Edit tour

Linux Analysis Report
sh4.elf

Overview

General Information

Sample name:	sh4.elf
Analysis ID:	1575989
MD5:	866c52bc44c007685c49f5f7c51e05ca
SHA1:	83bb15de9ff6d7501897689e97907fe80f329604
SHA256:	3c0c87bbc1a908ee2d698bf59722fc050b29aa5dcc9312a7c33c04910ad2f067
Tags:	elfuser-abuse_ch
Infos:

Detection

Gafgyt, Mirai

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Gafgyt

Yara detected Mirai

Contains symbols with names commonly found in malware

Opens /proc/net/* files useful for finding connected devices and routers

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Sample contains strings that are user agent strings indicative of HTTP manipulation

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1575989
Start date and time:	2024-12-16 13:08:29 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	sh4.elf
Detection:	MAL
Classification:	mal100.spre.troj.linELF@0/0@0/0

Warnings

VT rate limit hit for: sh4.elf

Runtime Messages

Command:	/tmp/sh4.elf
PID:	6262
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

dash New Fork (PID: 6225, Parent: 4331)

rm (PID: 6225, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.25mzlEEvpZ /tmp/tmp.DDq2YkcMbt /tmp/tmp.scdstBQjf3

dash New Fork (PID: 6226, Parent: 4331)

cat (PID: 6226, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.25mzlEEvpZ

dash New Fork (PID: 6227, Parent: 4331)

head (PID: 6227, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 6228, Parent: 4331)

tr (PID: 6228, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 6229, Parent: 4331)

cut (PID: 6229, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 6230, Parent: 4331)

cat (PID: 6230, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.25mzlEEvpZ

dash New Fork (PID: 6231, Parent: 4331)

head (PID: 6231, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 6232, Parent: 4331)

tr (PID: 6232, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 6233, Parent: 4331)

cut (PID: 6233, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 6234, Parent: 4331)

rm (PID: 6234, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.25mzlEEvpZ /tmp/tmp.DDq2YkcMbt /tmp/tmp.scdstBQjf3

sh4.elf (PID: 6262, Parent: 6157, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/sh4.elf

sh4.elf New Fork (PID: 6264, Parent: 6262)

sh4.elf New Fork (PID: 6266, Parent: 6264)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
sh4.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
sh4.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
sh4.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xdd38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdeb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
6262.1.00007f70ec400000.00007f70ec410000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6262.1.00007f70ec400000.00007f70ec410000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xdd38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdeb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6264.1.00007f70ec400000.00007f70ec410000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6264.1.00007f70ec400000.00007f70ec410000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xdd38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xddec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xde8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdeb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: sh4.elf PID: 6262	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: sh4.elf PID: 6262	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x4e56:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4e6a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4e7e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4e92:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4ea6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4eba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4ece:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4ee2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4ef6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4f0a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4f1e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4f32:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4f46:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4f5a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4f6e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4f82:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4f96:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4faa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4fbe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4fd2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4fe6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: sh4.elf PID: 6264	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: sh4.elf PID: 6264	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x50df:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x50f3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5107:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x511b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x512f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5143:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5157:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x516b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x517f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5193:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x51a7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x51bb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x51cf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x51e3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x51f7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x520b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x521f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5233:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5247:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x525b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x526f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 3 entries

Suricata Signatures

ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T13:09:18.671976+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40762	150.241.88.132	25565	TCP
2024-12-16T13:09:20.989883+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40764	150.241.88.132	25565	TCP
2024-12-16T13:09:23.346054+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40766	150.241.88.132	25565	TCP
2024-12-16T13:09:25.930736+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40768	150.241.88.132	25565	TCP
2024-12-16T13:09:28.273429+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40770	150.241.88.132	25565	TCP
2024-12-16T13:09:30.600123+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40772	150.241.88.132	25565	TCP
2024-12-16T13:09:32.984956+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40774	150.241.88.132	25565	TCP
2024-12-16T13:09:35.321711+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40776	150.241.88.132	25565	TCP
2024-12-16T13:09:37.661942+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40778	150.241.88.132	25565	TCP
2024-12-16T13:09:40.009051+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40780	150.241.88.132	25565	TCP
2024-12-16T13:09:42.396763+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40782	150.241.88.132	25565	TCP
2024-12-16T13:09:44.723149+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40784	150.241.88.132	25565	TCP
2024-12-16T13:09:47.051419+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40786	150.241.88.132	25565	TCP
2024-12-16T13:09:49.444987+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40788	150.241.88.132	25565	TCP
2024-12-16T13:09:51.818646+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40790	150.241.88.132	25565	TCP
2024-12-16T13:09:54.164192+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40792	150.241.88.132	25565	TCP
2024-12-16T13:09:56.490071+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40794	150.241.88.132	25565	TCP
2024-12-16T13:09:58.821929+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40796	150.241.88.132	25565	TCP
2024-12-16T13:10:01.209721+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40798	150.241.88.132	25565	TCP
2024-12-16T13:10:03.540102+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40800	150.241.88.132	25565	TCP
2024-12-16T13:10:05.914624+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40802	150.241.88.132	25565	TCP
2024-12-16T13:10:08.258636+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40804	150.241.88.132	25565	TCP
2024-12-16T13:10:11.202089+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40806	150.241.88.132	25565	TCP
2024-12-16T13:10:13.584603+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40808	150.241.88.132	25565	TCP
2024-12-16T13:10:16.004322+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40810	150.241.88.132	25565	TCP
2024-12-16T13:10:18.381606+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40812	150.241.88.132	25565	TCP
2024-12-16T13:10:20.711400+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40814	150.241.88.132	25565	TCP
2024-12-16T13:10:23.087152+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40816	150.241.88.132	25565	TCP
2024-12-16T13:10:25.410316+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40818	150.241.88.132	25565	TCP
2024-12-16T13:10:27.740599+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40820	150.241.88.132	25565	TCP
2024-12-16T13:10:30.082800+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40822	150.241.88.132	25565	TCP
2024-12-16T13:10:32.414294+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40824	150.241.88.132	25565	TCP
2024-12-16T13:10:34.743959+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40826	150.241.88.132	25565	TCP
2024-12-16T13:10:37.086757+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40828	150.241.88.132	25565	TCP
2024-12-16T13:10:39.460161+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40830	150.241.88.132	25565	TCP
2024-12-16T13:10:41.786389+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40832	150.241.88.132	25565	TCP
2024-12-16T13:10:44.114438+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40834	150.241.88.132	25565	TCP
2024-12-16T13:10:46.443282+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40836	150.241.88.132	25565	TCP
2024-12-16T13:10:48.771491+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40838	150.241.88.132	25565	TCP
2024-12-16T13:10:51.102683+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40840	150.241.88.132	25565	TCP
2024-12-16T13:10:53.427842+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40842	150.241.88.132	25565	TCP
2024-12-16T13:10:55.758306+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40844	150.241.88.132	25565	TCP
2024-12-16T13:10:58.087852+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40846	150.241.88.132	25565	TCP
2024-12-16T13:11:00.414039+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40848	150.241.88.132	25565	TCP
2024-12-16T13:11:02.771624+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40850	150.241.88.132	25565	TCP
2024-12-16T13:11:05.150016+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40852	150.241.88.132	25565	TCP
2024-12-16T13:11:07.525163+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40854	150.241.88.132	25565	TCP
2024-12-16T13:11:09.849922+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40856	150.241.88.132	25565	TCP
2024-12-16T13:11:12.182637+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40858	150.241.88.132	25565	TCP
2024-12-16T13:11:14.538622+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40860	150.241.88.132	25565	TCP
2024-12-16T13:11:16.871041+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40862	150.241.88.132	25565	TCP
2024-12-16T13:11:19.257724+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40864	150.241.88.132	25565	TCP
2024-12-16T13:11:21.633848+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40866	150.241.88.132	25565	TCP
2024-12-16T13:11:23.960194+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40868	150.241.88.132	25565	TCP
2024-12-16T13:11:26.290801+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40870	150.241.88.132	25565	TCP
2024-12-16T13:11:28.615583+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40872	150.241.88.132	25565	TCP
2024-12-16T13:11:30.943668+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40874	150.241.88.132	25565	TCP
2024-12-16T13:11:33.320753+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40876	150.241.88.132	25565	TCP
2024-12-16T13:11:35.650754+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40878	150.241.88.132	25565	TCP
2024-12-16T13:11:37.974812+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40880	150.241.88.132	25565	TCP
2024-12-16T13:11:40.302688+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40882	150.241.88.132	25565	TCP
2024-12-16T13:11:42.680017+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40884	150.241.88.132	25565	TCP
2024-12-16T13:11:45.008955+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40886	150.241.88.132	25565	TCP
2024-12-16T13:11:47.337385+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40888	150.241.88.132	25565	TCP
2024-12-16T13:11:49.668720+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40890	150.241.88.132	25565	TCP
2024-12-16T13:11:51.998419+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40892	150.241.88.132	25565	TCP
2024-12-16T13:11:54.355590+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40894	150.241.88.132	25565	TCP
2024-12-16T13:11:56.678643+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40896	150.241.88.132	25565	TCP
2024-12-16T13:11:59.005909+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40898	150.241.88.132	25565	TCP
2024-12-16T13:12:01.337841+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40900	150.241.88.132	25565	TCP
2024-12-16T13:12:03.891693+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40902	150.241.88.132	25565	TCP
2024-12-16T13:12:06.228448+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40904	150.241.88.132	25565	TCP
2024-12-16T13:12:08.553795+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40906	150.241.88.132	25565	TCP
2024-12-16T13:12:10.919357+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40908	150.241.88.132	25565	TCP
2024-12-16T13:12:13.241470+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40910	150.241.88.132	25565	TCP
2024-12-16T13:12:15.648624+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40912	150.241.88.132	25565	TCP
2024-12-16T13:12:17.993880+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40914	150.241.88.132	25565	TCP
2024-12-16T13:12:20.319368+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40916	150.241.88.132	25565	TCP
2024-12-16T13:12:22.651320+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40918	150.241.88.132	25565	TCP
2024-12-16T13:12:25.023903+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40920	150.241.88.132	25565	TCP
2024-12-16T13:12:27.400202+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40922	150.241.88.132	25565	TCP
2024-12-16T13:12:29.774623+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40924	150.241.88.132	25565	TCP
2024-12-16T13:12:32.104882+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40926	150.241.88.132	25565	TCP
2024-12-16T13:12:34.460723+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40928	150.241.88.132	25565	TCP
2024-12-16T13:12:36.788256+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40930	150.241.88.132	25565	TCP
2024-12-16T13:12:39.116866+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40932	150.241.88.132	25565	TCP
2024-12-16T13:12:41.499684+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40934	150.241.88.132	25565	TCP
2024-12-16T13:12:43.837014+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40936	150.241.88.132	25565	TCP
2024-12-16T13:12:46.214814+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40938	150.241.88.132	25565	TCP
2024-12-16T13:12:48.575123+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40940	150.241.88.132	25565	TCP
2024-12-16T13:12:51.062329+0100	2846526	1	A Network Trojan was detected	192.168.2.23	40942	150.241.88.132	25565	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: sh4.elf

Avira: detected

Found malware configuration

Source: sh4.elf

Malware Configuration Extractor: Gafgyt {"C2 url": "150.241.88.132:25565"}

Multi AV Scanner detection for submitted file

Source: sh4.elf

ReversingLabs: Detection: 65%

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/sh4.elf (PID: 6262)

