Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.sh4.elf

Overview

General Information

Sample name:ub8ehJSePAfc9FYqZIT6.sh4.elf
Analysis ID:1581065
MD5:1fa4bf6d5b97f07fb89fd8f8f2e93729
SHA1:0161a6c32dc82f6e73019c21b8dc7a72066691d4
SHA256:f2e616f9cc3036f423b3d1c75757c932a57e9e2af1e2d5205b69433eb8c85699
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1581065
Start date and time:2024-12-26 22:02:11 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 31s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ub8ehJSePAfc9FYqZIT6.sh4.elf
Detection:MAL
Classification:mal64.linELF@0/0@0/0

Warnings

  • VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.sh4.elf

Runtime Messages

Command:/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf
PID:5527
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ub8ehJSePAfc9FYqZIT6.sh4.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x11058:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1106c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11080:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11094:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1110c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11120:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11134:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11148:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1115c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11170:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11184:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11198:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

SourceRuleDescriptionAuthorStrings
5527.1.00007f8b54400000.00007f8b54414000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x11058:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1106c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11080:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11094:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1110c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11120:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11134:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11148:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1115c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11170:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11184:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11198:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5548.1.00007f8b54400000.00007f8b54414000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x11058:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1106c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11080:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11094:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1110c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11120:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11134:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11148:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1115c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11170:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11184:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11198:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5529.1.00007f8b54400000.00007f8b54414000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x11058:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1106c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11080:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11094:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1110c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11120:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11134:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11148:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1115c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11170:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11184:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11198:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5531.1.00007f8b54400000.00007f8b54414000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x11058:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1106c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11080:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11094:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x110f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1110c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11120:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11134:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11148:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1115c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11170:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11184:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11198:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x111e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.sh4.elf PID: 5527Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x1c89:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1c9d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1cb1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1cc5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1cd9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1ced:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1d01:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1d15:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1d29:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1d3d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1d51:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1d65:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1d79:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1d8d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1da1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1db5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1dc9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1ddd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1df1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1e05:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1e19:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 3 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: ub8ehJSePAfc9FYqZIT6.sh4.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: ub8ehJSePAfc9FYqZIT6.sh4.elfReversingLabs: Detection: 63%
Source: global trafficTCP traffic: 192.168.2.15:60192 -> 92.118.56.167:3778
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknownTCP traffic detected without corresponding DNS query: 92.118.56.167

