/x86_64(1)]

/usr/local/sbin/pkill

[pkill wireshark]

/usr/local/bin/pkill

[pkill wireshark]

/usr/sbin/pkill

[pkill wireshark]

/usr/bin/pkill

[pkill wireshark]

/usr/local/sbin/pkill

[pkill tshark]

/usr/local/sbin/pkill

[pkill ettercap]

/usr/local/sbin/pkill

[pkill dsniff]

/usr/local/sbin/pkill

[pkill ngrep]

/usr/local/bin/pkill

[pkill ngrep]

/usr/sbin/pkill

[pkill ngrep]

/usr/local/sbin/pkill

[pkill tcpflow]

/usr/local/sbin/pkill

[pkill windump]

/usr/bin/pkill

[pkill ngrep]

/usr/local/sbin/pkill

[pkill netsniff-ng]

/usr/local/sbin/pkill

[pkill dumpcap]

/usr/local/bin/pkill

[pkill dumpcap]

/usr/sbin/pkill

[pkill dumpcap]

/usr/local/bin/pkill

[pkill ettercap]

/usr/bin/pkill

[pkill dumpcap]

/usr/local/bin/pkill

[pkill tshark]

/usr/local/sbin/pkill

[pkill tcpdump]

/usr/sbin/pkill

[pkill ettercap]

/usr/sbin/pkill

[pkill tshark]

/usr/bin/pkill

[pkill ettercap]

/usr/local/bin/pkill

[pkill tcpdump]

/usr/bin/pkill

[pkill tshark]

/usr/sbin/pkill

[pkill tcpdump]

/usr/bin/pkill

[pkill tcpdump]

/usr/local/bin/pkill

[pkill dsniff]

/usr/sbin/pkill

[pkill dsniff]

/usr/bin/pkill

[pkill dsniff]

/usr/local/bin/pkill

[pkill tcpflow]

/usr/local/bin/pkill

[pkill windump]

/usr/local/bin/pkill

[pkill netsniff-ng]

/usr/sbin/pkill

[pkill tcpflow]

/usr/sbin/pkill

[pkill windump]

/usr/sbin/pkill

[pkill netsniff-ng]

/usr/bin/pkill

[pkill tcpflow]

/usr/bin/pkill

[pkill windump]

/usr/bin/pkill

[pkill netsniff-ng]

/usr/local/sbin/rm

[rm -rf /usr/bin/ettercap]

/usr/local/bin/rm

[rm -rf /usr/bin/ettercap]

/usr/sbin/rm

[rm -rf /usr/bin/ettercap]

/usr/bin/rm

[rm -rf /usr/bin/ettercap]

/sbin/rm

[rm -rf /usr/bin/ettercap]

/bin/rm

[rm -rf /usr/bin/ettercap]

/usr/local/sbin/rm

[rm -rf /usr/bin/dsniff]

/usr/local/bin/rm

[rm -rf /usr/bin/dsniff]

/usr/sbin/rm

[rm -rf /usr/bin/dsniff]

/usr/bin/rm

[rm -rf /usr/bin/dsniff]

/sbin/rm

[rm -rf /usr/bin/dsniff]

/bin/rm

[rm -rf /usr/bin/dsniff]

/usr/local/sbin/rm

[rm -rf /usr/bin/ngrep]

/usr/local/bin/rm

[rm -rf /usr/bin/ngrep]

/usr/sbin/rm

[rm -rf /usr/bin/ngrep]

/usr/bin/rm

[rm -rf /usr/bin/ngrep]

/sbin/rm

[rm -rf /usr/bin/ngrep]

/bin/rm

[rm -rf /usr/bin/ngrep]

/usr/local/sbin/rm

[rm -rf /usr/bin/tcpflow]

/usr/local/bin/rm

[rm -rf /usr/bin/tcpflow]

/usr/sbin/rm

[rm -rf /usr/bin/tcpflow]

/usr/bin/rm

[rm -rf /usr/bin/tcpflow]

/sbin/rm

[rm -rf /usr/bin/tcpflow]

