Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.i686.elf

Overview

General Information

Sample name:ub8ehJSePAfc9FYqZIT6.i686.elf
Analysis ID:1579583
MD5:5a0517d1fa30a6fab030e281d2957328
SHA1:4abefe8b469f8e7efebb4756ea5d0963cff00161
SHA256:e9b0591495af8c41cc5d6bb3dc368fc2df912322fd62be36c378f1b854764290
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Yara signature match

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1579583
Start date and time:2024-12-23 03:22:09 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 31s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ub8ehJSePAfc9FYqZIT6.i686.elf
Detection:MAL
Classification:mal64.evad.linELF@0/0@0/0
Command:/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
PID:5432
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:
  • system is lnxubuntu20
  • cleanup
SourceRuleDescriptionAuthorStrings
5432.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5432.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5432.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_dab39a25unknownunknown
  • 0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5434.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5434.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
Click to see the 11 entries
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: ub8ehJSePAfc9FYqZIT6.i686.elfReversingLabs: Detection: 47%
Source: ub8ehJSePAfc9FYqZIT6.i686.elfJoe Sandbox ML: detected
Source: global trafficTCP traffic: 192.168.2.13:36150 -> 195.26.252.19:3778
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: ub8ehJSePAfc9FYqZIT6.i686.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Source: 5432.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5432.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5432.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5434.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5434.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5434.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5433.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5433.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5433.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5446.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5446.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5446.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 5433, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 5446, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: 5432.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5434.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5433.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5446.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5446.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5446.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 5433, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 5446, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal64.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/5380/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/230/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/110/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/231/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/111/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/232/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/112/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/233/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/113/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/234/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/114/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/235/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/115/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/236/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/116/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/237/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/117/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/238/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/118/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/239/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/119/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/914/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/10/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/917/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/11/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/12/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/13/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/14/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/5275/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/15/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/16/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/17/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/18/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/3772/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/19/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/240/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/3095/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/120/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/241/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/121/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/242/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/1/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/122/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/243/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/2/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/123/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/244/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/3/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/124/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/245/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/1588/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/125/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/4/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/246/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/126/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/5/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/247/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/127/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/6/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/248/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/128/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/7/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/249/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/129/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/8/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/800/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/9/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/1906/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/802/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/803/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/20/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/21/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/22/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/23/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/24/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/25/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/26/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/27/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/28/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/29/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/3420/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/1482/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/490/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/1480/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/250/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/371/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/130/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/251/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/131/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/252/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/132/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/253/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/254/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/1238/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/134/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/255/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/256/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/257/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/378/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/3413/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/258/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/259/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/1475/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/936/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 5432)File opened: /proc/30/statusJump to behavior
Source: ub8ehJSePAfc9FYqZIT6.i686.elfSubmission file: segment LOAD with 7.962 entropy (max. 8.0)
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information
1
OS Credential Dumping
System Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
ub8ehJSePAfc9FYqZIT6.i686.elf47%ReversingLabsLinux.Backdoor.Mirai
ub8ehJSePAfc9FYqZIT6.i686.elf100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netub8ehJSePAfc9FYqZIT6.i686.elffalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    195.26.252.19
    unknownUnited Kingdom
    8897KCOM-SPNService-ProviderNetworkex-MistralGBfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    195.26.252.19ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
      No context
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      KCOM-SPNService-ProviderNetworkex-MistralGBub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
      • 195.26.252.19
      la.bot.arm7.elfGet hashmaliciousMiraiBrowse
      • 213.254.174.221
      x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
      • 193.108.169.23
      x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
      • 217.154.178.248
      ppc.elfGet hashmaliciousMirai, MoobotBrowse
      • 159.15.89.185
      IGz.mpsl.elfGet hashmaliciousMiraiBrowse
      • 158.179.218.195
      TRC.ppc.elfGet hashmaliciousMiraiBrowse
      • 159.15.172.177
      zZ8OdFfZnb.exeGet hashmaliciousUnknownBrowse
      • 194.164.163.84
      pH6L2VWRbU.dllGet hashmaliciousUnknownBrowse
      • 194.164.163.84
      la.bot.sh4.elfGet hashmaliciousMiraiBrowse
      • 158.179.254.255
      No context
      No context
      No created / dropped files found
      File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
      Entropy (8bit):7.960091395823542
      TrID:
      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
      File name:ub8ehJSePAfc9FYqZIT6.i686.elf
      File size:38'304 bytes
      MD5:5a0517d1fa30a6fab030e281d2957328
      SHA1:4abefe8b469f8e7efebb4756ea5d0963cff00161
      SHA256:e9b0591495af8c41cc5d6bb3dc368fc2df912322fd62be36c378f1b854764290
      SHA512:f387c8c2e996ba98b9a100c260959d3454f75d4580e5862209c7e2338b3a6fb15213191681536912b45cac0c05427c925040f3bf64bc224a75eb12721ca760bc
      SSDEEP:768:0gpHcj1yjMXU+JdXQq6WIcVTNxAN8O3inbcuyD7UHQRjv:0g+1yjMXU0XQETNxAN0nouy8Hyj
      TLSH:D003E103D4F50A64F2BE367B19AF34C3A454F04FE5C88ABB1E91627B1202B957A562F1
      File Content Preview:.ELF........................4...........4. ...(.....................................................................Q.td.............................-[.UPX!.........B...B......W..........?..k.I/.j....\.W'"....)....4go.|.>#.....{~vx...A.Zg..3~........2..R.

