Edit tour

Linux Analysis Report
Space.mips.elf

Overview

General Information

Sample name:	Space.mips.elf
Analysis ID:	1581297
MD5:	bfaa04ccd012b09be805bd489a4775bb
SHA1:	de53bbdf475cdb83582b2018196ad1d4b8719547
SHA256:	421d80f8efd39afb7cfa2bc967026786261fd4267497db25bf33e37d5ee88e47
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Sample contains only a LOAD segment without any section mappings

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581297
Start date and time:	2024-12-27 10:33:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Space.mips.elf
Detection:	MAL
Classification:	mal60.evad.linELF@0/0@0/0

Warnings

VT rate limit hit for: Space.mips.elf

Runtime Messages

Command:	/tmp/Space.mips.elf
PID:	6217
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

Space.mips.elf (PID: 6217, Parent: 6124, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/Space.mips.elf

Space.mips.elf New Fork (PID: 6219, Parent: 6217)

Space.mips.elf New Fork (PID: 6221, Parent: 6219)

Space.mips.elf New Fork (PID: 6223, Parent: 6219)

Space.mips.elf New Fork (PID: 6227, Parent: 6217)

Space.mips.elf New Fork (PID: 6228, Parent: 6217)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
6217.1.00007ff748400000.00007ff74842c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6219.1.00007ff748400000.00007ff74842c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6221.1.00007ff748400000.00007ff74842c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6227.1.00007ff748400000.00007ff74842c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.mips.elf PID: 6217	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x3b10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3ca0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.mips.elf PID: 6219	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1103:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1117:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x112b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x113f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1153:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1167:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x117b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x118f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11b7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11df:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1207:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x121b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x122f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1243:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1257:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x127f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1293:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.mips.elf PID: 6221	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x4afa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b0e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b22:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b36:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b4a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b5e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b72:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b86:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b9a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4bae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4bc2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4bd6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4bea:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4bfe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c12:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c26:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c3a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c4e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c62:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c76:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c8a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.mips.elf PID: 6227	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x8170:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8184:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8198:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x81ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x81c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x81d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x81e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x81fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8210:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8224:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8238:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x824c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8260:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8274:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8288:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x829c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x82b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x82c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x82d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x82ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8300:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 3 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Space.mips.elf

ReversingLabs: Detection: 42%

Source: global traffic

TCP traffic: 192.168.2.23:53256 -> 159.100.18.129:3778

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129
Source: unknown	TCP traffic detected without corresponding DNS query: 159.100.18.129

Source: Space.mips.elf

String found in binary or memory: http://upx.sf.net

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: 6217.1.00007ff748400000.00007ff74842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6219.1.00007ff748400000.00007ff74842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6221.1.00007ff748400000.00007ff74842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6227.1.00007ff748400000.00007ff74842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.mips.elf PID: 6217, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.mips.elf PID: 6219, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.mips.elf PID: 6221, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.mips.elf PID: 6227, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: LOAD without section mappings

Program segment: 0x100000

Source: 6217.1.00007ff748400000.00007ff74842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6219.1.00007ff748400000.00007ff74842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6221.1.00007ff748400000.00007ff74842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6227.1.00007ff748400000.00007ff74842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.mips.elf PID: 6217, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.mips.elf PID: 6219, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.mips.elf PID: 6221, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.mips.elf PID: 6227, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal60.evad.linELF@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1582/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/3088/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/230/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/231/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/232/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1579/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/233/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1699/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1335/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1698/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1334/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1576/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/2302/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/236/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/237/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/910/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/912/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/2307/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/918/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1594/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1349/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1344/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1465/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1586/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1463/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/801/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1900/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/491/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1599/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1477/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/379/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1476/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1475/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/936/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/2208/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/35/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1809/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/1494/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/260/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/261/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/141/status	Jump to behavior
Source: /tmp/Space.mips.elf (PID: 6217)	File opened: /proc/262/status	Jump to behavior

Source: Space.mips.elf

Submission file: segment LOAD with 7.9489 entropy (max. 8.0)

Source: /tmp/Space.mips.elf (PID: 6217)