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: ub8ehJSePAfc9FYqZIT6.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5527.1.00007f8b54400000.00007f8b54414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5548.1.00007f8b54400000.00007f8b54414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5529.1.00007f8b54400000.00007f8b54414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5531.1.00007f8b54400000.00007f8b54414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.sh4.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.sh4.elf PID: 5529, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.sh4.elf PID: 5531, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.sh4.elf PID: 5548, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Initial sampleString containing 'busybox' found: /bin/busybox
Source: Initial sampleString containing 'busybox' found: /proc/net/tcp.x86.x86_64.arm.arm5.arm6.arm7.mips.mipsel.sh4.ppc/proc/proc/%d/exe/proc/%s/statusrName:%s/bin/busybox/bin/systemd/usr/bintest/tmp/condi/tmp/zxcr9999/tmp/condinetwork/var/condibot/var/zxcr9999/var/CondiBot/var/condinet/bin/watchdog92.118.56.167
Source: ELF static info symbol of initial sample.symtab present: no
Source: ub8ehJSePAfc9FYqZIT6.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5527.1.00007f8b54400000.00007f8b54414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5548.1.00007f8b54400000.00007f8b54414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5529.1.00007f8b54400000.00007f8b54414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5531.1.00007f8b54400000.00007f8b54414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.sh4.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.sh4.elf PID: 5529, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.sh4.elf PID: 5531, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.sh4.elf PID: 5548, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal64.linELF@0/0@0/0
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/110/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/231/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/111/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/112/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/233/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/113/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/114/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/235/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/115/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1333/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/116/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1695/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/117/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/118/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/119/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/911/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/914/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/10/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/917/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/11/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/12/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/13/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/14/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/15/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/16/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/17/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/18/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/19/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1591/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/120/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/121/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/122/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/243/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/2/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/123/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/3/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/124/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1588/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/125/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/4/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/246/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/126/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/5/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/127/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/6/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1585/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/128/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/7/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/129/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/8/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/800/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/9/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/802/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/803/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/804/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/20/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/21/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/3407/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/22/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/23/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/24/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/25/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/26/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/27/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/28/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/29/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1484/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/490/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/250/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/130/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/251/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/131/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/132/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/133/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1479/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/378/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/258/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/259/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/931/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1595/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/812/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/933/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/30/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/3419/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/35/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/3673/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/3310/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/260/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/261/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/262/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/142/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/263/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/264/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/265/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/145/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/266/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/267/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/268/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/3303/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/269/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1486/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/1806/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/3440/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)File opened: /proc/270/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf (PID: 5527)Queries kernel information via 'uname': Jump to behavior
Source: ub8ehJSePAfc9FYqZIT6.sh4.elf, 5527.1.00007ffcbfdee000.00007ffcbfe0f000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5529.1.00007ffcbfdee000.00007ffcbfe0f000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5531.1.00007ffcbfdee000.00007ffcbfe0f000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5548.1.00007ffcbfdee000.00007ffcbfe0f000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
Source: ub8ehJSePAfc9FYqZIT6.sh4.elf, 5527.1.000056067d86f000.000056067d8f9000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5529.1.000056067d86f000.000056067d8d2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5531.1.000056067d86f000.000056067d8d2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5548.1.000056067d86f000.000056067d8f9000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
Source: ub8ehJSePAfc9FYqZIT6.sh4.elf, 5527.1.00007ffcbfdee000.00007ffcbfe0f000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5529.1.00007ffcbfdee000.00007ffcbfe0f000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5531.1.00007ffcbfdee000.00007ffcbfe0f000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5548.1.00007ffcbfdee000.00007ffcbfe0f000.rw-.sdmpBinary or memory string: !x86_64/usr/bin/qemu-sh4/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf
Source: ub8ehJSePAfc9FYqZIT6.sh4.elf, 5527.1.000056067d86f000.000056067d8f9000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5529.1.000056067d86f000.000056067d8d2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5531.1.000056067d86f000.000056067d8d2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.sh4.elf, 5548.1.000056067d86f000.000056067d8f9000.rw-.sdmpBinary or memory string: V5!/etc/qemu-binfmt/sh4

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581065 Sample: ub8ehJSePAfc9FYqZIT6.sh4.elf Startdate: 26/12/2024 Architecture: LINUX Score: 64 20 92.118.56.167, 3778, 60192, 60194 M247GB Germany 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 26 Multi AV Scanner detection for submitted file 2->26 8 ub8ehJSePAfc9FYqZIT6.sh4.elf 2->8         started        signatures3 process4 process5 10 ub8ehJSePAfc9FYqZIT6.sh4.elf 8->10         started        12 ub8ehJSePAfc9FYqZIT6.sh4.elf 8->12         started        14 ub8ehJSePAfc9FYqZIT6.sh4.elf 8->14         started        process6 16 ub8ehJSePAfc9FYqZIT6.sh4.elf 10->16         started        18 ub8ehJSePAfc9FYqZIT6.sh4.elf 10->18         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ub8ehJSePAfc9FYqZIT6.sh4.elf63%ReversingLabsLinux.Backdoor.Mirai
ub8ehJSePAfc9FYqZIT6.sh4.elf100%AviraLINUX/Mirai.bonb

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
92.118.56.167
unknownGermany
9009M247GBfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
92.118.56.167ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse

    Domains

    No context

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    M247GBub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
    • 92.118.56.167
    http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
    • 38.132.109.126
    nklppc.elfGet hashmaliciousUnknownBrowse
    • 193.160.72.174
    https://en.newsnowbangla.com/archives/69912Get hashmaliciousHTMLPhisher, TechSupportScamBrowse
    • 45.10.162.162
    arm.elfGet hashmaliciousUnknownBrowse
    • 92.249.48.36
    powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
    • 38.204.189.65
    hmips.elfGet hashmaliciousMiraiBrowse
    • 38.207.37.102
    nshppc.elfGet hashmaliciousMiraiBrowse
    • 185.120.145.21
    la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
    • 196.18.78.47
    x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
    • 196.16.89.5