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:Intel 80386
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - Linux
      ABI Version:0
      Entry Point Address:0xc092b0
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:0
      Section Header Size:40
      Number of Section Headers:0
      Header String Table Index:0
      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00xc010000xc010000x94a40x94a47.96200x5R E0x1000
      LOAD0xc080x805cc080x805cc080x00x00.00000x6RW 0x1000
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4
      TimestampSource PortDest PortSource IPDest IP
      Dec 23, 2024 03:23:00.317893028 CET361503778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:00.437979937 CET377836150195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:00.438049078 CET361503778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:00.438091040 CET361503778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:00.557975054 CET377836150195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:00.558027029 CET361503778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:00.677884102 CET377836150195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:01.577915907 CET377836150195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:01.578433037 CET361503778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:01.578433037 CET361503778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:01.578538895 CET361523778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:01.698609114 CET377836152195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:01.698945999 CET361523778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:01.699028969 CET361523778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:01.818921089 CET377836152195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:01.819170952 CET361523778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:01.939121008 CET377836152195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:02.838212013 CET377836152195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:02.838756084 CET361523778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:02.838756084 CET361523778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:02.838756084 CET361543778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:02.958628893 CET377836154195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:02.959189892 CET361543778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:02.959189892 CET361543778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:03.079113007 CET377836154195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:03.079483986 CET361543778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:03.199132919 CET377836154195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:04.097894907 CET377836154195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:04.098366976 CET361563778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:04.098448038 CET361543778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:04.098448992 CET361543778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:04.218204021 CET377836156195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:04.218446016 CET361563778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:04.218497992 CET361563778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:04.338633060 CET377836156195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:04.339159966 CET361563778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:04.458832026 CET377836156195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:05.758004904 CET361583778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:05.877739906 CET377836158195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:05.878247023 CET361583778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:05.878396988 CET361583778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:05.998481989 CET377836158195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:05.998739004 CET361583778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:06.118575096 CET377836158195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:07.016742945 CET377836158195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:07.016979933 CET361583778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:07.016979933 CET361583778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:07.017019033 CET361603778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:07.136882067 CET377836160195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:07.137016058 CET361603778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:07.137161970 CET361603778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:07.256830931 CET377836160195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:07.257024050 CET361603778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:07.376933098 CET377836160195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:08.275551081 CET377836160195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:08.275796890 CET361603778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:08.276277065 CET361603778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:08.276277065 CET361623778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:08.395973921 CET377836162195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:08.396353960 CET361623778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:08.396632910 CET361623778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:08.517215014 CET377836162195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:08.517458916 CET361623778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:08.637438059 CET377836162195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:09.535451889 CET377836162195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:09.535865068 CET361623778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:09.536163092 CET361643778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:09.536173105 CET361623778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:09.655942917 CET377836164195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:09.656265020 CET361643778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:09.656424046 CET361643778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:09.776326895 CET377836164195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:09.776740074 CET361643778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:09.896868944 CET377836164195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:10.795613050 CET377836164195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:10.796089888 CET361643778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:10.796089888 CET361643778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:10.796329021 CET361663778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:10.916248083 CET377836166195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:10.916678905 CET361663778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:10.916945934 CET361663778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:11.036786079 CET377836166195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:11.037295103 CET361663778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:11.157777071 CET377836166195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:12.055896044 CET377836166195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:12.056525946 CET361663778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:12.056525946 CET361663778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:12.056526899 CET361683778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:12.176743031 CET377836168195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:12.177356005 CET361683778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:12.177356005 CET361683778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:12.297409058 CET377836168195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:12.297749996 CET361683778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:12.418018103 CET377836168195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:13.315592051 CET377836168195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:13.316045046 CET361683778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:13.316046000 CET361683778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:13.316046000 CET361703778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:13.436440945 CET377836170195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:13.436744928 CET361703778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:13.436928034 CET361703778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:13.556770086 CET377836170195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:13.557389021 CET361703778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:13.677628994 CET377836170195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:14.219921112 CET361563778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:14.340221882 CET377836156195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:14.561054945 CET377836156195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:14.561361074 CET361563778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:14.591280937 CET377836170195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:14.591922998 CET361703778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:14.591923952 CET361703778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:14.591970921 CET361723778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:14.711884022 CET377836172195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:14.712260962 CET361723778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:14.712260962 CET361723778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:14.832036972 CET377836172195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:14.832412958 CET361723778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:14.952481985 CET377836172195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:15.851223946 CET377836172195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:15.851783037 CET361723778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:15.851783037 CET361723778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:15.851939917 CET361743778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:15.972023010 CET377836174195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:15.972487926 CET361743778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:15.972712040 CET361743778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:16.092681885 CET377836174195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:16.093249083 CET361743778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:16.213447094 CET377836174195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:17.110819101 CET377836174195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:17.111280918 CET361743778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:17.111320972 CET361743778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:17.111423969 CET361763778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:17.231271029 CET377836176195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:17.231586933 CET361763778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:17.231808901 CET361763778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:17.351674080 CET377836176195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:17.351975918 CET361763778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:17.472143888 CET377836176195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:18.371922016 