Queries kernel information via 'uname':

Jump to behavior

Source: Space.mips.elf, 6217.1.00007fff40771000.00007fff40792000.rw-.sdmp, Space.mips.elf, 6219.1.00007fff40771000.00007fff40792000.rw-.sdmp, Space.mips.elf, 6221.1.00007fff40771000.00007fff40792000.rw-.sdmp, Space.mips.elf, 6227.1.00007fff40771000.00007fff40792000.rw-.sdmp	Binary or memory string: ldq0x86_64/usr/bin/qemu-mips/tmp/Space.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Space.mips.elf
Source: Space.mips.elf, 6217.1.00005593641cc000.0000559364274000.rw-.sdmp, Space.mips.elf, 6219.1.00005593641cc000.0000559364274000.rw-.sdmp, Space.mips.elf, 6221.1.00005593641cc000.0000559364274000.rw-.sdmp, Space.mips.elf, 6227.1.00005593641cc000.0000559364274000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: Space.mips.elf, 6217.1.00005593641cc000.0000559364274000.rw-.sdmp, Space.mips.elf, 6219.1.00005593641cc000.0000559364274000.rw-.sdmp, Space.mips.elf, 6221.1.00005593641cc000.0000559364274000.rw-.sdmp, Space.mips.elf, 6227.1.00005593641cc000.0000559364274000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: Space.mips.elf, 6217.1.00007fff40771000.00007fff40792000.rw-.sdmp, Space.mips.elf, 6219.1.00007fff40771000.00007fff40792000.rw-.sdmp, Space.mips.elf, 6221.1.00007fff40771000.00007fff40792000.rw-.sdmp, Space.mips.elf, 6227.1.00007fff40771000.00007fff40792000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Obfuscated Files or Information	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Space.mips.elf	42%	ReversingLabs	Linux.Trojan.Multiverze

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Space.mips.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
159.100.18.129	unknown	Germany	44066	DE-FIRSTCOLOwwwfirst-colonetDE	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	sh4.nn.elf	Get hash	malicious	Okiru	Browse
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse
	db0fa4b8db0333367e9bda3ab68b8042.mpsl.elf	Get hash	malicious	Unknown	Browse
	RpcSecurity.arm5.elf	Get hash	malicious	Unknown	Browse
	RpcSecurity.arc.elf	Get hash	malicious	Mirai	Browse
	RpcSecurity.sh4.elf	Get hash	malicious	Unknown	Browse
	db0fa4b8db0333367e9bda3ab68b8042.arm5.elf	Get hash	malicious	Unknown	Browse
	db0fa4b8db0333367e9bda3ab68b8042.ppc.elf	Get hash	malicious	Unknown	Browse
	db0fa4b8db0333367e9bda3ab68b8042.arm.elf	Get hash	malicious	Unknown	Browse
91.189.91.42	sh4.nn.elf	Get hash	malicious	Okiru	Browse
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse
	db0fa4b8db0333367e9bda3ab68b8042.mpsl.elf	Get hash	malicious	Unknown	Browse
	RpcSecurity.arm5.elf	Get hash	malicious	Unknown	Browse
	RpcSecurity.arc.elf	Get hash	malicious	Mirai	Browse
	RpcSecurity.sh4.elf	Get hash	malicious	Unknown	Browse
	db0fa4b8db0333367e9bda3ab68b8042.arm5.elf	Get hash	malicious	Unknown	Browse
	db0fa4b8db0333367e9bda3ab68b8042.ppc.elf	Get hash	malicious	Unknown	Browse
	db0fa4b8db0333367e9bda3ab68b8042.arm.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	arm6.nn.elf	Get hash	malicious	Okiru	Browse	185.125.190.26
	sh4.nn.elf	Get hash	malicious	Okiru	Browse	91.189.91.42
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse	91.189.91.42
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse	91.189.91.42
	db0fa4b8db0333367e9bda3ab68b8042.mpsl.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	RpcSecurity.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	RpcSecurity.arm7.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	RpcSecurity.ppc.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	RpcSecurity.arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	RpcSecurity.sh4.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
INIT7CH	sh4.nn.elf	Get hash	malicious	Okiru	Browse	109.202.202.202
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse	109.202.202.202
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse	109.202.202.202
	db0fa4b8db0333367e9bda3ab68b8042.mpsl.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	RpcSecurity.arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	RpcSecurity.arc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	RpcSecurity.sh4.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	db0fa4b8db0333367e9bda3ab68b8042.arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	db0fa4b8db0333367e9bda3ab68b8042.ppc.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	db0fa4b8db0333367e9bda3ab68b8042.arm.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
DE-FIRSTCOLOwwwfirst-colonetDE	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	159.100.14.33
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	159.100.14.33
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	159.100.14.33
	boatnet.x86.elf	Get hash	malicious	Mirai	Browse	159.100.14.33
	boatnet.spc.elf	Get hash	malicious	Mirai	Browse	159.100.14.33
	boatnet.mips.elf	Get hash	malicious	Mirai	Browse	159.100.14.33
	159.100.14.33-boatnet.arm-2024-12-25T14_31_19.elf	Get hash	malicious	Mirai	Browse	159.100.14.33
	159.100.14.33-boatnet.arm7-2024-12-25T14_32_39.elf	Get hash	malicious	Mirai	Browse	159.100.14.33
	159.100.14.33-boatnet.m68k-2024-12-25T14_31_19.elf	Get hash	malicious	Mirai	Browse	159.100.14.33
	hidakibest.x86.elf	Get hash	malicious	Mirai, Gafgyt	Browse	31.172.83.147

