Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Space.arm6.elf

Overview

General Information

Sample name:Space.arm6.elf
Analysis ID:1580595
MD5:2a439612d6e2ab17b57e852c9dc9f8f1
SHA1:b8d4282fd83e9439ac664a879a87d892592befd5
SHA256:14cda25625d15478439287d983927cb1796fdd8de8e20ae1152f4892c2f989eb
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1580595
Start date and time:2024-12-25 11:29:31 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 3s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Space.arm6.elf
Detection:MAL
Classification:mal60.evad.linELF@0/0@0/0

Runtime Messages

Command:/tmp/Space.arm6.elf
PID:5827
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5827.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x15320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1535c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15438:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1544c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15460:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15474:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15488:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1549c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x154b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5837.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x15320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1535c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15438:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1544c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15460:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15474:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15488:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1549c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x154b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5831.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x15320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1535c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15438:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1544c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15460:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15474:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15488:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1549c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x154b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5829.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x15320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1535c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x153fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15438:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1544c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15460:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15474:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x15488:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1549c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x154b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.arm6.elf PID: 5827Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x162:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x176:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x18a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x19e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x202:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x216:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x22a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x23e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x252:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x266:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 3 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Space.arm6.elfVirustotal: Detection: 33%Perma Link
Source: Space.arm6.elfReversingLabs: Detection: 52%
Source: global trafficTCP traffic: 192.168.2.15:41024 -> 154.216.20.216:3778
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknownTCP traffic detected without corresponding DNS query: 154.216.20.216
Source: Space.arm6.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 5827.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5837.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5831.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5829.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.arm6.elf PID: 5827, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.arm6.elf PID: 5829, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.arm6.elf PID: 5831, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.arm6.elf PID: 5837, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0x8000
Source: 5827.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5837.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5831.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5829.1.00007fdfc4017000.00007fdfc402f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.arm6.elf PID: 5827, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.arm6.elf PID: 5829, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.arm6.elf PID: 5831, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.arm6.elf PID: 5837, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal60.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Sample is packed with UPX
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/110/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/231/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/111/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/112/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/233/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/113/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/114/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/235/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/115/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1333/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/116/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1695/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/117/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/118/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/119/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/911/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/5810/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/5811/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/914/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/10/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/917/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/11/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/12/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/13/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/14/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/15/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/16/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/17/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/18/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/19/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1591/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/120/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/121/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/5827/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/122/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/243/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/2/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/123/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/3/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/124/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1588/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/125/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/4/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/246/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/126/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/5/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/127/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/6/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1585/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/128/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/7/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/129/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/8/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/800/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/9/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/802/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/803/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/804/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/20/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/21/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/3407/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/22/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/23/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/24/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/25/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/26/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/27/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/28/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/29/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1484/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/490/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/250/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/130/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/251/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/131/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/132/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/133/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1479/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/378/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/258/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/259/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/931/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1595/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/812/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/933/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/5833/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/30/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/3419/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/35/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/3310/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/260/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/261/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/262/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/142/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/263/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/264/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/265/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/145/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/266/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/267/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/268/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/3303/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/269/statusJump to behavior
Source: /tmp/Space.arm6.elf (PID: 5827)File opened: /proc/1486/statusJump to behavior
Source: Space.arm6.elfSubmission file: segment LOAD with 7.9744 entropy (max. 8.0)
Source: /tmp/Space.arm6.elf (PID: 5827)Queries kernel information via 'uname': Jump to behavior
Source: Space.arm6.elf, 5827.1.00007ffde2b4e000.00007ffde2b6f000.rw-.sdmp, Space.arm6.elf, 5829.1.00007ffde2b4e000.00007ffde2b6f000.rw-.sdmp, Space.arm6.elf, 5831.1.00007ffde2b4e000.00007ffde2b6f000.rw-.sdmp, Space.arm6.elf, 5837.1.00007ffde2b4e000.00007ffde2b6f000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/Space.arm6.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Space.arm6.elf
Source: Space.arm6.elf, 5827.1.00005625b7587000.00005625b7775000.rw-.sdmp, Space.arm6.elf, 5829.1.00005625b7587000.00005625b7775000.rw-.sdmp, Space.arm6.elf, 5831.1.00005625b7587000.00005625b7775000.rw-.sdmp, Space.arm6.elf, 5837.1.00005625b7587000.00005625b7775000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: Space.arm6.elf, 5827.1.00005625b7587000.00005625b7775000.rw-.sdmp, Space.arm6.elf, 5829.1.00005625b7587000.00005625b7775000.rw-.sdmp, Space.arm6.elf, 5831.1.00005625b7587000.00005625b7775000.rw-.sdmp, Space.arm6.elf, 5837.1.00005625b7587000.00005625b7775000.rw-.sdmpBinary or memory string: %V!/etc/qemu-binfmt/arm
Source: Space.arm6.elf, 5827.1.00007ffde2b4e000.00007ffde2b6f000.rw-.sdmp, Space.arm6.elf, 5829.1.00007ffde2b4e000.00007ffde2b6f000.rw-.sdmp, Space.arm6.elf, 5831.1.00007ffde2b4e000.00007ffde2b6f000.rw-.sdmp, Space.arm6.elf, 5837.1.00007ffde2b4e000.00007ffde2b6f000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information		1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580595 Sample: Space.arm6.elf Startdate: 25/12/2024 Architecture: LINUX Score: 60 20 154.216.20.216, 3778, 41024, 41026 SKHT-ASShenzhenKatherineHengTechnologyInformationCo Seychelles 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Sample is packed with UPX 2->26 8 Space.arm6.elf 2->8         started        signatures3 process4 process5 10 Space.arm6.elf 8->10         started        12 Space.arm6.elf 8->12         started        14 Space.arm6.elf 8->14         started        process6 16 Space.arm6.elf 10->16         started        18 Space.arm6.elf 10->18         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Space.arm6.elf34%VirustotalBrowse
Space.arm6.elf53%ReversingLabsLinux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netSpace.arm6.elffalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    154.216.20.216
    		unknownSeychelles
    		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCofalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    154.216.20.216Space.ppc.elfGet hashmaliciousUnknownBrowse
      Space.x86_64.elfGet hashmaliciousUnknownBrowse
        Space.sh4.elfGet hashmaliciousUnknownBrowse
          Space.arm.elfGet hashmaliciousMiraiBrowse
            Space.mips.elfGet hashmaliciousUnknownBrowse
              Space.mpsl.elfGet hashmaliciousUnknownBrowse
                Space.m68k.elfGet hashmaliciousMiraiBrowse
                  Space.i686.elfGet hashmaliciousUnknownBrowse