Opens: /proc/net/route

Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40772 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40764 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40770 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40792 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40768 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40762 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40800 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40790 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40788 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40804 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40776 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40778 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40808 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40782 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40780 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40822 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40796 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40812 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40818 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40786 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40806 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40832 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40828 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40826 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40798 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40836 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40824 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40830 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40766 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40814 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40784 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40834 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40802 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40774 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40794 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40810 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40816 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40840 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40844 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40848 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40850 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40838 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40852 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40874 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40862 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40880 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40876 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40842 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40868 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40872 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40878 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40896 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40890 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40846 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40892 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40884 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40856 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40854 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40870 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40860 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40864 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40900 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40882 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40894 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40858 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40920 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40906 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40888 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40922 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40934 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40902 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40910 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40918 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40928 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40904 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40932 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40940 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40908 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40866 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40936 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40942 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40898 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40926 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40916 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40930 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40938 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40924 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40914 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40912 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40820 -> 150.241.88.132:25565
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.23:40886 -> 150.241.88.132:25565

Source: global traffic

TCP traffic: 192.168.2.23:40762 -> 150.241.88.132:25565

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132
Source: unknown	TCP traffic detected without corresponding DNS query: 150.241.88.132

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: sh4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6262.1.00007f70ec400000.00007f70ec410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6264.1.00007f70ec400000.00007f70ec410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: sh4.elf PID: 6262, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: sh4.elf PID: 6264, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample

Name: vseattack

Source: sh4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6262.1.00007f70ec400000.00007f70ec410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6264.1.00007f70ec400000.00007f70ec410000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: sh4.elf PID: 6262, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: sh4.elf PID: 6264, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal100.spre.troj.linELF@0/0@0/0

Source: sh4.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-sh4/gcc-core/gcc/config/sh/lib1funcs.asm
Source: sh4.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-sh4/gcc-core/gcc/config/sh/lib1funcs.asm
Source: sh4.elf	ELF static info symbol of initial sample: libc/string/sh/sh4/memcpy.S
Source: sh4.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/sh/crt1.S
Source: sh4.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/sh/crti.S
Source: sh4.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/sh/crtn.S

Source: /usr/bin/dash (PID: 6225)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.25mzlEEvpZ /tmp/tmp.DDq2YkcMbt /tmp/tmp.scdstBQjf3			Jump to behavior
Source: /usr/bin/dash (PID: 6234)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.25mzlEEvpZ /tmp/tmp.DDq2YkcMbt /tmp/tmp.scdstBQjf3			Jump to behavior

Source: /tmp/sh4.elf (PID: 6262)

Queries kernel information via 'uname':

Jump to behavior

Source: sh4.elf, 6262.1.00007ffd8f49a000.00007ffd8f4bb000.rw-.sdmp, sh4.elf, 6264.1.00007ffd8f49a000.00007ffd8f4bb000.rw-.sdmp	Binary or memory string: Mxs)x86_64/usr/bin/qemu-sh4/tmp/sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sh4.elf
Source: sh4.elf, 6262.1.00007ffd8f49a000.00007ffd8f4bb000.rw-.sdmp, sh4.elf, 6264.1.00007ffd8f49a000.00007ffd8f4bb000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: sh4.elf, 6262.1.0000557b81d94000.0000557b81df7000.rw-.sdmp, sh4.elf, 6264.1.0000557b81d94000.0000557b81df7000.rw-.sdmp	Binary or memory string: {U5!/etc/qemu-binfmt/sh4
Source: sh4.elf, 6262.1.0000557b81d94000.0000557b81df7000.rw-.sdmp, sh4.elf, 6264.1.0000557b81d94000.0000557b81df7000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: sh4.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: sh4.elf, type: SAMPLE
Source: Yara match	File source: 6262.1.00007f70ec400000.00007f70ec410000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6264.1.00007f70ec400000.00007f70ec410000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6262, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6264, type: MEMORYSTR

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: sh4.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: sh4.elf, type: SAMPLE
Source: Yara match	File source: 6262.1.00007f70ec400000.00007f70ec410000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6264.1.00007f70ec400000.00007f70ec410000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6262, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6264, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 Remote System Discovery	Remote Desktop Protocol	Data from Removable Media	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

Threatname: Gafgyt

{"C2 url": "150.241.88.132:25565"}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
sh4.elf	66%	ReversingLabs	Linux.Exploit.Mirai
sh4.elf	100%	Avira	EXP/ELF.Mirai.Z.A

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
150.241.88.132:25565	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false
150.241.88.132	unknown	Spain	207714	TECNALIAES	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	uTfdXFqWcq.elf	Get hash	malicious	ConnectBack	Browse
	V8iybGX0WW.elf	Get hash	malicious	Unknown	Browse
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse
	main_arm7.elf	Get hash	malicious	Mirai	Browse
	main_mips.elf	Get hash	malicious	Mirai	Browse
	darm7.elf	Get hash	malicious	Unknown	Browse
	main_x86_64.elf	Get hash	malicious	Mirai	Browse
	main_arm5.elf	Get hash	malicious	Mirai	Browse
	main_mpsl.elf	Get hash	malicious	Mirai	Browse
91.189.91.42	uTfdXFqWcq.elf	Get hash	malicious	ConnectBack	Browse
	V8iybGX0WW.elf	Get hash	malicious	Unknown	Browse
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse
	main_arm7.elf	Get hash	malicious	Mirai	Browse
	main_mips.elf	Get hash	malicious	Mirai	Browse
	darm7.elf	Get hash	malicious	Unknown	Browse
	main_x86_64.elf	Get hash	malicious	Mirai	Browse
	main_mips.elf	Get hash	malicious	Mirai	Browse
	main_arm5.elf	Get hash	malicious	Mirai	Browse
150.241.88.132	powerpc.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	armv6l.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	armv4l.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	i586.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	armv5l.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	armv7l.elf	Get hash	malicious	Gafgyt, Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	uTfdXFqWcq.elf	Get hash	malicious	ConnectBack	Browse	91.189.91.42
	V8iybGX0WW.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_mips.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	darm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_mips.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_arm5.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
CANONICAL-ASGB	uTfdXFqWcq.elf	Get hash	malicious	ConnectBack	Browse	91.189.91.42
	V8iybGX0WW.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_mips.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	darm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_mips.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_arm5.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
TECNALIAES	x86_64.elf	Get hash	malicious	Gafgyt, Mirai	Browse	150.241.95.250
	powerpc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	150.241.88.132
	armv7l.elf	Get hash	malicious	Gafgyt, Mirai	Browse	150.241.95.250
	m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse	150.241.88.132
	armv6l.elf	Get hash	malicious	Gafgyt, Mirai	Browse	150.241.88.132
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	150.241.88.132
	armv4l.elf	Get hash	malicious	Gafgyt, Mirai	Browse	150.241.88.132
	i586.elf	Get hash	malicious	Gafgyt, Mirai	Browse	150.241.88.132
	armv5l.elf	Get hash	malicious	Gafgyt, Mirai	Browse	150.241.88.132
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	150.241.91.218
INIT7CH	uTfdXFqWcq.elf	Get hash	malicious	ConnectBack	Browse	109.202.202.202
	V8iybGX0WW.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	main_arm7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	main_mips.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	darm7.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	main_mips.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	main_arm5.elf	Get hash	malicious	Mirai	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	6.618373560893373
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	sh4.elf
File size:	88'733 bytes
MD5:	866c52bc44c007685c49f5f7c51e05ca
SHA1:	83bb15de9ff6d7501897689e97907fe80f329604
SHA256:	3c0c87bbc1a908ee2d698bf59722fc050b29aa5dcc9312a7c33c04910ad2f067
SHA512:	2cd86d31968a9cb542d66a192b6c28a4644c8c0be83a5d04d10ed9eabfdc0a18853bc76b7f1efd3dabf6ac269a35887a867a14d73f27de8d84b612069bd61d8d
SSDEEP:	1536:ClNtAyOXSU3rUk954CKmg0KfjyJCSujEaX9LmkxVqOEeofzee:gbOXSU3rUkmmbJ594LmkxVqODofzee
TLSH:	98832B43E9A19FB7C0866AB565AB5E300B13E9912B4F1A4A313CA7F4434F4CD790EF64
File Content Preview:	.ELF.....................@.4...........4. ...(...............@...@...........................A...A......g..........Q.td............................././"O.n........#.@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	69296
Section Header Size:	40
Number of Section Headers:	15
Header String Table Index:	12