CET377836176195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:18.372080088 CET361763778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:18.372210979 CET361763778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:18.372312069 CET361783778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:18.492417097 CET377836178195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:18.492686987 CET361783778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:18.492796898 CET361783778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:18.615645885 CET377836178195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:18.615978003 CET361783778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:18.735999107 CET377836178195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:19.661746025 CET377836178195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:19.662183046 CET361783778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:19.662203074 CET361783778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:19.662451982 CET361803778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:19.782668114 CET377836180195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:19.783010006 CET361803778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:19.783133030 CET361803778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:19.903208971 CET377836180195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:19.903707027 CET361803778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:20.023602009 CET377836180195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:20.924624920 CET377836180195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:20.925131083 CET361803778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:20.925213099 CET361803778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:20.925308943 CET361823778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:21.045526981 CET377836182195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:21.045986891 CET361823778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:21.045988083 CET361823778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:21.166616917 CET377836182195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:21.167049885 CET361823778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:21.287252903 CET377836182195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:22.196110010 CET377836182195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:22.196520090 CET361843778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:22.196650028 CET361823778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:22.196650028 CET361823778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:22.316759109 CET377836184195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:22.317269087 CET361843778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:22.317485094 CET361843778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:22.437463045 CET377836184195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:22.437817097 CET361843778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:22.557842016 CET377836184195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:23.455082893 CET377836184195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:23.455652952 CET361843778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:23.455652952 CET361843778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:23.455816031 CET361863778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:23.575927019 CET377836186195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:23.576189995 CET361863778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:23.576337099 CET361863778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:23.696296930 CET377836186195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:23.696459055 CET361863778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:23.816356897 CET377836186195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:24.715423107 CET377836186195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:24.715723038 CET361863778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:24.715965033 CET361863778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:24.716100931 CET361883778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:24.836154938 CET377836188195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:24.836577892 CET361883778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:24.836577892 CET361883778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:24.956665039 CET377836188195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:24.957123995 CET361883778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:25.077241898 CET377836188195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:25.975686073 CET377836188195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:25.976098061 CET361883778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:25.976098061 CET361883778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:25.976098061 CET361903778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:26.096815109 CET377836190195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:26.097333908 CET361903778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:26.097419977 CET361903778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:26.217601061 CET377836190195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:26.217899084 CET361903778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:26.338202953 CET377836190195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:27.233097076 CET377836190195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:27.233654976 CET361923778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:27.233762026 CET361903778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:27.233762026 CET361903778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:27.354146004 CET377836192195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:27.354609013 CET361923778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:27.354851961 CET361923778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:27.475030899 CET377836192195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:27.475372076 CET361923778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:27.595485926 CET377836192195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:28.494092941 CET377836192195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:28.494518995 CET361923778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:28.494756937 CET361923778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:28.494756937 CET361943778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:28.614949942 CET377836194195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:28.615108013 CET361943778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:28.615134001 CET361943778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:28.735443115 CET377836194195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:28.735718012 CET361943778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:28.855909109 CET377836194195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:29.753545046 CET377836194195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:29.753739119 CET361943778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:29.753771067 CET361943778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:29.753946066 CET361963778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:29.873881102 CET377836196195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:29.874299049 CET361963778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:29.874299049 CET361963778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:29.994559050 CET377836196195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:29.995096922 CET361963778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:30.115492105 CET377836196195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:31.016124964 CET377836196195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:31.016844034 CET361963778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:31.016844034 CET361963778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:31.016844034 CET361983778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:31.137212992 CET377836198195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:31.137739897 CET361983778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:31.137741089 CET361983778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:31.258040905 CET377836198195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:31.258658886 CET361983778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:31.379209042 CET377836198195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:32.278143883 CET377836198195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:32.278590918 CET362003778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:32.278672934 CET361983778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:32.278672934 CET361983778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:32.398706913 CET377836200195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:32.399104118 CET362003778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:32.399123907 CET362003778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:32.518914938 CET377836200195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:32.519364119 CET362003778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:32.639404058 CET377836200195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:33.537502050 CET377836200195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:33.537914991 CET362003778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:33.537914991 CET362003778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:33.537945032 CET362023778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:33.658063889 CET377836202195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:33.658420086 CET362023778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:33.658696890 CET362023778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:33.778660059 CET377836202195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:33.779138088 CET362023778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:33.899383068 CET377836202195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:34.797204018 CET377836202195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:34.797553062 CET362023778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:34.797729015 CET362023778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:34.797904968 CET362043778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:34.917915106 CET377836204195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:34.918421030 CET362043778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:34.918421984 CET362043778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:35.038688898 CET377836204195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:35.039133072 CET362043778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:35.159341097 CET377836204195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:36.057641029 CET377836204195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:36.058160067 CET362043778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:36.058160067 CET362043778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:36.058160067 CET362063778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:36.178680897 CET377836206195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:36.178935051 