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.946681228262986
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	Space.mips.elf
File size:	44'188 bytes
MD5:	bfaa04ccd012b09be805bd489a4775bb
SHA1:	de53bbdf475cdb83582b2018196ad1d4b8719547
SHA256:	421d80f8efd39afb7cfa2bc967026786261fd4267497db25bf33e37d5ee88e47
SHA512:	a6da645dba966dd2aed51876d49462c3af0a8847941da447110cb145e5fea372d184705ade19ac56d5d6741a5923bfeb3f94b9c2c539f0588d92f91c12c05fb6
SSDEEP:	768:M6DfzzMwdu3W4CbuznqQd8eYkGyJfH6QhjS0jlDGnHMhgNSRxUkCkHhVeg527FvM:tDEwdu3ubuznqreGyJfH6QhjDGnHMhg4
TLSH:	0D13F194370341EACB59D8F487F403627B761FF9618A8C087CA1DBE1AAE144CBCE4AD4
File Content Preview:	.ELF.......................(...4.........4. ...(.......................l...l.................C...C......................UPX!.d.....................V.......?.E.h4...@b..) ..]....E..`..........@4#.Y..~.9....b...Q".\|.H.%Q.z....6u.."....cLw...................

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x109828
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	2
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
LOAD	0x0	0x100000	0x100000	0xab6c	0xab6c	7.9489	0x5	R E	0x10000
LOAD	0xcffc	0x43cffc	0x43cffc	0x0	0x0	0.0000	0x6	RW	0x10000