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    SKHT-ASShenzhenKatherineHengTechnologyInformationCoSpace.ppc.elfGet hashmaliciousUnknownBrowse
                    • 154.216.20.216
                    Space.x86_64.elfGet hashmaliciousUnknownBrowse
                    • 154.216.20.216
                    Space.sh4.elfGet hashmaliciousUnknownBrowse
                    • 154.216.20.216
                    Space.arm.elfGet hashmaliciousMiraiBrowse
                    • 154.216.20.216
                    Space.mips.elfGet hashmaliciousUnknownBrowse
                    • 154.216.20.216
                    Space.mpsl.elfGet hashmaliciousUnknownBrowse
                    • 154.216.20.216
                    Space.m68k.elfGet hashmaliciousMiraiBrowse
                    • 154.216.20.216
                    Space.i686.elfGet hashmaliciousUnknownBrowse
                    • 154.216.20.216
                    byte.x86.elfGet hashmaliciousMirai, OkiruBrowse
                    • 154.216.19.138
                    zerarm7.elfGet hashmaliciousUnknownBrowse
                    • 154.216.16.250

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    General

                    File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
                    Entropy (8bit):7.972777485774196
                    TrID:
                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                    File name:Space.arm6.elf
                    File size:44'600 bytes
                    MD5:2a439612d6e2ab17b57e852c9dc9f8f1
                    SHA1:b8d4282fd83e9439ac664a879a87d892592befd5
                    SHA256:14cda25625d15478439287d983927cb1796fdd8de8e20ae1152f4892c2f989eb
                    SHA512:5bc6fa7cdf7d6a9ed6b3550f9022a700d941e4354fea53dd9bff92978ebcb3d37b371f3797957e57c6329bbaa97ef5e7b4f62244329b2a8dcea9d5a4fe91068f
                    SSDEEP:768:ocZOKj8x/QSQ3y/4qFTOdeoJWBhdYnjWcBWDW4s5GyZDa6XX44R9q3UELw:jXwQSYPqFHI8rOjBn4+9DXnELw
                    TLSH:D113F290CF06BDC2DD517D73EBE4D9CB471C9AF6C27A2613A62849BC4C93640E4D8487
                    File Content Preview:.ELF..............(.........4...........4. ...(.........................................H...H...H...................Q.td...............................OUPX!...................._..........?.E.h;....#..$.......L..T.|..r.F..ZS..n.8.I+.e......rQN..D....I.:#/.