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x400094	0x94	0x30	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x4000e0	0xe0	0xd520	0x0	0x6	AX	0	0	32
.fini	PROGBITS	0x40d600	0xd600	0x24	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x40d624	0xd624	0x2670	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x40fc94	0xfc94	0x4	0x0	0x2	A	0	0	4
.ctors	PROGBITS	0x410000	0x10000	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x410008	0x10008	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x410010	0x10010	0x4	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x410014	0x10014	0x398	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x4103ac	0x103ac	0x635c	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x103ac	0xa9e	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x10e4a	0x66	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x11108	0x29e0	0x10	0x0		14	249	4
.strtab	STRTAB	0x0	0x13ae8	0x1fb5	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xfc98	0xfc98	6.9202	0x5	R E	0x10000	.init .text .fini .rodata .eh_frame
LOAD	0x10000	0x410000	0x410000	0x3ac	0x6708	2.7492	0x6	RW	0x10000	.ctors .dtors .jcr .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x400094	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x4000e0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x40d600	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x40d624	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x40fc94	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x410000	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x410008	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x410010	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x410014	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x4103ac	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
/home/firmware/build/temp-sh4/gcc-core/gcc/config/sh/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/firmware/build/temp-sh4/gcc-core/gcc/config/sh/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
L1	.symtab	0x406b1c	0	NOTYPE	<unknown>	DEFAULT	2
L_abort	.symtab	0x4001d0	0	NOTYPE	<unknown>	DEFAULT	2
L_fini	.symtab	0x4001c8	0	NOTYPE	<unknown>	DEFAULT	2
L_init	.symtab	0x4001c4	0	NOTYPE	<unknown>	DEFAULT	2
L_main	.symtab	0x4001c0	0	NOTYPE	<unknown>	DEFAULT	2
L_uClibc_main	.symtab	0x4001cc	0	NOTYPE	<unknown>	DEFAULT	2
Q	.symtab	0x4103e0	16384	OBJECT	<unknown>	DEFAULT	10
Sakura_Bot.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
SendSTD	.symtab	0x403020	344	FUNC	<unknown>	DEFAULT	2
SendSTDHEX	.symtab	0x4026b0	372	FUNC	<unknown>	DEFAULT	2
SendSTD_HEX	.symtab	0x4032e0	420	FUNC	<unknown>	DEFAULT	2
SendUDP	.symtab	0x401cf4	1040	FUNC	<unknown>	DEFAULT	2
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x410004	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x410000	0	OBJECT	<unknown>	DEFAULT	6
__C_ctype_b	.symtab	0x41004c	4	OBJECT	<unknown>	DEFAULT	9
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x40e63c	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x4103a4	4	OBJECT	<unknown>	DEFAULT	9
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x40ed22	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x410054	4	OBJECT	<unknown>	DEFAULT	9
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x40e93c	768	OBJECT	<unknown>	DEFAULT	4
__DTOR_END__	.symtab	0x41000c	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x410008	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x40fc94	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x40fc94	0	OBJECT	<unknown>	DEFAULT	5
__GI___C_ctype_b	.symtab	0x41004c	4	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_b_data	.symtab	0x40e63c	768	OBJECT	<unknown>	HIDDEN	4
__GI___C_ctype_tolower	.symtab	0x4103a4	4	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_tolower_data	.symtab	0x40ed22	768	OBJECT	<unknown>	HIDDEN	4
__GI___C_ctype_toupper	.symtab	0x410054	4	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_toupper_data	.symtab	0x40e93c	768	OBJECT	<unknown>	HIDDEN	4
__GI___ctype_b	.symtab	0x410050	4	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_tolower	.symtab	0x4103a8	4	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_toupper	.symtab	0x410058	4	OBJECT	<unknown>	HIDDEN	9
__GI___errno_location	.symtab	0x4070a0	20	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x40c378	216	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x40c5d8	32	FUNC	<unknown>	HIDDEN	2
__GI___h_errno_location	.symtab	0x408eec	20	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x406b24	172	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl64	.symtab	0x406bd0	152	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x406e7c	160	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x4089c8	104	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x408a94	80	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x40c5f8	200	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x406c68	48	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x4080c0	244	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x408624	24	FUNC	<unknown>	HIDDEN	2
__GI_atol	.symtab	0x408624	24	FUNC	<unknown>	HIDDEN	2
__GI_chdir	.symtab	0x406cd0	56	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x406d08	56	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x407af0	40	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x41460c	4	OBJECT	<unknown>	HIDDEN	10
__GI_exit	.symtab	0x408794	112	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x40a078	272	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x406b24	172	FUNC	<unknown>	HIDDEN	2
__GI_fcntl64	.symtab	0x406bd0	152	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x40a660	320	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x40c378	216	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x40a508	120	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x40a7a0	128	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x40a188	24	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x406d40	56	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x40c450	68	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x40d354	28	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x40d370	232	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x40c494	156	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x40c378	216	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x408d48	56	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x408d80	56	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x408db8	56	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname	.symtab	0x4077fc	72	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x407844	684	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x406d78	56	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x407b18	40	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x408df0	56	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x414610	4	OBJECT	<unknown>	HIDDEN	10
__GI_inet_addr	.symtab	0x4077d0	44	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x409508	204	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa	.symtab	0x4077b8	24	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa_r	.symtab	0x407740	120	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x40add8	492	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x40ab04	408	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x408574	176	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x406db0	148	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x40a9d0	36	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x406e44	56	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x40d540	96	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x40d1bc	204	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x407140	636	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x409004	978	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x40c530	36	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x40d288	204	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x4073c0	124	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x408e28	56	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x406e7c	160	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x40a040	56	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x409ea4	40	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x4081c8	100	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x408448	104	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x40a820	152	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x406f34	56	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x407b6c	40	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x408cb8	88	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x406f6c	52	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x407b94	40	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x407bbc	48	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0x406fa0	56	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x407bec	44	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x408370	216	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x409ecc	160	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x407c40	184	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x408e60	84	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x408804	376	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x407c18	40	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x40b554	132	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x4084b0	196	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x40c6c0	64	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x40743c	192	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x4074fc	34	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x4074fc	34	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x40751e	30	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x40a984	76	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x40753c	136	FUNC	<unknown>	HIDDEN	2
__GI_strncat	.symtab	0x40a8b8	154	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x4093d8	142	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x40c554	132	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x4094e0	40	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x40a952	48	FUNC	<unknown>	HIDDEN	2
__GI_strstr	.symtab	0x4075c4	192	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x40769c	24	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x409468	120	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x40863c	20	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x40a9f4	116	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x406fd8	56	FUNC	<unknown>	HIDDEN	2
__GI_tolower	.symtab	0x40b52c	40	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x407078	40	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x40b5d8	168	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x408eb4	56	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x407010	20	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x40c8b4	68	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x40c918	112	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x40c8f8	32	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x407024	56	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x410010	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x410010	0	OBJECT	<unknown>	DEFAULT	8
__app_fini	.symtab	0x414600	4	OBJECT	<unknown>	HIDDEN	10
__atexit_lock	.symtab	0x410230	24	OBJECT	<unknown>	DEFAULT	9
__bsd_signal	.symtab	0x407c40	184	FUNC	<unknown>	HIDDEN	2
__bss_start	.symtab	0x4103ac	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x408a4a	74	FUNC	<unknown>	DEFAULT	2
__ctype_b	.symtab	0x410050	4	OBJECT	<unknown>	DEFAULT	9
__ctype_tolower	.symtab	0x4103a8	4	OBJECT	<unknown>	DEFAULT	9
__ctype_toupper	.symtab	0x410058	4	OBJECT	<unknown>	DEFAULT	9
__curbrk	.symtab	0x414630	4	OBJECT	<unknown>	HIDDEN	10
__data_start	.symtab	0x410014	0	NOTYPE	<unknown>	DEFAULT	9
__decode_answer	.symtab	0x40b1a0	228	FUNC	<unknown>	HIDDEN	2
__decode_dotted	.symtab	0x40c7ac	200	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x40b084	148	FUNC	<unknown>	HIDDEN	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__dns_lookup	.symtab	0x4095d4	1604	FUNC	<unknown>	HIDDEN	2
__do_global_ctors_aux	.symtab	0x40d5c0	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x4000e0	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x410014	0	OBJECT	<unknown>	HIDDEN	9
__encode_dotted	.symtab	0x40c700	172	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x40afc4	192	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x40b118	104	FUNC	<unknown>	HIDDEN	2
__environ	.symtab	0x4145f8	4	OBJECT	<unknown>	DEFAULT	10
__errno_location	.symtab	0x4070a0	20	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x4145f0	4	OBJECT	<unknown>	HIDDEN	10
__fgetc_unlocked	.symtab	0x40c378	216	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x410000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x410000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__get_hosts_byname_r	.symtab	0x409e70	52	FUNC	<unknown>	HIDDEN	2
__glibc_strerror_r	.symtab	0x40c5d8	32	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x408eec	20	FUNC	<unknown>	DEFAULT	2
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__heap_alloc	.symtab	0x407f70	98	FUNC	<unknown>	DEFAULT	2
__heap_free	.symtab	0x408010	176	FUNC	<unknown>	DEFAULT	2
__heap_link_free_area	.symtab	0x407fd4	34	FUNC	<unknown>	DEFAULT	2
__heap_link_free_area_after	.symtab	0x407ff6	26	FUNC	<unknown>	DEFAULT	2
__init_array_end	.symtab	0x410000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x410000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_brk	.symtab	0x409fc4	68	FUNC	<unknown>	HIDDEN	2
__init_brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__length_dotted	.symtab	0x40c874	64	FUNC	<unknown>	HIDDEN	2
__length_question	.symtab	0x40b180	32	FUNC	<unknown>	HIDDEN	2
__libc_close	.symtab	0x406d08	56	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x407af0	40	FUNC	<unknown>	DEFAULT	2
__libc_creat	.symtab	0x406f1c	24	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x406b24	172	FUNC	<unknown>	DEFAULT	2
__libc_fcntl64	.symtab	0x406bd0	152	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x406d40	56	FUNC	<unknown>	DEFAULT	2
__libc_getpid	.symtab	0x406d78	56	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x40d540	96	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x408e28	56	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x406e7c	160	FUNC	<unknown>	DEFAULT	2
__libc_poll	.symtab	0x40a040	56	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x406f34	56	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x407b6c	40	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x406f6c	52	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x407b94	40	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x407bbc	48	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x409ecc	160	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x4145f4	4	OBJECT	<unknown>	DEFAULT	10
__libc_waitpid	.symtab	0x407010	20	FUNC	<unknown>	DEFAULT	2
__libc_write	.symtab	0x407024	56	FUNC	<unknown>	DEFAULT	2
__malloc_heap	.symtab	0x41005c	4	OBJECT	<unknown>	DEFAULT	9
__malloc_heap_lock	.symtab	0x4145d4	24	OBJECT	<unknown>	DEFAULT	10
__malloc_sbrk_lock	.symtab	0x4166c4	24	OBJECT	<unknown>	DEFAULT	10
__nameserver	.symtab	0x4166ec	12	OBJECT	<unknown>	HIDDEN	10
__nameservers	.symtab	0x4166f8	4	OBJECT	<unknown>	HIDDEN	10
__open_etc_hosts	.symtab	0x40b284	68	FUNC	<unknown>	HIDDEN	2
__open_nameservers	.symtab	0x409c18	600	FUNC	<unknown>	HIDDEN	2
__pagesize	.symtab	0x4145fc	4	OBJECT	<unknown>	DEFAULT	10
__preinit_array_end	.symtab	0x410000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x410000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x408a30	14	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x408a30	14	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x408a30	14	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x408a30	14	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x408a30	14	FUNC	<unknown>	DEFAULT	2
__pthread_return_void	.symtab	0x408a3e	12	FUNC	<unknown>	DEFAULT	2
__raise	.symtab	0x409ea4	40	FUNC	<unknown>	HIDDEN	2
__read_etc_hosts_r	.symtab	0x40b2c8	612	FUNC	<unknown>	HIDDEN	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__resolv_lock	.symtab	0x410250	24	OBJECT	<unknown>	DEFAULT	9
__rtld_fini	.symtab	0x414604	4	OBJECT	<unknown>	HIDDEN	10
__sdivsi3_i4	.symtab	0x40d5a0	14	FUNC	<unknown>	HIDDEN	2
__searchdomain	.symtab	0x4166dc	16	OBJECT	<unknown>	HIDDEN	10
__searchdomains	.symtab	0x4166fc	4	OBJECT	<unknown>	HIDDEN	10
__sigaddset	.symtab	0x407d24	40	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x407d4c	42	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x407cf8	44	FUNC	<unknown>	DEFAULT	2
__socketcall	.symtab	0x408d10	56	FUNC	<unknown>	HIDDEN	2
__socketcall.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__stdin	.symtab	0x410274	4	OBJECT	<unknown>	DEFAULT	9
__stdio_READ	.symtab	0x40c988	80	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x40b680	148	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x40d458	180	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x40c9d8	264	FUNC	<unknown>	HIDDEN	2
__stdio_init_mutex	.symtab	0x40a424	28	FUNC	<unknown>	HIDDEN	2
__stdio_mutex_initializer.3812	.symtab	0x40ecc0	24	OBJECT	<unknown>	DEFAULT	4
__stdio_rfill	.symtab	0x40cae0	48	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x40d50c	52	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x40cb10	120	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x40cb88	176	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x40a4d4	52	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x410278	4	OBJECT	<unknown>	DEFAULT	9
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x40a008	56	FUNC	<unknown>	HIDDEN	2
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x4089c8	104	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x408a94	80	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x408ae4	468	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x410248	4	OBJECT	<unknown>	HIDDEN	9