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 10:34:13.124886036 CET	53256	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:13.192795038 CET	43928	443	192.168.2.23	91.189.91.42
Dec 27, 2024 10:34:13.244786024 CET	3778	53256	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:13.244899988 CET	53256	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:13.261069059 CET	53256	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:13.380534887 CET	3778	53256	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:13.380589008 CET	53256	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:13.500195980 CET	3778	53256	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:14.603192091 CET	3778	53256	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:14.603451967 CET	53256	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:14.603728056 CET	53256	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:14.604331970 CET	53258	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:14.725167036 CET	3778	53258	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:14.725502014 CET	53258	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:14.726824045 CET	53258	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:14.846286058 CET	3778	53258	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:14.846544981 CET	53258	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:14.966109037 CET	3778	53258	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:15.984077930 CET	3778	53258	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:15.984345913 CET	53258	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:15.984384060 CET	53258	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:15.984930992 CET	53260	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:16.104708910 CET	3778	53260	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:16.104845047 CET	53260	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:16.105570078 CET	53260	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:16.225092888 CET	3778	53260	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:16.225491047 CET	53260	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:16.345124960 CET	3778	53260	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:17.418056965 CET	3778	53260	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:17.418399096 CET	53260	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:17.418399096 CET	53260	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:17.418884039 CET	53262	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:17.538431883 CET	3778	53262	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:17.538646936 CET	53262	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:17.539330959 CET	53262	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:17.658864021 CET	3778	53262	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:17.659275055 CET	53262	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:17.779122114 CET	3778	53262	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:18.568073988 CET	42836	443	192.168.2.23	91.189.91.43
Dec 27, 2024 10:34:18.726412058 CET	53264	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:18.843786001 CET	3778	53262	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:18.843857050 CET	53262	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:18.843905926 CET	53262	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:18.844513893 CET	53266	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:18.846163988 CET	3778	53264	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:18.846205950 CET	53264	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:18.861366987 CET	53264	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:18.964170933 CET	3778	53266	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:18.964226007 CET	53266	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:18.966634989 CET	53266	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:18.980891943 CET	3778	53264	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:18.980950117 CET	53264	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:19.086097956 CET	3778	53266	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:19.086208105 CET	53266	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:19.100518942 CET	3778	53264	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:19.205796003 CET	3778	53266	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:20.103872061 CET	42516	80	192.168.2.23	109.202.202.202
Dec 27, 2024 10:34:20.153934002 CET	3778	53264	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:20.154155016 CET	53264	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.154294014 CET	53264	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.154886961 CET	53268	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.269536972 CET	3778	53266	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:20.269887924 CET	53266	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.269887924 CET	53266	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.270322084 CET	53270	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.274353027 CET	3778	53268	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:20.274429083 CET	53268	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.275481939 CET	53268	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.389776945 CET	3778	53270	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:20.390047073 CET	53270	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.391448021 CET	53270	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.394958019 CET	3778	53268	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:20.395010948 CET	53268	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.510883093 CET	3778	53270	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:20.511168003 CET	53270	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:20.514456987 CET	3778	53268	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:20.630719900 CET	3778	53270	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:21.579778910 CET	3778	53268	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:21.579898119 CET	53268	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.579929113 CET	53268	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.580528021 CET	53272	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.695616961 CET	3778	53270	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:21.695712090 CET	53270	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.695761919 CET	53270	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.696439981 CET	53274	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.699994087 CET	3778	53272	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:21.700078964 CET	53272	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.701385975 CET	53272	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.815951109 CET	3778	53274	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:21.816154003 CET	53274	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.817718983 CET	53274	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.820847988 CET	3778	53272	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:21.821202993 CET	53272	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.937282085 CET	3778	53274	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:21.937432051 CET	53274	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:21.940654993 CET	3778	53272	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:22.057177067 CET	3778	53274	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:23.006273985 CET	3778	53272	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:23.006408930 CET	53272	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:23.006669044 CET	53272	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:23.007144928 CET	53276	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:23.126713037 CET	3778	53276	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:23.126816988 CET	53276	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:23.127912998 CET	53276	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:23.247370958 CET	3778	53276	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:23.247476101 CET	53276	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:23.366933107 CET	3778	53276	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:24.478856087 CET	3778	53276	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:24.479012966 CET	53276	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:24.479131937 CET	53276	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:24.479806900 