                    Static ELF Info

                    ELF header

                    Class:ELF32
                    Data:2's complement, little endian
                    Version:1 (current)
                    Machine:ARM
                    Version Number:0x1
                    Type:EXEC (Executable file)
                    OS/ABI:UNIX - Linux
                    ABI Version:0
                    Entry Point Address:0x11b00
                    Flags:0x4000002
                    ELF Header Size:52
                    Program Header Offset:52
                    Program Header Size:32
                    Number of Program Headers:3
                    Section Header Offset:0
                    Section Header Size:40
                    Number of Section Headers:0
                    Header String Table Index:0

                    Program Segments

                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                    LOAD0x00x80000x80000xaced0xaced7.97440x5R E0x8000
                    LOAD0xb480x20b480x20b480x00x00.00000x6RW 0x8000
                    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Dec 25, 2024 11:30:46.539093971 CET410243778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:46.658795118 CET377841024154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:46.658870935 CET410243778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:46.665481091 CET410243778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:46.785044909 CET377841024154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:46.785098076 CET410243778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:46.904639959 CET377841024154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:47.961419106 CET377841024154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:47.961755991 CET410243778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:47.961755991 CET410243778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:47.962364912 CET410263778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:48.081943989 CET377841026154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:48.082037926 CET410263778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:48.083194017 CET410263778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:48.202896118 CET377841026154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:48.203031063 CET410263778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:48.322864056 CET377841026154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:49.384002924 CET377841026154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:49.384231091 CET410263778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:49.384231091 CET410263778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:49.384681940 CET410283778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:49.504174948 CET377841028154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:49.504481077 CET410283778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:49.505146027 CET410283778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:49.624645948 CET377841028154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:49.624720097 CET410283778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:49.744246006 CET377841028154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:50.802131891 CET377841028154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:50.802423954 CET410283778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:50.802509069 CET410283778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:50.803327084 CET410303778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:50.923088074 CET377841030154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:50.923333883 CET410303778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:50.924158096 CET410303778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:51.043823004 CET377841030154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:51.044110060 CET410303778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:51.163954020 CET377841030154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:52.224332094 CET377841030154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:52.224616051 CET410303778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.224648952 CET410303778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.225181103 CET410323778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.344908953 CET377841032154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:52.345029116 CET410323778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.345787048 CET410323778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.465409994 CET377841032154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:52.465614080 CET410323778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.516505003 CET410343778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.585407972 CET377841032154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:52.636284113 CET377841034154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:52.636354923 CET410343778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.641542912 CET410343778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.761234045 CET377841034154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:52.761292934 CET410343778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:52.881022930 CET377841034154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:53.648421049 CET377841032154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:53.648684978 CET410323778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:53.648747921 CET410323778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:53.649527073 CET410363778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:53.769052982 CET377841036154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:53.769254923 CET410363778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:53.770390987 CET410363778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:53.890048981 CET377841036154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:53.890337944 CET410363778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:53.935853958 CET377841034154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:53.936243057 CET410343778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:53.936243057 CET410343778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:53.936688900 CET410383778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:54.010056973 CET377841036154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:54.056277037 CET377841038154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:54.056545973 CET410383778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:54.057362080 CET410383778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:54.178155899 CET377841038154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:54.178263903 CET410383778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:54.299350023 CET377841038154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:55.072841883 CET377841036154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:55.073054075 CET410363778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.073128939 CET410363778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.073703051 CET410403778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.193304062 CET377841040154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:55.193552017 CET410403778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.194478989 CET410403778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.314416885 CET377841040154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:55.314625025 CET410403778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.358534098 CET377841038154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:55.358705044 CET410383778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.358705997 CET410383778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.359635115 CET410423778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.434453011 CET377841040154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:55.479253054 CET377841042154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:55.479598999 CET410423778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.480324984 CET410423778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.600369930 CET377841042154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:55.600493908 CET410423778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:55.720271111 CET377841042154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:56.492494106 CET377841040154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:56.492733955 CET410403778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.492780924 CET410403778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.493451118 CET410443778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.613126993 CET377841044154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:56.613320112 CET410443778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.614425898 CET410443778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.734052896 CET377841044154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:56.734419107 CET410443778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.780679941 CET377841042154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:56.780903101 CET410423778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.780950069 CET410423778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.781388044 CET410463778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.854079008 CET377841044154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:56.900949001 CET377841046154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:56.901034117 CET410463778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:56.901988029 