/bin/rm

[rm -rf /usr/bin/tcpflow]

/usr/local/sbin/rm

[rm -rf /usr/bin/netsniff-ng]

/usr/local/bin/rm

[rm -rf /usr/bin/netsniff-ng]

/usr/sbin/rm

[rm -rf /usr/bin/netsniff-ng]

/usr/bin/rm

[rm -rf /usr/bin/netsniff-ng]

/sbin/rm

[rm -rf /usr/bin/netsniff-ng]

/bin/rm

[rm -rf /usr/bin/netsniff-ng]

/usr/local/sbin/rm

[rm -rf /usr/sbin/ngrep]

/usr/local/bin/rm

[rm -rf /usr/sbin/ngrep]

/usr/sbin/rm

[rm -rf /usr/sbin/ngrep]

/usr/bin/rm

[rm -rf /usr/sbin/ngrep]

/sbin/rm

[rm -rf /usr/sbin/ngrep]

/bin/rm

[rm -rf /usr/sbin/ngrep]

/usr/local/sbin/rm

[rm -rf /usr/sbin/tcpflow]

/usr/local/bin/rm

[rm -rf /usr/sbin/tcpflow]

/usr/sbin/rm

[rm -rf /usr/sbin/tcpflow]

/usr/bin/rm

[rm -rf /usr/sbin/tcpflow]

/sbin/rm

[rm -rf /usr/sbin/tcpflow]

/bin/rm

[rm -rf /usr/sbin/tcpflow]

/usr/local/sbin/rm

[rm -rf /usr/sbin/windump]

/usr/local/bin/rm

[rm -rf /usr/sbin/windump]

/usr/sbin/rm

[rm -rf /usr/sbin/windump]

/usr/bin/rm

[rm -rf /usr/sbin/windump]

/sbin/rm

[rm -rf /usr/sbin/windump]

/bin/rm

[rm -rf /usr/sbin/windump]

/usr/local/sbin/rm

[rm -rf /usr/sbin/netsniff-ng]

/usr/local/bin/rm

[rm -rf /usr/sbin/netsniff-ng]

/usr/sbin/rm

[rm -rf /usr/sbin/netsniff-ng]

/usr/bin/rm

[rm -rf /usr/sbin/netsniff-ng]

/sbin/rm

[rm -rf /usr/sbin/netsniff-ng]

/bin/rm

[rm -rf /usr/sbin/netsniff-ng]

/usr/local/sbin/rm

[rm -rf /usr/bin/tcpdump]

/usr/local/sbin/rm

[rm -rf /usr/bin/tshark]

/usr/local/sbin/rm

[rm -rf /usr/bin/wireshark]

/usr/local/sbin/rm

[rm -rf /usr/bin/dumpcap]

/usr/local/sbin/rm

[rm -rf /usr/bin/windump]

/usr/local/bin/rm

[rm -rf /usr/bin/dumpcap]

/usr/local/bin/rm

[rm -rf /usr/bin/windump]

/usr/local/bin/rm

[rm -rf /usr/bin/tcpdump]

/usr/local/bin/rm

[rm -rf /usr/bin/wireshark]

/usr/local/bin/rm

[rm -rf /usr/bin/tshark]

/usr/sbin/rm

[rm -rf /usr/bin/dumpcap]

/usr/sbin/rm

[rm -rf /usr/bin/windump]

/usr/sbin/rm

[rm -rf /usr/bin/tcpdump]

/usr/sbin/rm

[rm -rf /usr/bin/wireshark]

/usr/sbin/rm

[rm -rf /usr/bin/tshark]

/usr/local/sbin/rm

[rm -rf /usr/sbin/dsniff]

/usr/bin/rm

[rm -rf /usr/bin/windump]

/usr/bin/rm

[rm -rf /usr/bin/dumpcap]

/usr/bin/rm

[rm -rf /usr/bin/tcpdump]

/usr/bin/rm

[rm -rf /usr/bin/wireshark]