__udivsi3_i4	.symtab	0x406af4	48	FUNC	<unknown>	HIDDEN	2
__xpg_strerror_r	.symtab	0x40c5f8	200	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_brk	.symtab	0x409f8c	56	FUNC	<unknown>	HIDDEN	2
_charpad	.symtab	0x40b714	80	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_dl_aux_init	.symtab	0x409f6c	32	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x416700	4	OBJECT	<unknown>	DEFAULT	10
_dl_phnum	.symtab	0x416704	4	OBJECT	<unknown>	DEFAULT	10
_edata	.symtab	0x4103ac	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x416708	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x41460c	4	OBJECT	<unknown>	DEFAULT	10
_exit	.symtab	0x406c68	48	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x40d600	12	FUNC	<unknown>	HIDDEN	3
_fixed_buffers	.symtab	0x41463c	8192	OBJECT	<unknown>	DEFAULT	10
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x40b764	124	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x40cccc	1264	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_h_errno	.symtab	0x414610	4	OBJECT	<unknown>	DEFAULT	10
_init	.symtab	0x400094	12	FUNC	<unknown>	HIDDEN	1
_load_inttype	.symtab	0x40cc38	92	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x40bd24	120	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x40bff0	902	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x40bd9c	72	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x40bde4	464	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x40bfb4	60	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x408a3e	12	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x408a3e	12	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x416644	128	OBJECT	<unknown>	HIDDEN	10
_start	.symtab	0x4001a0	30	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x40a1a0	536	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x40a3b8	108	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x41027c	4	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_add_lock	.symtab	0x410280	24	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_dec_use	.symtab	0x40a580	224	FUNC	<unknown>	DEFAULT	2
_stdio_openlist_del_count	.symtab	0x414638	4	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_del_lock	.symtab	0x410298	24	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_use_count	.symtab	0x414634	4	OBJECT	<unknown>	DEFAULT	10
_stdio_streams	.symtab	0x4102b4	240	OBJECT	<unknown>	DEFAULT	9
_stdio_term	.symtab	0x40a440	148	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x4102b0	4	OBJECT	<unknown>	DEFAULT	9
_stdlib_strto_l	.symtab	0x408650	324	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x40cc94	56	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x40f0dc	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x408f00	260	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x40b7e0	1348	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x4080c0	244	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
access	.symtab	0x406c98	56	FUNC	<unknown>	DEFAULT	2
access.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
astd	.symtab	0x4043b8	368	FUNC	<unknown>	DEFAULT	2
atcp	.symtab	0x403e10	1448	FUNC	<unknown>	DEFAULT	2
atoi	.symtab	0x408624	24	FUNC	<unknown>	DEFAULT	2
atol	.symtab	0x408624	24	FUNC	<unknown>	DEFAULT	2
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
audp	.symtab	0x4038d4	1340	FUNC	<unknown>	DEFAULT	2
bcopy	.symtab	0x407684	24	FUNC	<unknown>	DEFAULT	2
bcopy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x4145ec	4	OBJECT	<unknown>	DEFAULT	10
been_there_done_that.2753	.symtab	0x414608	4	OBJECT	<unknown>	DEFAULT	10
bsd_signal	.symtab	0x407c40	184	FUNC	<unknown>	DEFAULT	2
buf.2577	.symtab	0x4143e4	16	OBJECT	<unknown>	DEFAULT	10
buf.4814	.symtab	0x4143f4	460	OBJECT	<unknown>	DEFAULT	10
c	.symtab	0x410044	4	OBJECT	<unknown>	DEFAULT	9
chdir	.symtab	0x406cd0	56	FUNC	<unknown>	DEFAULT	2
chdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x406d08	56	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
commServer	.symtab	0x410020	4	OBJECT	<unknown>	DEFAULT	9
completed.2217	.symtab	0x4103ac	1	OBJECT	<unknown>	DEFAULT	10
connect	.symtab	0x407af0	40	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0x4015e0	772	FUNC	<unknown>	DEFAULT	2
creat	.symtab	0x406f1c	24	FUNC	<unknown>	DEFAULT	2
crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0x401a18	232	FUNC	<unknown>	DEFAULT	2
currentServer	.symtab	0x410040	4	OBJECT	<unknown>	DEFAULT	9
data_start	.symtab	0x41001c	0	NOTYPE	<unknown>	DEFAULT	9
decodea.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x4145f8	4	OBJECT	<unknown>	DEFAULT	10
errno	.symtab	0x41460c	4	OBJECT	<unknown>	DEFAULT	10
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x408794	112	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x40fc4c	72	OBJECT	<unknown>	DEFAULT	4
fclose	.symtab	0x40a078	272	FUNC	<unknown>	DEFAULT	2
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x406b24	172	FUNC	<unknown>	DEFAULT	2
fcntl64	.symtab	0x406bd0	152	FUNC	<unknown>	DEFAULT	2
fdgets	.symtab	0x4003f4	200	FUNC	<unknown>	DEFAULT	2
fflush_unlocked	.symtab	0x40a660	320	FUNC	<unknown>	DEFAULT	2
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x40c378	216	FUNC	<unknown>	DEFAULT	2
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x40a508	120	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x40a7a0	128	FUNC	<unknown>	DEFAULT	2
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fmt	.symtab	0x40fc38	20	OBJECT	<unknown>	DEFAULT	4
fopen	.symtab	0x40a188	24	FUNC	<unknown>	DEFAULT	2
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x406d40	56	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x40c450	68	FUNC	<unknown>	DEFAULT	2
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x400140	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x407e80	240	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x40d354	28	FUNC	<unknown>	DEFAULT	2
fseeko	.symtab	0x40d354	28	FUNC	<unknown>	DEFAULT	2
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x40d370	232	FUNC	<unknown>	DEFAULT	2
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ftcp	.symtab	0x402104	1452	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked	.symtab	0x40c494	156	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getArch	.symtab	0x404528	20	FUNC	<unknown>	DEFAULT	2
getHost	.symtab	0x401188	84	FUNC	<unknown>	DEFAULT	2
getOurIP	.symtab	0x4004bc	680	FUNC	<unknown>	DEFAULT	2
getPortz	.symtab	0x40453c	152	FUNC	<unknown>	DEFAULT	2
getRandomIP	.symtab	0x400398	92	FUNC	<unknown>	DEFAULT	2
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc_unlocked	.symtab	0x40c378	216	FUNC	<unknown>	DEFAULT	2
getegid	.symtab	0x408d48	56	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x408d80	56	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x408db8	56	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x4077fc	72	FUNC	<unknown>	DEFAULT	2
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x407844	684	FUNC	<unknown>	DEFAULT	2
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x406d78	56	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x407b18	40	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x407b40	44	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x408df0	56	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gotIP	.symtab	0x4103cc	4	OBJECT	<unknown>	DEFAULT	10
h.4813	.symtab	0x4145c0	20	OBJECT	<unknown>	DEFAULT	10
h_errno	.symtab	0x414610	4	OBJECT	<unknown>	DEFAULT	10
heap_alloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
heap_free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
htonl	.symtab	0x4076fa	46	FUNC	<unknown>	DEFAULT	2
htons	.symtab	0x407728	22	FUNC	<unknown>	DEFAULT	2
i.4082	.symtab	0x410048	4	OBJECT	<unknown>	DEFAULT	9
index	.symtab	0x40743c	192	FUNC	<unknown>	DEFAULT	2
inet_addr	.symtab	0x4077d0	44	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x409508	204	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa	.symtab	0x4077b8	24	FUNC	<unknown>	DEFAULT	2
inet_ntoa.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa_r	.symtab	0x407740	120	FUNC	<unknown>	DEFAULT	2
inet_ntop	.symtab	0x40add8	492	FUNC	<unknown>	DEFAULT	2
inet_ntop4	.symtab	0x40ac9c	316	FUNC	<unknown>	DEFAULT	2
inet_pton	.symtab	0x40ab04	408	FUNC	<unknown>	DEFAULT	2
inet_pton4	.symtab	0x40aa68	156	FUNC	<unknown>	DEFAULT	2
initConnection	.symtab	0x4062ac	340	FUNC	<unknown>	DEFAULT	2
init_rand	.symtab	0x4001d4	180	FUNC	<unknown>	DEFAULT	2
initial_fa	.symtab	0x410060	260	OBJECT	<unknown>	DEFAULT	9
initstate	.symtab	0x408298	120	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x408574	176	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x406db0	148	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x40a9d0	36	FUNC	<unknown>	DEFAULT	2
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isspace	.symtab	0x40705c	28	FUNC	<unknown>	DEFAULT	2
isspace.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x406e44	56	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lengthd.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lengthq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/sh/sh4/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/sh/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/sh/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/sh/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0x4018e4	308	FUNC	<unknown>	DEFAULT	2
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x40d540	96	FUNC	<unknown>	DEFAULT	2
macAddress	.symtab	0x4103d8	6	OBJECT	<unknown>	DEFAULT	10
main	.symtab	0x406400	1780	FUNC	<unknown>	DEFAULT	2
mainCommSock	.symtab	0x4103c8	4	OBJECT	<unknown>	DEFAULT	10
makeIPPacket	.symtab	0x401c14	224	FUNC	<unknown>	DEFAULT	2
makeRandomStr	.symtab	0x4011dc	156	FUNC	<unknown>	DEFAULT	2
makevsepacket	.symtab	0x402944	248	FUNC	<unknown>	DEFAULT	2
malloc	.symtab	0x407d78	264	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memchr	.symtab	0x40d1bc	204	FUNC	<unknown>	DEFAULT	2
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x407140	636	FUNC	<unknown>	DEFAULT	2
memmove	.symtab	0x409004	978	FUNC	<unknown>	DEFAULT	2
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mempcpy	.symtab	0x40c530	36	FUNC	<unknown>	DEFAULT	2
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memrchr	.symtab	0x40d288	204	FUNC	<unknown>	DEFAULT	2
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x4073c0	124	FUNC	<unknown>	DEFAULT	2
memset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x410164	24	OBJECT	<unknown>	DEFAULT	9
mylock	.symtab	0x41017c	24	OBJECT	<unknown>	DEFAULT	9
mylock	.symtab	0x414614	24	OBJECT	<unknown>	DEFAULT	10
nanosleep	.symtab	0x408e28	56	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
next_start.1030	.symtab	0x4143e0	4	OBJECT	<unknown>	DEFAULT	10
ntohl	.symtab	0x4076b4	48	FUNC	<unknown>	DEFAULT	2
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x4076e4	22	FUNC	<unknown>	DEFAULT	2
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
numpids	.symtab	0x4103d0	8	OBJECT	<unknown>	DEFAULT	10
object.2270	.symtab	0x4103b0	24	OBJECT	<unknown>	DEFAULT	10
open	.symtab	0x406e7c	160	FUNC	<unknown>	DEFAULT	2
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x41663c	4	OBJECT	<unknown>	DEFAULT	10
p.2215	.symtab	0x410018	0	OBJECT	<unknown>	DEFAULT	9
pids	.symtab	0x416640	4	OBJECT	<unknown>	DEFAULT	10
poll	.symtab	0x40a040	56	FUNC	<unknown>	DEFAULT	2
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.4023	.symtab	0x40f034	12	OBJECT	<unknown>	DEFAULT	4
print	.symtab	0x400bf0	1072	FUNC	<unknown>	DEFAULT	2
printchar	.symtab	0x400898	104	FUNC	<unknown>	DEFAULT	2
printi	.symtab	0x400a58	408	FUNC	<unknown>	DEFAULT	2
prints	.symtab	0x400900	344	FUNC	<unknown>	DEFAULT	2
processCmd	.symtab	0x4045d4	7384	FUNC	<unknown>	DEFAULT	2
qual_chars.4029	.symtab	0x40f048	20	OBJECT	<unknown>	DEFAULT	4
raise	.symtab	0x409ea4	40	FUNC	<unknown>	DEFAULT	2
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x4081b4	20	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_cmwc	.symtab	0x400288	272	FUNC	<unknown>	DEFAULT	2
random	.symtab	0x4081c8	100	FUNC	<unknown>	DEFAULT	2
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x40ec3c	40	OBJECT	<unknown>	DEFAULT	4
random_r	.symtab	0x408448	104	FUNC	<unknown>	DEFAULT	2
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x4101b0	128	OBJECT	<unknown>	DEFAULT	9
rawmemchr	.symtab	0x40a820	152	FUNC	<unknown>	DEFAULT	2
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x406f34	56	FUNC	<unknown>	DEFAULT	2
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x407b6c	40	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x401278	872	FUNC	<unknown>	DEFAULT	2
rtcp	.symtab	0x403484	1104	FUNC	<unknown>	DEFAULT	2
sbrk	.symtab	0x408cb8	88	FUNC	<unknown>	DEFAULT	2
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
select	.symtab	0x406f6c	52	FUNC	<unknown>	DEFAULT	2
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x407b94	40	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendto	.symtab	0x407bbc	48	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsid	.symtab	0x406fa0	56	FUNC	<unknown>	DEFAULT	2
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x407bec	44	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x40822c	108	FUNC	<unknown>	DEFAULT	2
setstate_r	.symtab	0x408370	216	FUNC	<unknown>	DEFAULT	2
sigaction	.symtab	0x409ecc	160	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
signal	.symtab	0x407c40	184	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x408e60	84	FUNC	<unknown>	DEFAULT	2
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x408804	376	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x407c18	40	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect	.symtab	0x402824	288	FUNC	<unknown>	DEFAULT	2
sockprintf	.symtab	0x401020	360	FUNC	<unknown>	DEFAULT	2
spec_and_mask.4028	.symtab	0x40f05c	16	OBJECT	<unknown>	DEFAULT	4
spec_base.4022	.symtab	0x40f040	7	OBJECT	<unknown>	DEFAULT	4
spec_chars.4025	.symtab	0x40f088	21	OBJECT	<unknown>	DEFAULT	4
spec_flags.4024	.symtab	0x40f0a0	8	OBJECT	<unknown>	DEFAULT	4
spec_or_mask.4027	.symtab	0x40f06c	16	OBJECT	<unknown>	DEFAULT	4
spec_ranges.4026	.symtab	0x40f07c	9	OBJECT	<unknown>	DEFAULT	4
sprintf	.symtab	0x40b554	132	FUNC	<unknown>	DEFAULT	2
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x408310	96	FUNC	<unknown>	DEFAULT	2
srandom	.symtab	0x408310	96	FUNC	<unknown>	DEFAULT	2
srandom_r	.symtab	0x4084b0	196	FUNC	<unknown>	DEFAULT	2
static_id	.symtab	0x41024c	2	OBJECT	<unknown>	DEFAULT	9
static_ns	.symtab	0x41462c	4	OBJECT	<unknown>	DEFAULT	10
stderr	.symtab	0x410270	4	OBJECT	<unknown>	DEFAULT	9
stdhexflood	.symtab	0x403178	360	FUNC	<unknown>	DEFAULT	2
stdin	.symtab	0x410268	4	OBJECT	<unknown>	DEFAULT	9
stdout	.symtab	0x41026c	4	OBJECT	<unknown>	DEFAULT	9
strcasecmp	.symtab	0x40c6c0	64	FUNC	<unknown>	DEFAULT	2
strcasecmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x40743c	192	FUNC	<unknown>	DEFAULT	2
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x4074fc	34	FUNC	<unknown>	DEFAULT	2
strcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcoll	.symtab	0x4074fc	34	FUNC	<unknown>	DEFAULT	2
strcpy	.symtab	0x40751e	30	FUNC	<unknown>	DEFAULT	2
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strdup	.symtab	0x40a984	76	FUNC	<unknown>	DEFAULT	2
strdup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x40c5f8	200	FUNC	<unknown>	DEFAULT	2
strlen	.symtab	0x40753c	136	FUNC	<unknown>	DEFAULT	2
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncat	.symtab	0x40a8b8	154	FUNC	<unknown>	DEFAULT	2
strncat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x4093d8	142	FUNC	<unknown>	DEFAULT	2
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x40c554	132	FUNC	<unknown>	DEFAULT	2
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strpbrk	.symtab	0x4094e0	40	FUNC	<unknown>	DEFAULT	2
strpbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x40a952	48	FUNC	<unknown>	DEFAULT	2
strspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x4075c4	192	FUNC	<unknown>	DEFAULT	2
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok	.symtab	0x40769c	24	FUNC	<unknown>	DEFAULT	2
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x409468	120	FUNC	<unknown>	DEFAULT	2
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x40863c	20	FUNC	<unknown>	DEFAULT	2
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcgetattr	.symtab	0x40a9f4	116	FUNC	<unknown>	DEFAULT	2
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcpcsum	.symtab	0x401b00	276	FUNC	<unknown>	DEFAULT	2
time	.symtab	0x406fd8	56	FUNC	<unknown>	DEFAULT	2
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tolower	.symtab	0x40b52c	40	FUNC	<unknown>	DEFAULT	2
tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toupper	.symtab	0x407078	40	FUNC	<unknown>	DEFAULT	2
toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trim	.symtab	0x400764	308	FUNC	<unknown>	DEFAULT	2
trivial	.symtab	0x406b18	0	NOTYPE	<unknown>	DEFAULT	2
type_codes	.symtab	0x40f0a8	24	OBJECT	<unknown>	DEFAULT	4
type_sizes	.symtab	0x40f0c0	12	OBJECT	<unknown>	DEFAULT	4
unknown.1072	.symtab	0x40f0cc	14	OBJECT	<unknown>	DEFAULT	4
unsafe_state	.symtab	0x410194	28	OBJECT	<unknown>	DEFAULT	9
useragents	.symtab	0x410024	28	OBJECT	<unknown>	DEFAULT	9
usleep	.symtab	0x40897c	76	FUNC	<unknown>	DEFAULT	2
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vseattack	.symtab	0x402a3c	1508	FUNC	<unknown>	DEFAULT	2
vsnprintf	.symtab	0x40b5d8	168	FUNC	<unknown>	DEFAULT	2
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wait4	.symtab	0x408eb4	56	FUNC	<unknown>	DEFAULT	2
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
waitpid	.symtab	0x407010	20	FUNC	<unknown>	DEFAULT	2
waitpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcrtomb	.symtab	0x40c8b4	68	FUNC	<unknown>	DEFAULT	2
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x40c918	112	FUNC	<unknown>	DEFAULT	2
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x40c8f8	32	FUNC	<unknown>	DEFAULT	2
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
write	.symtab	0x407024	56	FUNC	<unknown>	DEFAULT	2
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
xdigits.3026	.symtab	0x40ecec	17	OBJECT	<unknown>	DEFAULT	4