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
    Entropy (8bit):6.603703169295471
    TrID:
    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
    File name:ub8ehJSePAfc9FYqZIT6.sh4.elf
    File size:82'652 bytes
    MD5:1fa4bf6d5b97f07fb89fd8f8f2e93729
    SHA1:0161a6c32dc82f6e73019c21b8dc7a72066691d4
    SHA256:f2e616f9cc3036f423b3d1c75757c932a57e9e2af1e2d5205b69433eb8c85699
    SHA512:4d96e42e15c688195645b135a5e034a1f4f92840246d19752f82e78429f65d7f8999add92c33dba2a49c58bb2b823ba07b0974654fed5a958aad367b2d1a4403
    SSDEEP:1536:/RU/uDZhX+yTzUIDrnYVohwH5wX6SNmTdEyRer:q/+PX+yTzUEnY66L5dR2
    TLSH:8E839E61F0142CA5C8660674F0F8ED35471369F123A52CB26EEEE9A184F368DF44AFD4
    File Content Preview:.ELF..............*.......@.4...LA......4. ...(...............@...@.L4..L4...............@...@B..@B.0...............Q.td..............................././"O.n......#.*@........#.*@L...&O.n.l..................................././.../.a"O.!...n...a.b("...q.

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, little endian
    Version:1 (current)
    Machine:<unknown>
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x4001a0
    Flags:0xc
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:82252
    Section Header Size:40
    Number of Section Headers:10
    Header String Table Index:9