CET	53278	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:24.599419117 CET	3778	53278	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:24.599653006 CET	53278	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:24.600780964 CET	53278	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:24.720562935 CET	3778	53278	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:24.720776081 CET	53278	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:24.840447903 CET	3778	53278	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:25.951848030 CET	3778	53278	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:25.952096939 CET	53278	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:25.952096939 CET	53278	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:25.952737093 CET	53280	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:26.072256088 CET	3778	53280	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:26.072443962 CET	53280	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:26.076456070 CET	53280	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:26.195930004 CET	3778	53280	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:26.196094990 CET	53280	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:26.315553904 CET	3778	53280	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:27.380213022 CET	3778	53280	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:27.380379915 CET	53280	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:27.380420923 CET	53280	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:27.380951881 CET	53282	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:27.500560045 CET	3778	53282	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:27.500817060 CET	53282	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:27.502445936 CET	53282	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:27.621963978 CET	3778	53282	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:27.622092962 CET	53282	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:27.741698980 CET	3778	53282	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:28.807764053 CET	3778	53282	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:28.807909012 CET	53282	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:28.807945967 CET	53282	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:28.808703899 CET	53284	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:28.928162098 CET	3778	53284	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:28.928291082 CET	53284	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:28.929689884 CET	53284	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:29.049249887 CET	3778	53284	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:29.049418926 CET	53284	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:29.168979883 CET	3778	53284	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:30.239130974 CET	3778	53284	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:30.239289999 CET	53284	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:30.239398956 CET	53284	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:30.240139961 CET	53286	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:30.359875917 CET	3778	53286	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:30.359994888 CET	53286	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:30.361330986 CET	53286	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:30.480829954 CET	3778	53286	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:30.480992079 CET	53286	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:30.600569963 CET	3778	53286	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:31.618030071 CET	3778	53286	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:31.618263960 CET	53286	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:31.618263960 CET	53286	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:31.618891001 CET	53288	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:31.738444090 CET	3778	53288	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:31.738588095 CET	53288	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:31.740215063 CET	53288	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:31.826513052 CET	53274	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:31.859648943 CET	3778	53288	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:31.859729052 CET	53288	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:31.946050882 CET	3778	53274	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:31.979208946 CET	3778	53288	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:32.235919952 CET	3778	53274	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:32.236203909 CET	53274	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:33.043381929 CET	3778	53288	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:33.043623924 CET	53288	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:33.043623924 CET	53288	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:33.044868946 CET	53290	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:33.164374113 CET	3778	53290	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:33.164648056 CET	53290	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:33.166021109 CET	53290	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:33.285475969 CET	3778	53290	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:33.285612106 CET	53290	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:33.405332088 CET	3778	53290	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:33.925966024 CET	43928	443	192.168.2.23	91.189.91.42
Dec 27, 2024 10:34:34.469228983 CET	3778	53290	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:34.469371080 CET	53290	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:34.469448090 CET	53290	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:34.470191002 CET	53292	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:34.589745998 CET	3778	53292	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:34.590013981 CET	53292	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:34.591532946 CET	53292	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:34.711046934 CET	3778	53292	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:34.711165905 CET	53292	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:34.830595970 CET	3778	53292	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:35.894364119 CET	3778	53292	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:35.894768953 CET	53292	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:35.894768953 CET	53292	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:35.895318031 CET	53294	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:36.014834881 CET	3778	53294	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:36.015039921 CET	53294	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:36.016204119 CET	53294	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:36.135762930 CET	3778	53294	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:36.135986090 CET	53294	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:36.255640984 CET	3778	53294	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:37.320816994 CET	3778	53294	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:37.321055889 CET	53294	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:37.321118116 CET	53294	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:37.321712017 CET	53296	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:37.441247940 CET	3778	53296	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:37.441431999 CET	53296	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:37.442302942 CET	53296	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:37.563072920 CET	3778	53296	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:37.563218117 CET	53296	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:37.682863951 CET	3778	53296	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:38.745816946 CET	3778	53296	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:38.745979071 CET	53296	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:38.745979071 CET	53296	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:38.746792078 CET	53298	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:38.866281986 CET	3778	53298	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:38.866528034 CET	53298	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:38.867794991 CET	53298	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:38.987246990 CET	3778	53298	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:38.987483025 