CET362063778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:36.179307938 CET362063778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:36.299442053 CET377836206195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:36.299911976 CET362063778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:36.420059919 CET377836206195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:37.318326950 CET377836206195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:37.318968058 CET362063778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:37.318968058 CET362063778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:37.319179058 CET362083778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:37.439071894 CET377836208195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:37.439608097 CET362083778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:37.439913988 CET362083778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:37.559880972 CET377836208195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:37.560245037 CET362083778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:37.680382967 CET377836208195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:38.603487015 CET377836208195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:38.603810072 CET362083778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:38.603810072 CET362083778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:38.603810072 CET362103778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:38.723984003 CET377836210195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:38.724416018 CET362103778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:38.724416971 CET362103778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:38.844439030 CET377836210195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:38.844624043 CET362103778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:38.965203047 CET377836210195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:39.863209963 CET377836210195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:39.863617897 CET362123778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:39.863632917 CET362103778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:39.863632917 CET362103778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:39.983866930 CET377836212195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:39.984072924 CET362123778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:39.984312057 CET362123778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:40.104393959 CET377836212195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:40.104499102 CET362123778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:40.224720955 CET377836212195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:41.122342110 CET377836212195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:41.122742891 CET362123778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:41.122742891 CET362123778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:41.122769117 CET362143778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:41.243016005 CET377836214195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:41.243400097 CET362143778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:41.243400097 CET362143778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:41.363338947 CET377836214195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:41.363714933 CET362143778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:41.483793020 CET377836214195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:42.382057905 CET377836214195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:42.382314920 CET362143778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:42.382314920 CET362143778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:42.382462025 CET362163778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:42.502582073 CET377836216195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:42.503204107 CET362163778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:42.503204107 CET362163778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:42.623428106 CET377836216195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:42.623816013 CET362163778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:42.743937016 CET377836216195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:43.643944025 CET377836216195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:43.644537926 CET362163778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:43.644537926 CET362163778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:43.644539118 CET362183778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:43.764436007 CET377836218195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:43.764730930 CET362183778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:43.764925957 CET362183778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:43.885382891 CET377836218195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:43.885952950 CET362183778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:44.005938053 CET377836218195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:44.903389931 CET377836218195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:44.903820038 CET362183778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:44.904035091 CET362203778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:44.904052973 CET362183778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:45.023964882 CET377836220195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:45.024384022 CET362203778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:45.024384022 CET362203778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:45.144345999 CET377836220195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:45.144788980 CET362203778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:45.265141010 CET377836220195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:46.187184095 CET377836220195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:46.187633991 CET362203778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:46.187633991 CET362203778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:46.187844992 CET362223778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:46.307601929 CET377836222195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:46.307965040 CET362223778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:46.308223963 CET362223778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:46.428210974 CET377836222195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:46.428539038 CET362223778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:46.548712015 CET377836222195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:47.447833061 CET377836222195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:47.448136091 CET362223778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:47.448312998 CET362223778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:47.448636055 CET362243778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:47.568299055 CET377836224195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:47.568739891 CET362243778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:47.568739891 CET362243778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:47.688757896 CET377836224195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:47.689374924 CET362243778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:47.809252977 CET377836224195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:48.709538937 CET377836224195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:48.709871054 CET362243778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:48.709872007 CET362243778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:48.709872007 CET362263778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:48.829834938 CET377836226195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:48.830239058 CET362263778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:48.830339909 CET362263778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:48.950248957 CET377836226195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:48.950778961 CET362263778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:49.070519924 CET377836226195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:49.973062992 CET377836226195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:49.973552942 CET362263778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:49.973552942 CET362263778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:49.973603964 CET362283778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:50.093436003 CET377836228195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:50.093760014 CET362283778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:50.093801022 CET362283778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:50.213417053 CET377836228195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:50.213742018 CET362283778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:50.333563089 CET377836228195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:51.230422020 CET377836228195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:51.230658054 CET362283778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:51.230696917 CET362283778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:51.230706930 CET362303778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:51.350653887 CET377836230195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:51.350967884 CET362303778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:51.351064920 CET362303778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:51.470923901 CET377836230195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:51.471324921 CET362303778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:51.591388941 CET377836230195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:52.503668070 CET377836230195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:52.504115105 CET362303778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:52.504278898 CET362303778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:52.504501104 CET362323778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:52.624401093 CET377836232195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:52.624942064 CET362323778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:52.625291109 CET362323778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:52.745081902 CET377836232195.26.252.19192.168.2.13
      Dec 23, 2024 03:23:52.745373964 CET362323778192.168.2.13195.26.252.19
      Dec 23, 2024 03:23:52.865233898 CET377836232195.26.252.19192.168.2.13
      Dec 23, 2024 03:24:02.627990007 CET362323778192.168.2.13195.26.252.19
      Dec 23, 2024 03:24:02.748191118 CET377836232195.26.252.19192.168.2.13
      Dec 23, 2024 03:24:02.968781948 CET377836232195.26.252.19192.168.2.13
      Dec 23, 2024 03:24:02.969162941 CET362323778192.168.2.13195.26.252.19
      Dec 23, 2024 03:24:14.608899117 CET361563778192.168.2.13195.26.252.19
      Dec 23, 2024 03:24:14.728740931 CET377836156195.26.252.19192.168.2.13
      Dec 23, 2024 03:24:14.949649096 CET377836156195.26.252.19192.168.2.13
      Dec 23, 2024 03:24:14.949927092 CET361563778192.168.2.13195.26.252.19
      Dec 23, 2024 03:25:03.030415058 CET362323778192.168.2.13195.26.252.19
      Dec 23, 2024 03:25:03.150662899 CET377836232195.26.252.19192.168.2.13
      Dec 23, 2024 03:25:03.379076958 CET377836232195.26.252.19192.168.2.13
      Dec 23, 2024 03:25:03.379570961 CET362323778192.168.2.13195.26.252.19