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .initPROGBITS0x4000940x940x2e0x00x6AX004
    .textPROGBITS0x4000e00xe00x10e600x00x6AX0032
    .finiPROGBITS0x410f400x10f400x220x00x6AX004
    .rodataPROGBITS0x410f640x10f640x24e80x00x2A004
    .ctorsPROGBITS0x4240dc0x140dc0x80x00x3WA004
    .dtorsPROGBITS0x4240e40x140e40x80x00x3WA004
    .dataPROGBITS0x4240f00x140f00x1c0x00x3WA004
    .bssNOBITS0x42410c0x1410c0xaec0x00x3WA004
    .shstrtabSTRTAB0x00x1410c0x3e0x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x4000000x4000000x1344c0x1344c6.77590x5R E0x10000.init .text .fini .rodata
    LOAD0x140dc0x4240dc0x4240dc0x300xb1c2.47110x6RW 0x10000.ctors .dtors .data .bss
    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Dec 26, 2024 22:02:52.903743029 CET601923778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:53.023469925 CET37786019292.118.56.167192.168.2.15
    Dec 26, 2024 22:02:53.023610115 CET601923778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:53.050220013 CET601923778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:53.169778109 CET37786019292.118.56.167192.168.2.15
    Dec 26, 2024 22:02:53.169893026 CET601923778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:53.289449930 CET37786019292.118.56.167192.168.2.15
    Dec 26, 2024 22:02:54.253757000 CET37786019292.118.56.167192.168.2.15
    Dec 26, 2024 22:02:54.253900051 CET601923778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:54.254156113 CET601923778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:54.255033016 CET601943778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:54.374536991 CET37786019492.118.56.167192.168.2.15
    Dec 26, 2024 22:02:54.375014067 CET601943778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:54.378256083 CET601943778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:54.497684002 CET37786019492.118.56.167192.168.2.15
    Dec 26, 2024 22:02:54.497921944 CET601943778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:54.617392063 CET37786019492.118.56.167192.168.2.15
    Dec 26, 2024 22:02:55.606311083 CET37786019492.118.56.167192.168.2.15
    Dec 26, 2024 22:02:55.606431007 CET601943778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:55.606472015 CET601943778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:55.606925964 CET601963778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:55.726401091 CET37786019692.118.56.167192.168.2.15
    Dec 26, 2024 22:02:55.726567984 CET601963778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:55.727560043 CET601963778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:55.847724915 CET37786019692.118.56.167192.168.2.15
    Dec 26, 2024 22:02:55.847887993 CET601963778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:55.967628956 CET37786019692.118.56.167192.168.2.15
    Dec 26, 2024 22:02:56.956182957 CET37786019692.118.56.167192.168.2.15
    Dec 26, 2024 22:02:56.956418991 CET601963778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:56.956466913 CET601963778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:56.957114935 CET601983778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:57.076606989 CET37786019892.118.56.167192.168.2.15
    Dec 26, 2024 22:02:57.076822996 CET601983778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:57.077651978 CET601983778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:57.197369099 CET37786019892.118.56.167192.168.2.15
    Dec 26, 2024 22:02:57.197619915 CET601983778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:57.317375898 CET37786019892.118.56.167192.168.2.15
    Dec 26, 2024 22:02:58.314240932 CET37786019892.118.56.167192.168.2.15
    Dec 26, 2024 22:02:58.314563036 CET601983778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:58.314616919 CET601983778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:58.315146923 CET602003778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:58.434602976 CET37786020092.118.56.167192.168.2.15
    Dec 26, 2024 22:02:58.434698105 CET602003778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:58.435448885 CET602003778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:58.555289984 CET37786020092.118.56.167192.168.2.15
    Dec 26, 2024 22:02:58.555409908 CET602003778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:58.674967051 CET37786020092.118.56.167192.168.2.15
    Dec 26, 2024 22:02:59.224912882 CET602023778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:59.344624043 CET37786020292.118.56.167192.168.2.15
    Dec 26, 2024 22:02:59.344702005 CET602023778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:59.357408047 CET602023778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:59.477014065 CET37786020292.118.56.167192.168.2.15
    Dec 26, 2024 22:02:59.477076054 CET602023778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:59.596923113 CET37786020292.118.56.167192.168.2.15
    Dec 26, 2024 22:02:59.663446903 CET37786020092.118.56.167192.168.2.15
    Dec 26, 2024 22:02:59.663552999 CET602003778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:59.663656950 CET602003778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:59.664494038 CET602043778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:59.785504103 CET37786020492.118.56.167192.168.2.15
    Dec 26, 2024 22:02:59.785592079 CET602043778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:59.786600113 CET602043778192.168.2.1592.118.56.167
    Dec 26, 2024 22:02:59.906188965 CET37786020492.118.56.167192.168.2.15
    Dec 26, 2024 22:02:59.906322002 CET602043778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:00.025870085 CET37786020492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:00.752197981 CET37786020292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:00.752357960 CET602023778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:00.752562046 CET602023778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:00.753268003 CET602063778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:00.872683048 CET37786020692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:00.872919083 CET602063778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:00.875426054 CET602063778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:00.994909048 CET37786020692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:00.995013952 CET602063778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:01.024707079 CET37786020492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:01.024813890 CET602043778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:01.024857998 CET602043778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:01.025372028 CET602083778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:01.116251945 CET37786020692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:01.144897938 CET37786020892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:01.145108938 CET602083778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:01.145842075 CET602083778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:01.265803099 CET37786020892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:01.266052961 CET602083778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:01.385534048 CET37786020892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:02.104360104 CET37786020692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:02.104463100 CET602063778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.104533911 CET602063778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.105144024 CET602103778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.224554062 CET37786021092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:02.224703074 CET602103778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.225778103 CET602103778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.345345974 CET37786021092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:02.345467091 CET602103778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.382678032 CET37786020892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:02.382801056 CET602083778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.383019924 CET602083778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.383562088 CET602123778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.464956045 CET37786021092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:02.503034115 CET37786021292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:02.503220081 CET602123778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.504069090 CET602123778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.623616934 CET37786021292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:02.623866081 CET602123778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:02.743524075 CET37786021292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:03.470753908 CET37786021092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:03.471023083 CET602103778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:03.471106052 CET602103778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:03.472136021 CET602143778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:03.591667891 CET37786021492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:03.591801882 CET602143778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:03.593179941 CET602143778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:03.712627888 CET37786021492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:03.712769985 CET602143778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:03.741396904 CET37786021292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:03.741493940 CET602123778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:03.741533995 CET602123778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:03.742033958 CET602163778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:03.832248926 CET37786021492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:04.091336966 