CET410463778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:57.021825075 CET377841046154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:57.022038937 CET410463778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:57.141725063 CET377841046154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:57.914386988 CET377841044154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:57.914536953 CET410443778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:57.914727926 CET410443778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:57.915450096 CET410483778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.035139084 CET377841048154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:58.035262108 CET410483778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.036498070 CET410483778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.156517982 CET377841048154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:58.156661034 CET410483778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.200218916 CET377841046154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:58.200331926 CET410463778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.200386047 CET410463778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.200908899 CET410503778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.276407003 CET377841048154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:58.320702076 CET377841050154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:58.320879936 CET410503778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.321832895 CET410503778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.441401005 CET377841050154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:58.441492081 CET410503778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:58.561176062 CET377841050154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:59.334738016 CET377841048154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:59.334849119 CET410483778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.334878922 CET410483778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.335465908 CET410523778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.455012083 CET377841052154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:59.455140114 CET410523778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.456204891 CET410523778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.575700045 CET377841052154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:59.575779915 CET410523778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.618899107 CET377841050154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:59.619151115 CET410503778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.619151115 CET410503778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.619621992 CET410543778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.695343018 CET377841052154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:59.739186049 CET377841054154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:59.739361048 CET410543778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.740098953 CET410543778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.859694004 CET377841054154.216.20.216192.168.2.15
                    Dec 25, 2024 11:30:59.859833002 CET410543778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:30:59.979444027 CET377841054154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:00.756345034 CET377841052154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:00.756509066 CET410523778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:00.756509066 CET410523778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:00.757091045 CET410563778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:00.877877951 CET377841056154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:00.877988100 CET410563778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:00.879148960 CET410563778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:00.998699903 CET377841056154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:00.998956919 CET410563778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:01.034410954 CET377841054154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:01.034564972 CET410543778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:01.034616947 CET410543778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:01.035142899 CET410583778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:01.119024038 CET377841056154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:01.154685974 CET377841058154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:01.154854059 CET410583778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:01.156048059 CET410583778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:01.275741100 CET377841058154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:01.275938988 CET410583778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:01.396209955 CET377841058154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:02.178062916 CET377841056154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:02.178400993 CET410563778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.178452015 CET410563778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.179076910 CET410603778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.298674107 CET377841060154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:02.298783064 CET410603778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.299825907 CET410603778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.419439077 CET377841060154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:02.419557095 CET410603778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.455852032 CET377841058154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:02.455974102 CET410583778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.456053972 CET410583778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.456769943 CET410623778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.539369106 CET377841060154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:02.576297045 CET377841062154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:02.576571941 CET410623778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.577825069 CET410623778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.697556019 CET377841062154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:02.697854042 CET410623778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:02.817504883 CET377841062154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:03.599401951 CET377841060154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:03.599576950 CET410603778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.599617958 CET410603778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.600178003 CET410643778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.719795942 CET377841064154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:03.720053911 CET410643778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.721174955 CET410643778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.840959072 CET377841064154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:03.841229916 CET410643778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.873126030 CET377841062154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:03.873393059 CET410623778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.873567104 CET410623778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.874244928 CET410663778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.960903883 CET377841064154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:03.993710041 CET377841066154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:03.994062901 CET410663778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:03.995294094 CET410663778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:04.114850998 CET377841066154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:04.115025997 CET410663778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:04.234786034 CET377841066154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:05.016530991 CET377841064154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:05.016966105 CET410643778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.016966105 CET410643778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.018080950 CET410683778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.137723923 CET377841068154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:05.138051987 CET410683778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.139667034 CET410683778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.259215117 CET377841068154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:05.259357929 CET410683778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.293318987 CET377841066154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:05.293436050 CET410663778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.293541908 CET410663778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.294380903 CET410703778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.379009008 CET377841068154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:05.413980961 CET377841070154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:05.414184093 CET410703778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.415532112 CET410703778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.535006046 CET377841070154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:05.535243034 CET410703778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:05.654927969 CET377841070154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:06.436985970 CET377841068154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:06.437408924 