CET	53298	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:39.107201099 CET	3778	53298	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:40.172688961 CET	3778	53298	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:40.172894955 CET	53298	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:40.172894955 CET	53298	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:40.173316002 CET	53300	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:40.292859077 CET	3778	53300	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:40.293015957 CET	53300	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:40.293802023 CET	53300	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:40.413299084 CET	3778	53300	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:40.413438082 CET	53300	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:40.533195972 CET	3778	53300	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:41.552098036 CET	3778	53300	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:41.552234888 CET	53300	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:41.552277088 CET	53300	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:41.552930117 CET	53302	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:41.672581911 CET	3778	53302	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:41.672749996 CET	53302	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:41.673861980 CET	53302	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:41.793406010 CET	3778	53302	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:41.793606997 CET	53302	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:41.913301945 CET	3778	53302	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:42.931946039 CET	3778	53302	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:42.932126045 CET	53302	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:42.932214975 CET	53302	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:42.933005095 CET	53304	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:43.052634954 CET	3778	53304	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:43.052757025 CET	53304	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:43.053651094 CET	53304	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:43.173223972 CET	3778	53304	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:43.173398018 CET	53304	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:43.293107033 CET	3778	53304	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:44.164522886 CET	42836	443	192.168.2.23	91.189.91.43
Dec 27, 2024 10:34:44.360790014 CET	3778	53304	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:44.360908031 CET	53304	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:44.360940933 CET	53304	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:44.361486912 CET	53306	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:44.481041908 CET	3778	53306	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:44.481152058 CET	53306	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:44.482472897 CET	53306	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:44.602579117 CET	3778	53306	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:44.602704048 CET	53306	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:44.722323895 CET	3778	53306	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:45.786719084 CET	3778	53306	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:45.787005901 CET	53306	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:45.787076950 CET	53306	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:45.787987947 CET	53308	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:45.907707930 CET	3778	53308	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:45.907825947 CET	53308	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:45.909048080 CET	53308	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:46.028598070 CET	3778	53308	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:46.028780937 CET	53308	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:46.148315907 CET	3778	53308	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:47.165817022 CET	3778	53308	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:47.165950060 CET	53308	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:47.165986061 CET	53308	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:47.166492939 CET	53310	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:47.285955906 CET	3778	53310	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:47.286128044 CET	53310	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:47.287293911 CET	53310	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:47.407618046 CET	3778	53310	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:47.407740116 CET	53310	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:47.527152061 CET	3778	53310	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:48.636934996 CET	3778	53310	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:48.637062073 CET	53310	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:48.637113094 CET	53310	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:48.637744904 CET	53312	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:48.758126020 CET	3778	53312	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:48.758263111 CET	53312	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:48.759757042 CET	53312	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:48.879276037 CET	3778	53312	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:48.879395008 CET	53312	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:48.998859882 CET	3778	53312	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:50.063008070 CET	3778	53312	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:50.063147068 CET	53312	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:50.063244104 CET	53312	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:50.064078093 CET	53314	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:50.183571100 CET	3778	53314	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:50.183757067 CET	53314	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:50.185103893 CET	53314	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:50.304853916 CET	3778	53314	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:50.305044889 CET	53314	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:50.307662964 CET	42516	80	192.168.2.23	109.202.202.202
Dec 27, 2024 10:34:50.424549103 CET	3778	53314	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:51.488571882 CET	3778	53314	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:51.488895893 CET	53314	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:51.488928080 CET	53314	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:51.489531994 CET	53316	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:51.609117031 CET	3778	53316	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:51.609203100 CET	53316	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:51.610395908 CET	53316	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:51.730030060 CET	3778	53316	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:51.730139971 CET	53316	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:51.849636078 CET	3778	53316	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:52.868196964 CET	3778	53316	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:52.868424892 CET	53316	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:52.868474960 CET	53316	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:52.869230032 CET	53318	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:52.988754034 CET	3778	53318	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:52.989027977 CET	53318	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:52.990550041 CET	53318	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:53.110761881 CET	3778	53318	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:53.110958099 CET	53318	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:53.231048107 CET	3778	53318	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:54.304034948 CET	3778	53318	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:54.304250956 CET	53318	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:54.304277897 CET	53318	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:54.304857016 CET	53320	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:54.424535036 CET	3778	53320	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:54.424694061 CET	53320	