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-16T13:09:18.671976+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40762	150.241.88.132	25565	TCP
2024-12-16T13:09:20.989883+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40764	150.241.88.132	25565	TCP
2024-12-16T13:09:23.346054+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40766	150.241.88.132	25565	TCP
2024-12-16T13:09:25.930736+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40768	150.241.88.132	25565	TCP
2024-12-16T13:09:28.273429+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40770	150.241.88.132	25565	TCP
2024-12-16T13:09:30.600123+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40772	150.241.88.132	25565	TCP
2024-12-16T13:09:32.984956+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40774	150.241.88.132	25565	TCP
2024-12-16T13:09:35.321711+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40776	150.241.88.132	25565	TCP
2024-12-16T13:09:37.661942+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40778	150.241.88.132	25565	TCP
2024-12-16T13:09:40.009051+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40780	150.241.88.132	25565	TCP
2024-12-16T13:09:42.396763+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40782	150.241.88.132	25565	TCP
2024-12-16T13:09:44.723149+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40784	150.241.88.132	25565	TCP
2024-12-16T13:09:47.051419+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40786	150.241.88.132	25565	TCP
2024-12-16T13:09:49.444987+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40788	150.241.88.132	25565	TCP
2024-12-16T13:09:51.818646+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40790	150.241.88.132	25565	TCP
2024-12-16T13:09:54.164192+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40792	150.241.88.132	25565	TCP
2024-12-16T13:09:56.490071+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40794	150.241.88.132	25565	TCP
2024-12-16T13:09:58.821929+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40796	150.241.88.132	25565	TCP
2024-12-16T13:10:01.209721+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40798	150.241.88.132	25565	TCP
2024-12-16T13:10:03.540102+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40800	150.241.88.132	25565	TCP
2024-12-16T13:10:05.914624+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40802	150.241.88.132	25565	TCP
2024-12-16T13:10:08.258636+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40804	150.241.88.132	25565	TCP
2024-12-16T13:10:11.202089+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40806	150.241.88.132	25565	TCP
2024-12-16T13:10:13.584603+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40808	150.241.88.132	25565	TCP
2024-12-16T13:10:16.004322+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40810	150.241.88.132	25565	TCP
2024-12-16T13:10:18.381606+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40812	150.241.88.132	25565	TCP
2024-12-16T13:10:20.711400+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40814	150.241.88.132	25565	TCP
2024-12-16T13:10:23.087152+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40816	150.241.88.132	25565	TCP
2024-12-16T13:10:25.410316+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40818	150.241.88.132	25565	TCP
2024-12-16T13:10:27.740599+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40820	150.241.88.132	25565	TCP
2024-12-16T13:10:30.082800+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40822	150.241.88.132	25565	TCP
2024-12-16T13:10:32.414294+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40824	150.241.88.132	25565	TCP
2024-12-16T13:10:34.743959+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40826	150.241.88.132	25565	TCP
2024-12-16T13:10:37.086757+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40828	150.241.88.132	25565	TCP
2024-12-16T13:10:39.460161+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40830	150.241.88.132	25565	TCP
2024-12-16T13:10:41.786389+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40832	150.241.88.132	25565	TCP
2024-12-16T13:10:44.114438+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40834	150.241.88.132	25565	TCP
2024-12-16T13:10:46.443282+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40836	150.241.88.132	25565	TCP
2024-12-16T13:10:48.771491+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40838	150.241.88.132	25565	TCP
2024-12-16T13:10:51.102683+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40840	150.241.88.132	25565	TCP
2024-12-16T13:10:53.427842+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40842	150.241.88.132	25565	TCP
2024-12-16T13:10:55.758306+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40844	150.241.88.132	25565	TCP
2024-12-16T13:10:58.087852+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40846	150.241.88.132	25565	TCP
2024-12-16T13:11:00.414039+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40848	150.241.88.132	25565	TCP
2024-12-16T13:11:02.771624+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40850	150.241.88.132	25565	TCP
2024-12-16T13:11:05.150016+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40852	150.241.88.132	25565	TCP
2024-12-16T13:11:07.525163+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40854	150.241.88.132	25565	TCP
2024-12-16T13:11:09.849922+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40856	150.241.88.132	25565	TCP
2024-12-16T13:11:12.182637+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40858	150.241.88.132	25565	TCP
2024-12-16T13:11:14.538622+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40860	150.241.88.132	25565	TCP
2024-12-16T13:11:16.871041+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40862	150.241.88.132	25565	TCP
2024-12-16T13:11:19.257724+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40864	150.241.88.132	25565	TCP
2024-12-16T13:11:21.633848+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40866	150.241.88.132	25565	TCP
2024-12-16T13:11:23.960194+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40868	150.241.88.132	25565	TCP
2024-12-16T13:11:26.290801+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40870	150.241.88.132	25565	TCP
2024-12-16T13:11:28.615583+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40872	150.241.88.132	25565	TCP
2024-12-16T13:11:30.943668+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40874	150.241.88.132	25565	TCP
2024-12-16T13:11:33.320753+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40876	150.241.88.132	25565	TCP
2024-12-16T13:11:35.650754+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40878	150.241.88.132	25565	TCP
2024-12-16T13:11:37.974812+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40880	150.241.88.132	25565	TCP
2024-12-16T13:11:40.302688+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40882	150.241.88.132	25565	TCP
2024-12-16T13:11:42.680017+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40884	150.241.88.132	25565	TCP
2024-12-16T13:11:45.008955+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40886	150.241.88.132	25565	TCP
2024-12-16T13:11:47.337385+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40888	150.241.88.132	25565	TCP
2024-12-16T13:11:49.668720+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40890	150.241.88.132	25565	TCP
2024-12-16T13:11:51.998419+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40892	150.241.88.132	25565	TCP
2024-12-16T13:11:54.355590+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40894	150.241.88.132	25565	TCP
2024-12-16T13:11:56.678643+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40896	150.241.88.132	25565	TCP
2024-12-16T13:11:59.005909+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40898	150.241.88.132	25565	TCP
2024-12-16T13:12:01.337841+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40900	150.241.88.132	25565	TCP
2024-12-16T13:12:03.891693+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40902	150.241.88.132	25565	TCP
2024-12-16T13:12:06.228448+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40904	150.241.88.132	25565	TCP
2024-12-16T13:12:08.553795+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40906	150.241.88.132	25565	TCP
2024-12-16T13:12:10.919357+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40908	150.241.88.132	25565	TCP
2024-12-16T13:12:13.241470+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40910	150.241.88.132	25565	TCP
2024-12-16T13:12:15.648624+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40912	150.241.88.132	25565	TCP
2024-12-16T13:12:17.993880+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40914	150.241.88.132	25565	TCP
2024-12-16T13:12:20.319368+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40916	150.241.88.132	25565	TCP
2024-12-16T13:12:22.651320+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40918	150.241.88.132	25565	TCP
2024-12-16T13:12:25.023903+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40920	150.241.88.132	25565	TCP
2024-12-16T13:12:27.400202+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40922	150.241.88.132	25565	TCP
2024-12-16T13:12:29.774623+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40924	150.241.88.132	25565	TCP
2024-12-16T13:12:32.104882+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40926	150.241.88.132	25565	TCP
2024-12-16T13:12:34.460723+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40928	150.241.88.132	25565	TCP
2024-12-16T13:12:36.788256+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40930	150.241.88.132	25565	TCP
2024-12-16T13:12:39.116866+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40932	150.241.88.132	25565	TCP
2024-12-16T13:12:41.499684+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40934	150.241.88.132	25565	TCP
2024-12-16T13:12:43.837014+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40936	150.241.88.132	25565	TCP
2024-12-16T13:12:46.214814+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40938	150.241.88.132	25565	TCP
2024-12-16T13:12:48.575123+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40940	150.241.88.132	25565	TCP
2024-12-16T13:12:51.062329+0100	2846526	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.23	40942	150.241.88.132	25565	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 16, 2024 13:09:16.615055084 CET	43928	443	192.168.2.23	91.189.91.42
Dec 16, 2024 13:09:18.545960903 CET	40762	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:18.665632010 CET	25565	40762	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:18.665729046 CET	40762	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:18.671976089 CET	40762	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:18.792207003 CET	25565	40762	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:20.867384911 CET	25565	40762	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:20.869390965 CET	40762	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:20.869905949 CET	40764	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:20.989639044 CET	25565	40762	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:20.989681005 CET	25565	40764	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:20.989784956 CET	40764	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:20.989882946 CET	40764	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:21.109898090 CET	25565	40764	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:22.246225119 CET	42836	443	192.168.2.23	91.189.91.43
Dec 16, 2024 13:09:23.014134884 CET	42516	80	192.168.2.23	109.202.202.202
Dec 16, 2024 13:09:23.221112967 CET	25565	40764	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:23.221553087 CET	40764	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:23.222115040 CET	40766	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:23.345429897 CET	25565	40764	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:23.345885992 CET	25565	40766	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:23.345995903 CET	40766	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:23.346054077 CET	40766	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:23.466305017 CET	25565	40766	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:25.809485912 CET	25565	40766	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:25.809616089 CET	40766	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:25.810416937 CET	40768	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:25.930058956 CET	25565	40766	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:25.930493116 CET	25565	40768	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:25.930572987 CET	40768	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:25.930736065 CET	40768	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:26.051023006 CET	25565	40768	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:28.151885986 CET	25565	40768	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:28.152205944 CET	40768	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:28.153142929 CET	40770	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:28.272027969 CET	25565	40768	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:28.273159027 CET	25565	40770	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:28.273308039 CET	40770	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:28.273428917 CET	40770	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:28.393524885 CET	25565	40770	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:30.477699041 CET	25565	40770	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:30.478383064 CET	40770	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:30.479172945 CET	40772	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:30.598844051 CET	25565	40770	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:30.599860907 CET	25565	40772	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:30.600037098 CET	40772	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:30.600122929 CET	40772	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:30.719857931 CET	25565	40772	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:32.863522053 CET	25565	40772	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:32.863907099 CET	40772	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:32.864922047 CET	40774	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:32.983869076 CET	25565	40772	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:32.984680891 CET	25565	40774	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:32.984956026 CET	40774	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:32.984956026 CET	40774	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:33.104885101 CET	25565	40774	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:35.199917078 CET	25565	40774	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:35.200494051 CET	40774	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:35.200525999 CET	40774	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:35.201370001 CET	40776	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:35.320496082 CET	25565	40774	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:35.321252108 CET	25565	40776	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:35.321400881 CET	40776	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:35.321711063 CET	40776	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:35.442085981 CET	25565	40776	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:37.348295927 CET	43928	443	192.168.2.23	91.189.91.42
Dec 16, 2024 13:09:37.540514946 CET	25565	40776	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:37.540965080 CET	40776	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:37.541868925 CET	40778	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:37.660855055 CET	25565	40776	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:37.661654949 CET	25565	40778	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:37.661847115 CET	40778	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:37.661942005 CET	40778	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:37.781861067 CET	25565	40778	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:39.887065887 CET	25565	40778	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:39.887299061 CET	40778	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:39.887748003 CET	40780	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:40.008840084 CET	25565	40778	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:40.008861065 CET	25565	40780	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:40.009021997 CET	40780	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:40.009051085 CET	40780	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:40.128937006 CET	25565	40780	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:42.275419950 CET	25565	40780	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:42.275692940 CET	40780	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:42.276506901 CET	40782	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:42.395567894 CET	25565	40780	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:42.396311045 CET	25565	40782	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:42.396423101 CET	40782	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:42.396763086 CET	40782	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:42.516539097 CET	25565	40782	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:44.601705074 CET	25565	40782	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:44.602010965 CET	40782	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:44.602904081 CET	40784	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:44.721745014 CET	25565	40782	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:44.722640038 CET	25565	40784	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:44.723023891 CET	40784	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:44.723149061 CET	40784	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:44.844770908 CET	25565	40784	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:46.930026054 CET	25565	40784	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:46.930430889 CET	40784	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:46.931298018 CET	40786	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:47.050226927 CET	25565	40784	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:47.051052094 CET	25565	40786	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:47.051246881 CET	40786	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:47.051419020 CET	40786	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:47.171232939 CET	25565	40786	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:49.322369099 CET	25565	40786	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:49.322638988 CET	40786	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:49.323519945 CET	40788	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:49.443227053 CET	25565	40786	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:49.444761992 CET	25565	40788	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:49.444873095 CET	40788	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:49.444987059 CET	40788	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:49.564811945 CET	25565	40788	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:49.634535074 CET	42836	443	192.168.2.23	91.189.91.43
Dec 16, 2024 13:09:51.697247028 CET	25565	40788	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:51.697622061 CET	40788	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:51.698672056 CET	40790	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:51.817483902 CET	25565	40788	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:51.818500042 CET	25565	40790	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:51.818599939 CET	40790	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:51.818645954 CET	40790	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:51.938613892 CET	25565	40790	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:53.729852915 CET	42516	80	192.168.2.23	109.202.202.202
Dec 16, 2024 13:09:54.043090105 CET	25565	40790	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:54.043307066 CET	40790	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:54.044186115 CET	40792	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:54.163489103 CET	25565	40790	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:54.164004087 CET	25565	40792	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:54.164114952 CET	40792	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:54.164191961 CET	40792	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:54.284070969 CET	25565	40792	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:56.368446112 CET	25565	40792	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:56.368690968 CET	40792	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:56.369990110 CET	40794	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:56.489149094 CET	25565	40792	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:56.489784956 CET	25565	40794	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:56.489917040 CET	40794	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:56.490071058 CET	40794	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:56.611834049 CET	25565	40794	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:58.699383020 CET	25565	40794	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:58.699626923 CET	40794	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:58.701009035 CET	40796	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:58.820178986 CET	25565	40794	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:58.821719885 CET	25565	40796	150.241.88.132	192.168.2.23