CET37786021292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:04.091424942 CET37786021692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:04.091599941 CET602123778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:04.091612101 CET602163778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:04.092755079 CET602163778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:04.212225914 CET37786021692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:04.212353945 CET602163778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:04.332047939 CET37786021692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:04.820211887 CET37786021492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:04.820425987 CET602143778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:04.820537090 CET602143778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:04.821207047 CET602183778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:04.941277981 CET37786021892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:04.941448927 CET602183778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:04.942481995 CET602183778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:05.061939001 CET37786021892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:05.062083960 CET602183778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:05.181725979 CET37786021892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:05.330233097 CET37786021692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:05.330413103 CET602163778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:05.330554008 CET602163778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:05.331480980 CET602203778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:05.451148987 CET37786022092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:05.451354027 CET602203778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:05.452330112 CET602203778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:05.571830988 CET37786022092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:05.571980953 CET602203778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:05.691525936 CET37786022092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:06.174993992 CET37786021892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:06.175154924 CET602183778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.175179958 CET602183778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.175909042 CET602223778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.295896053 CET37786022292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:06.296058893 CET602223778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.297384977 CET602223778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.416826010 CET37786022292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:06.416950941 CET602223778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.536494970 CET37786022292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:06.681515932 CET37786022092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:06.681643963 CET602203778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.681713104 CET602203778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.682313919 CET602243778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.801758051 CET37786022492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:06.801867962 CET602243778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.802714109 CET602243778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:06.922198057 CET37786022492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:06.922339916 CET602243778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:07.041794062 CET37786022492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:07.621082067 CET37786022292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:07.621247053 CET602223778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:07.621304035 CET602223778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:07.622081995 CET602263778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:07.742221117 CET37786022692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:07.742343903 CET602263778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:07.743269920 CET602263778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:07.864326000 CET37786022692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:07.864418983 CET602263778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:07.983933926 CET37786022692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:08.072607040 CET37786022492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:08.072719097 CET602243778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:08.072830915 CET602243778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:08.073483944 CET602283778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:08.192939997 CET37786022892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:08.193130016 CET602283778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:08.194355965 CET602283778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:08.313849926 CET37786022892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:08.314013958 CET602283778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:08.433510065 CET37786022892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:08.994159937 CET37786022692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:08.994297981 CET602263778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:08.994328022 CET602263778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:08.995157957 CET602303778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.114732981 CET37786023092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:09.114876986 CET602303778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.115871906 CET602303778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.482462883 CET602303778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.662657022 CET37786022892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:09.662765026 CET602283778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.662792921 CET37786023092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:09.662844896 CET602283778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.662847042 CET37786023092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:09.663465977 CET602323778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.690170050 CET37786022892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:09.690234900 CET602283778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.782931089 CET37786023292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:09.783042908 CET602323778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.783807993 CET602323778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:09.903274059 CET37786023292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:09.903352022 CET602323778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:10.022882938 CET37786023292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:10.772761106 CET37786023092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:10.773124933 CET602303778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:10.773124933 CET602303778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:10.774048090 CET602343778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:10.894675016 CET37786023492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:10.895056009 CET602343778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:10.896152973 CET602343778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:11.012871027 CET37786023292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:11.013143063 CET602323778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:11.013268948 CET602323778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:11.014105082 CET602363778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:11.015578032 CET37786023492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:11.015651941 CET602343778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:11.133523941 CET37786023692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:11.133801937 CET602363778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:11.135030031 CET602363778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:11.135040998 CET37786023492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:11.254446983 CET37786023692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:11.254755020 CET602363778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:11.374187946 CET37786023692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:12.129023075 CET37786023492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:12.129234076 CET602343778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.129345894 CET602343778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.130403042 CET602383778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.250818968 CET37786023892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:12.251080990 CET602383778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.252496004 CET602383778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.371937990 CET37786023892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:12.372083902 CET602383778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.421672106 CET37786023692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:12.421792984 CET602363778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.421902895 CET602363778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.422693014 CET602403778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.491700888 CET37786023892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:12.542201996 CET37786024092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:12.542370081 