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:54.425610065 CET	53320	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:54.545101881 CET	3778	53320	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:54.545377970 CET	53320	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:54.664948940 CET	3778	53320	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:55.774633884 CET	3778	53320	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:55.774771929 CET	53320	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:55.774849892 CET	53320	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:55.775341034 CET	53322	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:55.894789934 CET	3778	53322	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:55.894896030 CET	53322	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:55.895939112 CET	53322	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:56.015513897 CET	3778	53322	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:56.015744925 CET	53322	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:56.135205984 CET	3778	53322	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:57.262913942 CET	3778	53322	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:57.263170958 CET	53322	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:57.263170958 CET	53322	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:57.263777018 CET	53324	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:57.383205891 CET	3778	53324	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:57.383418083 CET	53324	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:57.384357929 CET	53324	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:57.506068945 CET	3778	53324	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:57.506217003 CET	53324	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:57.626514912 CET	3778	53324	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:58.691838026 CET	3778	53324	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:58.692028046 CET	53324	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:58.692028046 CET	53324	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:58.692750931 CET	53326	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:58.812501907 CET	3778	53326	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:58.812761068 CET	53326	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:58.813713074 CET	53326	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:58.933129072 CET	3778	53326	159.100.18.129	192.168.2.23
Dec 27, 2024 10:34:58.933306932 CET	53326	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:34:59.052854061 CET	3778	53326	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:00.117132902 CET	3778	53326	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:00.117274046 CET	53326	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:00.117315054 CET	53326	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:00.118124962 CET	53328	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:00.237582922 CET	3778	53328	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:00.237673998 CET	53328	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:00.238883972 CET	53328	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:00.358314037 CET	3778	53328	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:00.358544111 CET	53328	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:00.478034019 CET	3778	53328	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:01.503189087 CET	3778	53328	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:01.503341913 CET	53328	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:01.503396988 CET	53328	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:01.504093885 CET	53330	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:01.623531103 CET	3778	53330	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:01.623692036 CET	53330	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:01.624773026 CET	53330	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:01.744225025 CET	3778	53330	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:01.744366884 CET	53330	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:01.863841057 CET	3778	53330	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:02.985162973 CET	3778	53330	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:02.985289097 CET	53330	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:02.985332966 CET	53330	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:02.985858917 CET	53332	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:03.106075048 CET	3778	53332	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:03.106210947 CET	53332	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:03.107144117 CET	53332	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:03.226649046 CET	3778	53332	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:03.226730108 CET	53332	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:03.346540928 CET	3778	53332	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:04.457304001 CET	3778	53332	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:04.457462072 CET	53332	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:04.457493067 CET	53332	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:04.458031893 CET	53334	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:04.577488899 CET	3778	53334	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:04.577828884 CET	53334	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:04.578653097 CET	53334	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:04.698077917 CET	3778	53334	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:04.698235035 CET	53334	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:04.817727089 CET	3778	53334	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:05.882704020 CET	3778	53334	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:05.882921934 CET	53334	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:05.882968903 CET	53334	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:05.883649111 CET	53336	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:06.003185987 CET	3778	53336	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:06.003319025 CET	53336	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:06.004165888 CET	53336	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:06.123717070 CET	3778	53336	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:06.123786926 CET	53336	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:06.243323088 CET	3778	53336	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:07.308070898 CET	3778	53336	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:07.308408976 CET	53336	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:07.308500051 CET	53336	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:07.309151888 CET	53338	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:07.428631067 CET	3778	53338	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:07.428901911 CET	53338	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:07.430129051 CET	53338	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:07.549715996 CET	3778	53338	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:07.549865961 CET	53338	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:07.669389009 CET	3778	53338	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:08.734206915 CET	3778	53338	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:08.734401941 CET	53338	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:08.734487057 CET	53338	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:08.735409975 CET	53340	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:08.854953051 CET	3778	53340	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:08.855061054 CET	53340	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:08.856462955 CET	53340	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:08.975934982 CET	3778	53340	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:08.976062059 CET	53340	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:09.095674992 CET	3778	53340	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:10.117808104 CET	3778	53340	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:10.117944956 CET	53340	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:10.117980957 CET	53340	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:10.118577003 CET	53342	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:10.238043070 CET	3778	53342	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:10.238121986 CET	53342	