CET410683778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.437408924 CET410683778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.438306093 CET410723778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.558109045 CET377841072154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:06.558482885 CET410723778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.559827089 CET410723778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.679573059 CET377841072154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:06.679851055 CET410723778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.712429047 CET377841070154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:06.712779045 CET410703778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.712779045 CET410703778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.713561058 CET410743778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.799689054 CET377841072154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:06.833121061 CET377841074154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:06.833194971 CET410743778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.835622072 CET410743778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:06.955286026 CET377841074154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:06.955581903 CET410743778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:07.075474977 CET377841074154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:07.858212948 CET377841072154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:07.858568907 CET410723778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:07.858661890 CET410723778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:07.859517097 CET410763778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:07.979345083 CET377841076154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:07.979778051 CET410763778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:07.981404066 CET410763778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:08.101012945 CET377841076154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:08.101259947 CET410763778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:08.132915020 CET377841074154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:08.133266926 CET410743778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:08.133266926 CET410743778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:08.133687019 CET410783778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:08.221450090 CET377841076154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:08.253395081 CET377841078154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:08.253590107 CET410783778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:08.255074024 CET410783778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:08.374933958 CET377841078154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:08.375220060 CET410783778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:08.495098114 CET377841078154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:09.279620886 CET377841076154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:09.280091047 CET410763778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.280134916 CET410763778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.281184912 CET410803778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.400958061 CET377841080154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:09.401283979 CET410803778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.402620077 CET410803778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.522842884 CET377841080154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:09.523180962 CET410803778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.552746058 CET377841078154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:09.552964926 CET410783778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.552964926 CET410783778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.553822041 CET410823778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.642884016 CET377841080154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:09.673410892 CET377841082154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:09.673660040 CET410823778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.675158024 CET410823778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.794956923 CET377841082154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:09.795254946 CET410823778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:09.914930105 CET377841082154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:10.700812101 CET377841080154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:10.701154947 CET410803778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:10.701339960 CET410803778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:10.702249050 CET410843778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:10.821907043 CET377841084154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:10.822143078 CET410843778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:10.823473930 CET410843778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:10.943156004 CET377841084154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:10.943413973 CET410843778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:10.970679045 CET377841082154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:10.970824957 CET410823778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:10.971070051 CET410823778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:10.972034931 CET410863778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:11.063330889 CET377841084154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:11.091686964 CET377841086154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:11.092005014 CET410863778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:11.093314886 CET410863778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:11.212974072 CET377841086154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:11.213385105 CET410863778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:11.333352089 CET377841086154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:12.119132996 CET377841084154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:12.119471073 CET410843778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.119471073 CET410843778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.120691061 CET410883778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.240690947 CET377841088154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:12.241154909 CET410883778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.243514061 CET410883778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.363221884 CET377841088154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:12.363543034 CET410883778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.393671036 CET377841086154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:12.393843889 CET410863778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.393937111 CET410863778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.394676924 CET410903778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.483268023 CET377841088154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:12.514523983 CET377841090154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:12.514657974 CET410903778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.516396999 CET410903778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.636112928 CET377841090154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:12.636483908 CET410903778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:12.756251097 CET377841090154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:13.543442965 CET377841088154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:13.544019938 CET410883778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.544111013 CET410883778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.545793056 CET410923778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.665779114 CET377841092154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:13.666039944 CET410923778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.668725014 CET410923778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.788871050 CET377841092154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:13.789146900 CET410923778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.814244986 CET377841090154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:13.814645052 CET410903778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.814687967 CET410903778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.815679073 CET410943778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.909209013 CET377841092154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:13.935451031 CET377841094154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:13.935883999 CET410943778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:13.937957048 CET410943778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:14.058337927 CET377841094154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:14.058478117 CET410943778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:14.178862095 CET377841094154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:14.967195034 CET377841092154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:14.967495918 CET410923778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:14.967495918 CET410923778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:14.968066931 CET410963778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:15.087713003 CET377841096154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:15.088051081 CET410963778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:15.089134932 