Dec 16, 2024 13:09:58.821856976 CET	40796	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:58.821928978 CET	40796	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:09:58.941721916 CET	25565	40796	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:01.088378906 CET	25565	40796	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:01.088721037 CET	40796	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:01.089446068 CET	40798	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:01.208494902 CET	25565	40796	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:01.209402084 CET	25565	40798	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:01.209536076 CET	40798	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:01.209721088 CET	40798	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:01.330305099 CET	25565	40798	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:03.418272972 CET	25565	40798	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:03.418708086 CET	40798	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:03.419821978 CET	40800	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:03.538822889 CET	25565	40798	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:03.539755106 CET	25565	40800	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:03.539889097 CET	40800	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:03.540102005 CET	40800	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:03.662766933 CET	25565	40800	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:05.793117046 CET	25565	40800	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:05.793517113 CET	40800	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:05.794517994 CET	40802	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:05.913338900 CET	25565	40800	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:05.914381981 CET	25565	40802	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:05.914526939 CET	40802	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:05.914623976 CET	40802	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:06.034393072 CET	25565	40802	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:08.136987925 CET	25565	40802	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:08.137398005 CET	40802	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:08.138495922 CET	40804	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:08.257287025 CET	25565	40802	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:08.258337975 CET	25565	40804	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:08.258446932 CET	40804	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:08.258635998 CET	40804	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:08.378335953 CET	25565	40804	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:10.993973017 CET	25565	40804	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:10.994414091 CET	40804	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:10.995052099 CET	40806	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:11.201523066 CET	25565	40804	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:11.201581955 CET	25565	40806	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:11.201931953 CET	40806	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:11.202089071 CET	40806	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:11.327303886 CET	25565	40806	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:13.462968111 CET	25565	40806	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:13.463395119 CET	40806	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:13.464586973 CET	40808	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:13.583301067 CET	25565	40806	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:13.584315062 CET	25565	40808	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:13.584449053 CET	40808	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:13.584603071 CET	40808	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:13.705414057 CET	25565	40808	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:15.883425951 CET	25565	40808	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:15.883613110 CET	40808	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:15.884275913 CET	40810	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:16.003573895 CET	25565	40808	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:16.004200935 CET	25565	40810	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:16.004268885 CET	40810	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:16.004322052 CET	40810	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:16.124339104 CET	25565	40810	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:18.260219097 CET	25565	40810	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:18.260484934 CET	40810	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:18.261434078 CET	40812	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:18.302439928 CET	43928	443	192.168.2.23	91.189.91.42
Dec 16, 2024 13:10:18.380286932 CET	25565	40810	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:18.381450891 CET	25565	40812	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:18.381541014 CET	40812	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:18.381606102 CET	40812	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:18.501539946 CET	25565	40812	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:20.590570927 CET	25565	40812	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:20.590774059 CET	40812	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:20.591500044 CET	40814	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:20.710683107 CET	25565	40812	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:20.711208105 CET	25565	40814	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:20.711353064 CET	40814	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:20.711400032 CET	40814	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:20.831630945 CET	25565	40814	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:22.963363886 CET	25565	40814	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:22.965477943 CET	40814	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:22.967001915 CET	40816	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:23.085407019 CET	25565	40814	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:23.086846113 CET	25565	40816	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:23.087009907 CET	40816	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:23.087152004 CET	40816	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:23.206933022 CET	25565	40816	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:25.289604902 CET	25565	40816	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:25.289880991 CET	40816	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:25.290415049 CET	40818	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:25.409676075 CET	25565	40816	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:25.410083055 CET	25565	40818	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:25.410212040 CET	40818	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:25.410315990 CET	40818	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:25.530015945 CET	25565	40818	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:27.618227005 CET	25565	40818	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:27.618870020 CET	40818	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:27.619493008 CET	40820	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:27.740084887 CET	25565	40818	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:27.740135908 CET	25565	40820	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:27.740420103 CET	40820	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:27.740598917 CET	40820	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:27.860318899 CET	25565	40820	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:29.961678028 CET	25565	40820	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:29.961965084 CET	40820	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:29.962685108 CET	40822	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:30.081891060 CET	25565	40820	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:30.082357883 CET	25565	40822	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:30.082470894 CET	40822	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:30.082799911 CET	40822	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:30.202815056 CET	25565	40822	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:32.293425083 CET	25565	40822	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:32.293664932 CET	40822	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:32.294329882 CET	40824	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:32.413543940 CET	25565	40822	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:32.414093018 CET	25565	40824	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:32.414226055 CET	40824	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:32.414294004 CET	40824	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:32.534049034 CET	25565	40824	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:34.621581078 CET	25565	40824	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:34.621917009 CET	40824	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:34.622359991 CET	40826	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:34.743544102 CET	25565	40824	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:34.743565083 CET	25565	40826	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:34.743717909 CET	40826	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:34.743958950 CET	40826	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:34.863764048 CET	25565	40826	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:36.965899944 CET	25565	40826	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:36.966228962 CET	40826	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:36.966733932 CET	40828	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:37.086018085 CET	25565	40826	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:37.086522102 CET	25565	40828	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:37.086674929 CET	40828	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:37.086756945 CET	40828	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:37.206768036 CET	25565	40828	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:39.338412046 CET	25565	40828	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:39.338960886 CET	40828	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:39.339726925 CET	40830	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:39.458904028 CET	25565	40828	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:39.459574938 CET	25565	40830	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:39.459836960 CET	40830	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:39.460160971 CET	40830	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:39.579957008 CET	25565	40830	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:41.665429115 CET	25565	40830	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:41.665751934 CET	40830	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:41.666323900 CET	40832	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:41.785727024 CET	25565	40830	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:41.786117077 CET	25565	40832	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:41.786259890 CET	40832	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:41.786389112 CET	40832	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:41.906122923 CET	25565	40832	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:43.993504047 CET	25565	40832	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:43.993751049 CET	40832	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:43.994501114 CET	40834	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:44.113787889 CET	25565	40832	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:44.114202976 CET	25565	40834	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:44.114319086 CET	40834	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:44.114438057 CET	40834	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:44.235037088 CET	25565	40834	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:46.321533918 CET	25565	40834	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:46.322125912 CET	40834	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:46.323061943 CET	40836	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:46.442025900 CET	25565	40834	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:46.442955017 CET	25565	40836	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:46.443085909 CET	40836	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:46.443281889 CET	40836	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:46.563038111 CET	25565	40836	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:48.650093079 CET	25565	40836	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:48.650527954 CET	40836	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:48.651263952 CET	40838	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:48.770526886 CET	25565	40836	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:48.771214962 CET	25565	40838	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:48.771399975 CET	40838	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:48.771491051 CET	40838	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:48.891382933 CET	25565	40838	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:50.981724024 CET	25565	40838	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:50.981920958 CET	40838	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:50.981971025 CET	40838	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:50.982687950 CET	40840	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:51.101887941 CET	25565	40838	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:51.102428913 CET	25565	40840	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:51.102546930 CET	40840	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:51.102683067 CET	40840	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:51.222369909 CET	25565	40840	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:53.306767941 CET	25565	40840	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:53.306999922 CET	40840	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:53.307478905 CET	40842	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:53.427143097 CET	25565	40840	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:53.427519083 CET	25565	40842	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:53.427632093 CET	40842	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:53.427841902 CET	40842	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:53.547981977 CET	25565	40842	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:55.637459993 CET	25565	40842	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:55.637667894 CET	40842	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:55.638209105 CET	40844	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:55.757443905 CET	25565	40842	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:55.758121014 CET	25565	40844	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:55.758254051 CET	40844	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:55.758306026 CET	40844	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:55.878910065 CET	25565	40844	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:57.966258049 CET	25565	40844	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:57.966655016 CET	40844	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:57.967597008 CET	40846	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:58.086519003 CET	25565	40844	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:58.087389946 CET	25565	40846	150.241.88.132	192.168.2.23
Dec 16, 2024 13:10:58.087532997 CET	40846	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:58.087852001 CET	40846	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:10:58.208328962 CET	25565	40846	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:00.291263103 CET	25565	40846	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:00.291707993 CET	40846	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:00.292361975 CET	40848	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:00.413249969 CET	25565	40846	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:00.413763046 CET	25565	40848	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:00.413969994 CET	40848	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:00.414038897 CET	40848	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:00.533873081 CET	25565	40848	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:02.650230885 CET	25565	40848	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:02.650482893 CET	40848	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:02.651524067 CET	40850	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:02.770747900 CET	25565	40848	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:02.771323919 CET	25565	40850	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:02.771508932 CET	40850	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:02.771624088 CET	40850	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:02.891746998 CET	25565	40850	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:05.028696060 CET	25565	40850	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:05.029238939 CET	40850	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:05.029992104 CET	40852	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:05.149154902 CET	25565	40850	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:05.149713993 CET	25565	40852	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:05.149848938 CET	40852	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:05.150016069 CET	40852	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:05.269850969 CET	25565	40852	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:07.402621031 CET	25565	40852	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:07.403110981 CET	40852	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:07.403913021 CET	40854	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:07.524072886 CET	25565	40852	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:07.524804115 CET	25565	40854	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:07.524950027 CET	40854	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:07.525162935 CET	40854	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:07.645100117 CET	25565	40854	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:09.727895975 CET	25565	40854	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:09.728235006 CET	40854	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:09.728918076 CET	40856	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:09.848263979 CET	25565	40854	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:09.849584103 CET	25565	40856	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:09.849788904 CET	40856	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:09.849921942 CET	40856	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:09.969589949 CET	25565	40856	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:12.058628082 CET	25565	40856	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:12.058893919 CET	40856	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:12.059585094 CET	40858	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:12.182347059 CET	25565	40856	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:12.182396889 CET	25565	40858	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:12.182595968 CET	40858	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:12.182636976 CET	40858	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:12.302696943 CET	25565	40858	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:14.415765047 CET	25565	40858	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:14.415985107 CET	40858	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:14.416461945 CET	40860	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:14.538024902 CET	25565	40858	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:14.538352013 CET	25565	40860	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:14.538480997 CET	40860	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:14.538621902 CET	40860	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:14.658329964 CET	25565	40860	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:16.749670982 CET	25565	40860	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:16.749936104 CET	40860	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:16.750667095 CET	40862	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:16.869956970 CET	25565	40860	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:16.870701075 CET	25565	40862	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:16.870835066 CET	40862	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:16.871041059 CET	40862	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:16.990880966 CET	25565	40862	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:19.136598110 CET	25565	40862	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:19.136949062 CET	40862	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:19.137655973 CET	40864	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:19.257153988 CET	25565	40862	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:19.257479906 CET	25565	40864	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:19.257646084 CET	40864	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:19.257724047 CET	40864	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:19.378535986 CET	25565	40864	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:21.512249947 CET	25565	40864	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:21.512629986 CET	40864	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:21.513700962 CET	40866	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:21.632487059 CET	25565	40864	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:21.633560896 CET	25565	40866	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:21.633641958 CET	40866	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:21.633847952 CET	40866	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:21.753567934 CET	25565	40866	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:23.838447094 CET	25565	40866	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:23.838743925 CET	40866	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:23.839550018 CET	40868	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:23.959817886 CET	25565	40866	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:23.959840059 CET	25565	40868	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:23.960000992 CET	40868	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:23.960194111 CET	40868	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:24.080852985 CET	25565	40868	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:26.166692972 CET	25565	40868	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:26.167146921 CET	40868	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:26.168405056 CET	40870	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:26.287348032 CET	25565	40868	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:26.290467978 CET	25565	40870	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:26.290621996 CET	40870	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:26.290801048 CET	40870	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:26.410604000 CET	25565	40870	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:28.494381905 CET	25565	40870	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:28.494811058 CET	40870	