      System Behavior

      Start time (UTC):02:22:59
      Start date (UTC):23/12/2024
      Path:/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
      Arguments:/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
      File size:38304 bytes
      MD5 hash:5a0517d1fa30a6fab030e281d2957328

      Start time (UTC):02:22:59
      Start date (UTC):23/12/2024
      Path:/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
      Arguments:-
      File size:38304 bytes
      MD5 hash:5a0517d1fa30a6fab030e281d2957328

      Start time (UTC):02:22:59
      Start date (UTC):23/12/2024
      Path:/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
      Arguments:-
      File size:38304 bytes
      MD5 hash:5a0517d1fa30a6fab030e281d2957328

      Start time (UTC):02:22:59
      Start date (UTC):23/12/2024
      Path:/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
      Arguments:-
      File size:38304 bytes
      MD5 hash:5a0517d1fa30a6fab030e281d2957328
      Start time (UTC):02:23:05
      Start date (UTC):23/12/2024
      Path:/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
      Arguments:-
      File size:38304 bytes
      MD5 hash:5a0517d1fa30a6fab030e281d2957328

      Start time (UTC):02:23:05
      Start date (UTC):23/12/2024
      Path:/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
      Arguments:-
      File size:38304 bytes
      MD5 hash:5a0517d1fa30a6fab030e281d2957328