CET602403778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.543797016 CET602403778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.906513929 CET602403778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:12.910291910 CET37786024092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:13.026045084 CET37786024092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:13.731803894 CET37786023892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:13.732253075 CET602383778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:13.732290983 CET602383778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:13.733234882 CET602423778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:13.852947950 CET37786024292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:13.853197098 CET602423778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:13.854590893 CET602423778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:13.974299908 CET37786024292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:13.974467039 CET602423778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:14.094156981 CET37786024292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:14.145113945 CET37786024092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:14.145345926 CET602403778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:14.145436049 CET602403778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:14.146024942 CET602443778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:14.265523911 CET37786024492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:14.265630007 CET602443778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:14.266560078 CET602443778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:14.386102915 CET37786024492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:14.386192083 CET602443778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:14.505892038 CET37786024492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:15.082878113 CET37786024292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:15.083014965 CET602423778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.083081961 CET602423778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.083686113 CET602463778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.203299999 CET37786024692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:15.203485012 CET602463778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.204299927 CET602463778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.323760033 CET37786024692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:15.323848009 CET602463778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.443356037 CET37786024692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:15.494931936 CET37786024492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:15.495028019 CET602443778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.495078087 CET602443778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.495625973 CET602483778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.615194082 CET37786024892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:15.615454912 CET602483778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.616539001 CET602483778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.736017942 CET37786024892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:15.736262083 CET602483778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:15.855984926 CET37786024892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:16.432816982 CET37786024692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:16.433202982 CET602463778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.433224916 CET602463778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.433923960 CET602503778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.553493977 CET37786025092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:16.553695917 CET602503778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.554625034 CET602503778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.674149990 CET37786025092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:16.674282074 CET602503778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.794056892 CET37786025092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:16.844671965 CET37786024892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:16.844923019 CET602483778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.845225096 CET602483778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.845773935 CET602523778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.965353012 CET37786025292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:16.965612888 CET602523778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:16.966475010 CET602523778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:17.086007118 CET37786025292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:17.086343050 CET602523778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:17.206371069 CET37786025292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:17.783189058 CET37786025092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:17.783453941 CET602503778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:17.783502102 CET602503778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:17.784369946 CET602543778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:17.903953075 CET37786025492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:17.904337883 CET602543778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:17.905791044 CET602543778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:18.025286913 CET37786025492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:18.025501966 CET602543778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:18.145082951 CET37786025492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:18.195347071 CET37786025292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:18.195728064 CET602523778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:18.195822001 CET602523778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:18.196719885 CET602563778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:18.317238092 CET37786025692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:18.317651033 CET602563778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:18.319742918 CET602563778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:18.439795017 CET37786025692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:18.440107107 CET602563778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:18.559693098 CET37786025692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:19.185122967 CET37786025492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:19.185286045 CET602543778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.185308933 CET602543778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.186065912 CET602583778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.306158066 CET37786025892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:19.306371927 CET602583778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.307696104 CET602583778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.427433014 CET37786025892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:19.427598953 CET602583778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.547365904 CET37786025892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:19.786627054 CET37786025692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:19.786803961 CET602563778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.786911011 CET602563778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.787648916 CET602603778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.907471895 CET37786026092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:19.907736063 CET602603778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:19.908932924 CET602603778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:20.028527975 CET37786026092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:20.028609991 CET602603778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:20.148588896 CET37786026092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:21.399542093 CET37786026092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:21.399682999 CET602603778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:21.399722099 CET602603778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:21.400305033 CET602623778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:21.519761086 CET37786026292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:21.519845009 CET602623778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:21.520505905 CET602623778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:21.639981985 CET37786026292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:21.640146971 CET602623778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:21.759697914 CET37786026292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:22.807048082 CET37786026292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:22.807176113 CET602623778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:22.807204962 CET602623778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:22.807801008 CET602643778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:22.927309036 CET37786026492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:22.927469015 CET602643778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:22.928463936 CET602643778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:23.047910929 CET37786026492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:23.048027039 CET602643778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:23.168123007 CET37786026492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:24.229430914 CET37786026492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:24.229711056 