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:28.495536089 CET	40872	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:28.614800930 CET	25565	40870	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:28.615288973 CET	25565	40872	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:28.615425110 CET	40872	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:28.615582943 CET	40872	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:28.735371113 CET	25565	40872	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:30.822686911 CET	25565	40872	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:30.823101997 CET	40872	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:30.823683023 CET	40874	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:30.942929029 CET	25565	40872	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:30.943355083 CET	25565	40874	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:30.943499088 CET	40874	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:30.943667889 CET	40874	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:31.063406944 CET	25565	40874	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:33.199249983 CET	25565	40874	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:33.199637890 CET	40874	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:33.200591087 CET	40876	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:33.319567919 CET	25565	40874	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:33.320457935 CET	25565	40876	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:33.320590973 CET	40876	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:33.320753098 CET	40876	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:33.443401098 CET	25565	40876	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:35.529659986 CET	25565	40876	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:35.529876947 CET	40876	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:35.530839920 CET	40878	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:35.650122881 CET	25565	40876	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:35.650595903 CET	25565	40878	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:35.650674105 CET	40878	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:35.650753975 CET	40878	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:35.771513939 CET	25565	40878	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:37.853486061 CET	25565	40878	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:37.853805065 CET	40878	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:37.854621887 CET	40880	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:37.973819971 CET	25565	40878	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:37.974430084 CET	25565	40880	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:37.974711895 CET	40880	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:37.974812031 CET	40880	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:38.094594955 CET	25565	40880	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:40.181677103 CET	25565	40880	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:40.181929111 CET	40880	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:40.182529926 CET	40882	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:40.301991940 CET	25565	40880	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:40.302407026 CET	25565	40882	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:40.302521944 CET	40882	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:40.302687883 CET	40882	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:40.422633886 CET	25565	40882	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:42.558861017 CET	25565	40882	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:42.559273958 CET	40882	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:42.559979916 CET	40884	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:42.679233074 CET	25565	40882	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:42.679814100 CET	25565	40884	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:42.679907084 CET	40884	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:42.680016994 CET	40884	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:42.799787045 CET	25565	40884	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:44.888324976 CET	25565	40884	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:44.888520956 CET	40884	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:44.889070034 CET	40886	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:45.008389950 CET	25565	40884	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:45.008754015 CET	25565	40886	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:45.008847952 CET	40886	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:45.008955002 CET	40886	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:45.128976107 CET	25565	40886	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:47.216658115 CET	25565	40886	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:47.216897964 CET	40886	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:47.217437029 CET	40888	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:47.336658955 CET	25565	40886	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:47.337194920 CET	25565	40888	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:47.337275028 CET	40888	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:47.337384939 CET	40888	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:47.457195044 CET	25565	40888	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:49.547636986 CET	25565	40888	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:49.547992945 CET	40888	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:49.548664093 CET	40890	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:49.667953014 CET	25565	40888	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:49.668534994 CET	25565	40890	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:49.668663025 CET	40890	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:49.668720007 CET	40890	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:49.791858912 CET	25565	40890	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:51.877440929 CET	25565	40890	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:51.877631903 CET	40890	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:51.878385067 CET	40892	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:51.997529030 CET	25565	40890	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:51.998183966 CET	25565	40892	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:51.998296976 CET	40892	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:51.998419046 CET	40892	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:52.118331909 CET	25565	40892	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:54.233602047 CET	25565	40892	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:54.233916998 CET	40892	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:54.235397100 CET	40894	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:54.354038954 CET	25565	40892	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:54.355300903 CET	25565	40894	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:54.355417967 CET	40894	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:54.355590105 CET	40894	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:54.475446939 CET	25565	40894	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:56.556977987 CET	25565	40894	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:56.557300091 CET	40894	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:56.558319092 CET	40896	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:56.677257061 CET	25565	40894	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:56.678206921 CET	25565	40896	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:56.678443909 CET	40896	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:56.678642988 CET	40896	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:56.798470974 CET	25565	40896	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:58.885235071 CET	25565	40896	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:58.885396004 CET	40896	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:58.885943890 CET	40898	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:59.005408049 CET	25565	40896	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:59.005769968 CET	25565	40898	150.241.88.132	192.168.2.23
Dec 16, 2024 13:11:59.005851984 CET	40898	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:59.005908966 CET	40898	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:11:59.125998020 CET	25565	40898	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:01.217088938 CET	25565	40898	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:01.217201948 CET	40898	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:01.217911005 CET	40900	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:01.337110043 CET	25565	40898	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:01.337713003 CET	25565	40900	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:01.337769985 CET	40900	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:01.337841034 CET	40900	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:01.457819939 CET	25565	40900	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:03.544755936 CET	25565	40900	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:03.545008898 CET	40900	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:03.546106100 CET	40902	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:03.891426086 CET	25565	40900	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:03.891485929 CET	25565	40902	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:03.891585112 CET	40902	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:03.891693115 CET	40902	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:04.011527061 CET	25565	40902	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:06.107804060 CET	25565	40902	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:06.108032942 CET	40902	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:06.108549118 CET	40904	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:06.227874994 CET	25565	40902	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:06.228254080 CET	25565	40904	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:06.228338003 CET	40904	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:06.228447914 CET	40904	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:06.348999023 CET	25565	40904	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:08.432825089 CET	25565	40904	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:08.433082104 CET	40904	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:08.433764935 CET	40906	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:08.553230047 CET	25565	40904	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:08.553515911 CET	25565	40906	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:08.553582907 CET	40906	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:08.553795099 CET	40906	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:08.673640966 CET	25565	40906	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:10.798532963 CET	25565	40906	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:10.798743963 CET	40906	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:10.799428940 CET	40908	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:10.918492079 CET	25565	40906	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:10.919171095 CET	25565	40908	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:10.919249058 CET	40908	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:10.919357061 CET	40908	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:11.039222002 CET	25565	40908	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:13.119987011 CET	25565	40908	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:13.120260954 CET	40908	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:13.121478081 CET	40910	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:13.240129948 CET	25565	40908	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:13.241225004 CET	25565	40910	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:13.241353035 CET	40910	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:13.241470098 CET	40910	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:13.361212015 CET	25565	40910	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:15.527744055 CET	25565	40910	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:15.528146029 CET	40910	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:15.528664112 CET	40912	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:15.647902966 CET	25565	40910	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:15.648367882 CET	25565	40912	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:15.648509026 CET	40912	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:15.648623943 CET	40912	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:15.768400908 CET	25565	40912	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:17.873025894 CET	25565	40912	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:17.873275995 CET	40912	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:17.873889923 CET	40914	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:17.993171930 CET	25565	40912	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:17.993607998 CET	25565	40914	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:17.993707895 CET	40914	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:17.993880033 CET	40914	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:18.115849018 CET	25565	40914	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:20.198513985 CET	25565	40914	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:20.198837996 CET	40914	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:20.199433088 CET	40916	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:20.318763971 CET	25565	40914	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:20.319173098 CET	25565	40916	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:20.319273949 CET	40916	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:20.319367886 CET	40916	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:20.439201117 CET	25565	40916	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:22.529911995 CET	25565	40916	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:22.530324936 CET	40916	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:22.531259060 CET	40918	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:22.650757074 CET	25565	40916	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:22.651021004 CET	25565	40918	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:22.651140928 CET	40918	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:22.651319981 CET	40918	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:22.771440029 CET	25565	40918	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:24.903084993 CET	25565	40918	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:24.903247118 CET	40918	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:24.903914928 CET	40920	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:25.023080111 CET	25565	40918	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:25.023597002 CET	25565	40920	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:25.023721933 CET	40920	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:25.023902893 CET	40920	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:25.143522978 CET	25565	40920	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:27.278661966 CET	25565	40920	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:27.279020071 CET	40920	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:27.279686928 CET	40922	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:27.399101973 CET	25565	40920	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:27.399841070 CET	25565	40922	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:27.400058031 CET	40922	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:27.400202036 CET	40922	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:27.520122051 CET	25565	40922	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:29.653250933 CET	25565	40922	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:29.653472900 CET	40922	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:29.654205084 CET	40924	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:29.773610115 CET	25565	40922	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:29.774457932 CET	25565	40924	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:29.774533033 CET	40924	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:29.774622917 CET	40924	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:29.894392967 CET	25565	40924	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:31.983707905 CET	25565	40924	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:31.983876944 CET	40924	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:31.983939886 CET	40924	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:31.984791040 CET	40926	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:32.103940964 CET	25565	40924	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:32.104688883 CET	25565	40926	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:32.104809046 CET	40926	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:32.104882002 CET	40926	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:32.224750042 CET	25565	40926	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:34.338943005 CET	25565	40926	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:34.339346886 CET	40926	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:34.340101004 CET	40928	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:34.459939957 CET	25565	40926	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:34.460443974 CET	25565	40928	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:34.460722923 CET	40928	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:34.460722923 CET	40928	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:34.580553055 CET	25565	40928	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:36.667267084 CET	25565	40928	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:36.667530060 CET	40928	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:36.668212891 CET	40930	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:36.787452936 CET	25565	40928	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:36.787971973 CET	25565	40930	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:36.788120985 CET	40930	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:36.788255930 CET	40930	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:36.908098936 CET	25565	40930	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:38.995418072 CET	25565	40930	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:38.995776892 CET	40930	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:38.996725082 CET	40932	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:39.115860939 CET	25565	40930	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:39.116553068 CET	25565	40932	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:39.116652966 CET	40932	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:39.116866112 CET	40932	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:39.237325907 CET	25565	40932	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:41.372629881 CET	25565	40932	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:41.372873068 CET	40932	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:41.377198935 CET	40934	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:41.493628979 CET	25565	40932	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:41.499423981 CET	25565	40934	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:41.499555111 CET	40934	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:41.499684095 CET	40934	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:41.619391918 CET	25565	40934	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:43.714370966 CET	25565	40934	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:43.714719057 CET	40934	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:43.715641975 CET	40936	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:43.835870981 CET	25565	40934	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:43.836787939 CET	25565	40936	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:43.836915016 CET	40936	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:43.837013960 CET	40936	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:43.956995010 CET	25565	40936	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:46.093803883 CET	25565	40936	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:46.094207048 CET	40936	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:46.094676971 CET	40938	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:46.214164019 CET	25565	40936	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:46.214487076 CET	25565	40938	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:46.214813948 CET	40938	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:46.214813948 CET	40938	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:46.335757017 CET	25565	40938	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:48.453428984 CET	25565	40938	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:48.453939915 CET	40938	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:48.454773903 CET	40940	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:48.573712111 CET	25565	40938	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:48.574785948 CET	25565	40940	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:48.574877977 CET	40940	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:48.575123072 CET	40940	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:48.696094990 CET	25565	40940	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:50.941428900 CET	25565	40940	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:50.941606998 CET	40940	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:50.942276955 CET	40942	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:51.061537981 CET	25565	40940	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:51.062088013 CET	25565	40942	150.241.88.132	192.168.2.23
Dec 16, 2024 13:12:51.062213898 CET	40942	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:51.062329054 CET	40942	25565	192.168.2.23	150.241.88.132
Dec 16, 2024 13:12:51.183980942 CET	25565	40942	150.241.88.132	192.168.2.23