CET410963778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:15.208854914 CET377841096154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:15.209398031 CET410963778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:15.329381943 CET377841096154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:16.385454893 CET377841096154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:16.385617971 CET410963778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:16.385704041 CET410963778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:16.386496067 CET410983778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:16.506479979 CET377841098154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:16.506865025 CET410983778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:16.507989883 CET410983778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:16.627619028 CET377841098154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:16.627815962 CET410983778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:16.749331951 CET377841098154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:17.806663036 CET377841098154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:17.807118893 CET410983778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:17.807118893 CET410983778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:17.807710886 CET411003778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:17.927908897 CET377841100154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:17.928127050 CET411003778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:17.929204941 CET411003778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:18.048755884 CET377841100154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:18.048881054 CET411003778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:18.168570042 CET377841100154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:19.229907990 CET377841100154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:19.230159998 CET411003778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:19.230159998 CET411003778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:19.230629921 CET411023778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:19.350074053 CET377841102154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:19.350182056 CET411023778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:19.351376057 CET411023778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:19.471329927 CET377841102154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:19.471520901 CET411023778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:19.591166973 CET377841102154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:20.650576115 CET377841102154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:20.650757074 CET411023778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:20.650803089 CET411023778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:20.651513100 CET411043778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:20.771076918 CET377841104154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:20.771383047 CET411043778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:20.772440910 CET411043778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:20.891902924 CET377841104154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:20.892040014 CET411043778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:21.011604071 CET377841104154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:22.073441029 CET377841104154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:22.073585987 CET411043778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:22.073632956 CET411043778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:22.074249029 CET411063778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:22.193864107 CET377841106154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:22.194032907 CET411063778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:22.195116997 CET411063778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:22.314798117 CET377841106154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:22.314944029 CET411063778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:22.434685946 CET377841106154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:23.490878105 CET377841106154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:23.491051912 CET411063778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:23.491095066 CET411063778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:23.491679907 CET411083778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:23.611346006 CET377841108154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:23.611478090 CET411083778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:23.612323046 CET411083778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:23.731987953 CET377841108154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:23.732151031 CET411083778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:23.851830006 CET377841108154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:23.947916985 CET410943778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:24.067552090 CET377841094154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:24.370199919 CET377841094154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:24.370367050 CET410943778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:24.911151886 CET377841108154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:24.911362886 CET411083778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:24.911438942 CET411083778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:24.912146091 CET411103778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:25.031836033 CET377841110154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:25.031992912 CET411103778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:25.933518887 CET411103778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:26.053138971 CET377841110154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:26.053265095 CET411103778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:26.054379940 CET411103778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:26.173886061 CET377841110154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:26.174063921 CET411103778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:26.293625116 CET377841110154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:27.353671074 CET377841110154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:27.353890896 CET411103778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:27.353979111 CET411103778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:27.354839087 CET411123778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:27.475486040 CET377841112154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:27.475774050 CET411123778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:27.477370977 CET411123778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:27.596955061 CET377841112154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:27.597121954 CET411123778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:27.716761112 CET377841112154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:37.487425089 CET411123778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:31:37.607341051 CET377841112154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:37.907983065 CET377841112154.216.20.216192.168.2.15
                    Dec 25, 2024 11:31:37.908158064 CET411123778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:32:24.430154085 CET410943778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:32:24.549865961 CET377841094154.216.20.216192.168.2.15
                    Dec 25, 2024 11:32:24.851607084 CET377841094154.216.20.216192.168.2.15
                    Dec 25, 2024 11:32:24.851833105 CET410943778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:32:37.964092970 CET411123778192.168.2.15154.216.20.216
                    Dec 25, 2024 11:32:38.084497929 CET377841112154.216.20.216192.168.2.15
                    Dec 25, 2024 11:32:38.385062933 CET377841112154.216.20.216192.168.2.15
                    Dec 25, 2024 11:32:38.385240078 CET411123778192.168.2.15154.216.20.216

                    System Behavior

                    General

                    Start time (UTC):10:30:45
                    Start date (UTC):25/12/2024
                    Path:/tmp/Space.arm6.elf
                    Arguments:/tmp/Space.arm6.elf
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    Chronological Activities


                    General

                    Start time (UTC):10:30:45
                    Start date (UTC):25/12/2024
                    Path:/tmp/Space.arm6.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    Chronological Activities


                    General

                    Start time (UTC):10:30:45
                    Start date (UTC):25/12/2024
                    Path:/tmp/Space.arm6.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    Chronological Activities


                    General

                    Start time (UTC):10:30:45
                    Start date (UTC):25/12/2024
                    Path:/tmp/Space.arm6.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    Chronological Activities


                    General

                    Start time (UTC):10:30:51
                    Start date (UTC):25/12/2024
                    Path:/tmp/Space.arm6.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    Chronological Activities


                    General

                    Start time (UTC):10:30:51
                    Start date (UTC):25/12/2024
                    Path:/tmp/Space.arm6.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    Chronological Activities