CET602643778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:24.229876041 CET602643778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:24.230823040 CET602663778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:24.350585938 CET37786026692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:24.350861073 CET602663778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:24.352281094 CET602663778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:24.472625017 CET37786026692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:24.472788095 CET602663778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:24.592710972 CET37786026692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:25.631928921 CET37786026692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:25.632062912 CET602663778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:25.632132053 CET602663778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:25.632698059 CET602683778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:25.752198935 CET37786026892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:25.752332926 CET602683778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:25.753175020 CET602683778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:25.872728109 CET37786026892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:25.872839928 CET602683778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:25.992614031 CET37786026892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:26.984860897 CET37786026892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:26.985202074 CET602683778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:26.985235929 CET602683778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:26.986044884 CET602703778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:27.105529070 CET37786027092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:27.105782986 CET602703778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:27.107181072 CET602703778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:27.226675034 CET37786027092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:27.226949930 CET602703778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:27.346626043 CET37786027092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:28.347729921 CET37786027092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:28.348100901 CET602703778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:28.348190069 CET602703778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:28.349035025 CET602723778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:28.468688011 CET37786027292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:28.469063997 CET602723778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:28.470443964 CET602723778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:28.589919090 CET37786027292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:28.590198040 CET602723778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:28.709810019 CET37786027292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:29.318084955 CET602583778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:29.437983990 CET37786025892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:29.676709890 CET37786025892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:29.676899910 CET602583778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:29.699506998 CET37786027292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:29.699620008 CET602723778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:29.699703932 CET602723778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:29.700525999 CET602743778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:29.820209026 CET37786027492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:29.820472002 CET602743778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:29.821893930 CET602743778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:30.186009884 CET602743778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:30.379029989 CET37786027492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:30.379065037 CET37786027492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:31.489173889 CET37786027492.118.56.167192.168.2.15
    Dec 26, 2024 22:03:31.489401102 CET602743778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:31.489468098 CET602743778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:31.490292072 CET602763778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:31.610025883 CET37786027692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:31.610179901 CET602763778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:31.611640930 CET602763778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:31.731102943 CET37786027692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:31.731239080 CET602763778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:31.850884914 CET37786027692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:32.840132952 CET37786027692.118.56.167192.168.2.15
    Dec 26, 2024 22:03:32.840468884 CET602763778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:32.840500116 CET602763778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:32.841083050 CET602783778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:32.960654974 CET37786027892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:32.961028099 CET602783778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:32.961869955 CET602783778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:33.081317902 CET37786027892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:33.081566095 CET602783778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:33.201314926 CET37786027892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:34.227813959 CET37786027892.118.56.167192.168.2.15
    Dec 26, 2024 22:03:34.227941990 CET602783778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:34.227993011 CET602783778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:34.228576899 CET602803778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:34.348113060 CET37786028092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:34.348314047 CET602803778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:34.349903107 CET602803778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:34.469341040 CET37786028092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:34.469415903 CET602803778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:34.588864088 CET37786028092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:35.644154072 CET37786028092.118.56.167192.168.2.15
    Dec 26, 2024 22:03:35.644308090 CET602803778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:35.644351959 CET602803778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:35.645102978 CET602823778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:35.764540911 CET37786028292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:35.764619112 CET602823778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:35.765783072 CET602823778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:35.885236979 CET37786028292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:35.885390997 CET602823778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:36.005208969 CET37786028292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:45.772553921 CET602823778192.168.2.1592.118.56.167
    Dec 26, 2024 22:03:45.892190933 CET37786028292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:46.129991055 CET37786028292.118.56.167192.168.2.15
    Dec 26, 2024 22:03:46.130188942 CET602823778192.168.2.1592.118.56.167
    Dec 26, 2024 22:04:29.729058027 CET602583778192.168.2.1592.118.56.167
    Dec 26, 2024 22:04:29.848767042 CET37786025892.118.56.167192.168.2.15
    Dec 26, 2024 22:04:30.087582111 CET37786025892.118.56.167192.168.2.15
    Dec 26, 2024 22:04:30.087824106 CET602583778192.168.2.1592.118.56.167
    Dec 26, 2024 22:04:46.189068079 CET602823778192.168.2.1592.118.56.167
    Dec 26, 2024 22:04:46.308734894 CET37786028292.118.56.167192.168.2.15
    Dec 26, 2024 22:04:46.546370029 CET37786028292.118.56.167192.168.2.15
    Dec 26, 2024 22:04:46.546530962 CET602823778192.168.2.1592.118.56.167

    System Behavior

    General

    Start time (UTC):21:02:52
    Start date (UTC):26/12/2024
    Path:/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf
    Arguments:/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf
    File size:4139976 bytes
    MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

    Chronological Activities


    General

    Start time (UTC):21:02:52
    Start date (UTC):26/12/2024
    Path:/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf
    Arguments:-
    File size:4139976 bytes
    MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

    Chronological Activities


    General

    Start time (UTC):21:02:52
    Start date (UTC):26/12/2024
    Path:/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf
    Arguments:-
    File size:4139976 bytes
    MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

    Chronological Activities


    General

    Start time (UTC):21:02:52
    Start date (UTC):26/12/2024
    Path:/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf
    Arguments:-
    File size:4139976 bytes
    MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

    Chronological Activities


    General

    Start time (UTC):21:02:58
    Start date (UTC):26/12/2024
    Path:/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf
    Arguments:-
    File size:4139976 bytes
    MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

    Chronological Activities


    General

    Start time (UTC):21:02:58
    Start date (UTC):26/12/2024
    Path:/tmp/ub8ehJSePAfc9FYqZIT6.sh4.elf
    Arguments:-
    File size:4139976 bytes
    MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

    Chronological Activities