System Behavior

Analysis Process: dash PID: 6225, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6225, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.25mzlEEvpZ /tmp/tmp.DDq2YkcMbt /tmp/tmp.scdstBQjf3
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6226, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: cat PID: 6226, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/cat
Arguments:	cat /tmp/tmp.25mzlEEvpZ
File size:	43416 bytes
MD5 hash:	7e9d213e404ad3bb82e4ebb2e1f2c1b3

Chronological Activities

Analysis Process: dash PID: 6227, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: head PID: 6227, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/head
Arguments:	head -n 10
File size:	47480 bytes
MD5 hash:	fd96a67145172477dd57131396fc9608

Chronological Activities

Analysis Process: dash PID: 6228, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: tr PID: 6228, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/tr
Arguments:	tr -d \\000-\\011\\013\\014\\016-\\037
File size:	51544 bytes
MD5 hash:	fbd1402dd9f72d8ebfff00ce7c3a7bb5

Chronological Activities

Analysis Process: dash PID: 6229, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: cut PID: 6229, Parent PID: 4331

General

Start time (UTC):	12:09:09
Start date (UTC):	16/12/2024
Path:	/usr/bin/cut
Arguments:	cut -c -80
File size:	47480 bytes
MD5 hash:	d8ed0ea8f22c0de0f8692d4d9f1759d3

Chronological Activities

Analysis Process: dash PID: 6230, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: cat PID: 6230, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/cat
Arguments:	cat /tmp/tmp.25mzlEEvpZ
File size:	43416 bytes
MD5 hash:	7e9d213e404ad3bb82e4ebb2e1f2c1b3

Chronological Activities

Analysis Process: dash PID: 6231, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: head PID: 6231, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/head
Arguments:	head -n 10
File size:	47480 bytes
MD5 hash:	fd96a67145172477dd57131396fc9608

Chronological Activities

Analysis Process: dash PID: 6232, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: tr PID: 6232, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/tr
Arguments:	tr -d \\000-\\011\\013\\014\\016-\\037
File size:	51544 bytes
MD5 hash:	fbd1402dd9f72d8ebfff00ce7c3a7bb5

Chronological Activities

Analysis Process: dash PID: 6233, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: cut PID: 6233, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/cut
Arguments:	cut -c -80
File size:	47480 bytes
MD5 hash:	d8ed0ea8f22c0de0f8692d4d9f1759d3

Chronological Activities

Analysis Process: dash PID: 6234, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6234, Parent PID: 4331

General

Start time (UTC):	12:09:10
Start date (UTC):	16/12/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.25mzlEEvpZ /tmp/tmp.DDq2YkcMbt /tmp/tmp.scdstBQjf3
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: sh4.elf PID: 6262, Parent PID: 6157

General

Start time (UTC):	12:09:17
Start date (UTC):	16/12/2024
Path:	/tmp/sh4.elf
Arguments:	/tmp/sh4.elf
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: sh4.elf PID: 6264, Parent PID: 6262

General

Start time (UTC):	12:09:17
Start date (UTC):	16/12/2024
Path:	/tmp/sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: sh4.elf PID: 6266, Parent PID: 6264

General

Start time (UTC):	12:09:17
Start date (UTC):	16/12/2024
Path:	/tmp/sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report sh4.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: Gafgyt

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: dash PID: 6225, Parent PID: 4331

General

Chronological Activities

Analysis Process: rm PID: 6225, Parent PID: 4331

General

Chronological Activities

Analysis Process: dash PID: 6226, Parent PID: 4331

General

Chronological Activities

Analysis Process: cat PID: 6226, Parent PID: 4331

General

Chronological Activities

Analysis Process: dash PID: 6227, Parent PID: 4331

General

Chronological Activities

Analysis Process: head PID: 6227, Parent PID: 4331

Linux Analysis Report
sh4.elf