/usr/bin/rm

[rm -rf /usr/bin/tshark]

/sbin/rm

[rm -rf /usr/bin/windump]

/sbin/rm

[rm -rf /usr/bin/dumpcap]

/sbin/rm

[rm -rf /usr/bin/tcpdump]

/sbin/rm

[rm -rf /usr/bin/wireshark]

/sbin/rm

[rm -rf /usr/bin/tshark]

/usr/local/bin/rm

[rm -rf /usr/sbin/dsniff]

/bin/rm

[rm -rf /usr/bin/windump]

/bin/rm

[rm -rf /usr/bin/dumpcap]

/bin/rm

[rm -rf /usr/bin/tcpdump]

/bin/rm

[rm -rf /usr/bin/wireshark]

/bin/rm

[rm -rf /usr/bin/tshark]

/usr/sbin/rm

[rm -rf /usr/sbin/dsniff]

/usr/bin/rm

[rm -rf /usr/sbin/dsniff]

/usr/local/sbin/rm

[rm -rf /usr/sbin/ettercap]

/sbin/rm

[rm -rf /usr/sbin/dsniff]

/bin/rm

[rm -rf /usr/sbin/dsniff]

/usr/local/bin/rm

[rm -rf /usr/sbin/ettercap]

/usr/sbin/rm

[rm -rf /usr/sbin/ettercap]

/usr/bin/rm

[rm -rf /usr/sbin/ettercap]

/sbin/rm

[rm -rf /usr/sbin/ettercap]

/bin/rm

[rm -rf /usr/sbin/ettercap]

/usr/local/sbin/rm

[rm -rf /usr/sbin/dumpcap]

/usr/local/bin/rm

[rm -rf /usr/sbin/dumpcap]

/usr/sbin/rm

[rm -rf /usr/sbin/dumpcap]

/usr/bin/rm

[rm -rf /usr/sbin/dumpcap]

/sbin/rm

[rm -rf /usr/sbin/dumpcap]

/bin/rm

[rm -rf /usr/sbin/dumpcap]

/usr/local/sbin/rm

[rm -rf /usr/sbin/wireshark]

/usr/local/bin/rm

[rm -rf /usr/sbin/wireshark]

/usr/sbin/rm

[rm -rf /usr/sbin/wireshark]

/usr/bin/rm

[rm -rf /usr/sbin/wireshark]

/sbin/rm

[rm -rf /usr/sbin/wireshark]

/bin/rm

[rm -rf /usr/sbin/wireshark]

/usr/local/sbin/rm

[rm -rf /usr/sbin/tshark]

/usr/local/bin/rm

[rm -rf /usr/sbin/tshark]

/usr/sbin/rm

[rm -rf /usr/sbin/tshark]

/usr/bin/rm

[rm -rf /usr/sbin/tshark]

/sbin/rm

[rm -rf /usr/sbin/tshark]

/bin/rm

[rm -rf /usr/sbin/tshark]

/usr/local/sbin/rm

[rm -rf /usr/sbin/tcpdump]

/usr/local/bin/rm

[rm -rf /usr/sbin/tcpdump]

/usr/sbin/rm

[rm -rf /usr/sbin/tcpdump]

/usr/bin/rm

[rm -rf /usr/sbin/tcpdump]

/sbin/rm

[rm -rf /usr/sbin/tcpdump]

/bin/rm

[rm -rf /usr/sbin/tcpdump]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 tcpdown.su udp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 151.101.194.49:443 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 1.1.1.1:53 daisy.ubuntu.com udp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 151.101.65.91:443 tcp
GB 89.187.167.3:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 151.101.65.91:443 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 tcpdown.su udp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 1.1.1.1:53 tcpdown.su udp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 151.101.1.91:443 tcp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 1.1.1.1:53 tcpdown.su udp
US 104.168.45.11:7722 tcp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 104.168.45.11:7722 tcp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 tcpdown.su udp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 104.168.45.11:7722 tcp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp
US 1.1.1.1:53 tcpdown.su udp

Files

N/A