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:10.239088058 CET	53342	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:10.358659029 CET	3778	53342	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:10.358746052 CET	53342	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:10.478662014 CET	3778	53342	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:11.589796066 CET	3778	53342	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:11.590030909 CET	53342	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:11.590046883 CET	53342	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:11.590740919 CET	53344	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:11.710282087 CET	3778	53344	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:11.710453987 CET	53344	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:11.711512089 CET	53344	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:11.832334042 CET	3778	53344	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:11.832628965 CET	53344	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:11.952193975 CET	3778	53344	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:13.014437914 CET	3778	53344	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:13.014584064 CET	53344	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:13.014700890 CET	53344	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:13.015183926 CET	53346	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:13.134627104 CET	3778	53346	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:13.134766102 CET	53346	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:13.136198997 CET	53346	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:13.255695105 CET	3778	53346	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:13.255814075 CET	53346	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:13.375926971 CET	3778	53346	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:14.393393993 CET	3778	53346	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:14.393546104 CET	53346	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:14.393578053 CET	53346	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:14.394110918 CET	53348	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:14.513691902 CET	3778	53348	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:14.513853073 CET	53348	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:14.514899015 CET	53348	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:14.634392977 CET	3778	53348	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:14.634541988 CET	53348	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:14.754081964 CET	3778	53348	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:14.880264044 CET	43928	443	192.168.2.23	91.189.91.42
Dec 27, 2024 10:35:15.825983047 CET	3778	53348	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:15.826109886 CET	53348	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:15.826312065 CET	53348	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:15.827111006 CET	53350	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:15.946558952 CET	3778	53350	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:15.946712017 CET	53350	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:15.947602987 CET	53350	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:16.067130089 CET	3778	53350	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:16.067226887 CET	53350	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:16.186657906 CET	3778	53350	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:17.255115986 CET	3778	53350	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:17.255364895 CET	53350	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:17.255403996 CET	53350	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:17.255906105 CET	53352	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:17.375365973 CET	3778	53352	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:17.375475883 CET	53352	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:17.376367092 CET	53352	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:17.495873928 CET	3778	53352	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:17.495985031 CET	53352	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:17.615472078 CET	3778	53352	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:18.683357000 CET	3778	53352	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:18.683492899 CET	53352	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:18.683552027 CET	53352	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:18.684207916 CET	53354	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:18.803761959 CET	3778	53354	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:18.803858995 CET	53354	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:18.804994106 CET	53354	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:18.924510956 CET	3778	53354	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:18.924626112 CET	53354	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:19.044295073 CET	3778	53354	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:20.063852072 CET	3778	53354	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:20.064047098 CET	53354	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:20.064047098 CET	53354	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:20.064621925 CET	53356	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:20.184108019 CET	3778	53356	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:20.184225082 CET	53356	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:20.185209036 CET	53356	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:20.304604053 CET	3778	53356	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:20.304822922 CET	53356	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:20.425720930 CET	3778	53356	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:21.444495916 CET	3778	53356	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:21.444900990 CET	53356	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:21.444900990 CET	53356	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:21.445317030 CET	53358	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:21.564783096 CET	3778	53358	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:21.565049887 CET	53358	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:21.565767050 CET	53358	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:21.685164928 CET	3778	53358	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:21.685259104 CET	53358	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:21.804764032 CET	3778	53358	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:31.574645996 CET	53358	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:31.726949930 CET	3778	53358	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:32.288038015 CET	53274	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:32.402744055 CET	3778	53358	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:32.402889013 CET	53358	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:32.402935028 CET	53358	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:32.403423071 CET	53360	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:32.407567024 CET	3778	53274	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:32.522881985 CET	3778	53360	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:32.523025036 CET	53360	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:32.524296999 CET	53360	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:32.643765926 CET	3778	53360	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:32.643883944 CET	53360	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:32.697813034 CET	3778	53274	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:32.697923899 CET	53274	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:32.763528109 CET	3778	53360	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:33.828299046 CET	3778	53360	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:33.828424931 CET	53360	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:33.828466892 CET	53360	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:33.828974009 CET	53362	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:33.948474884 CET	3778	53362	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:33.948610067 CET	53362	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:33.949558973 CET	53362	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:34.068994045 CET	3778	53362	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:34.069117069 CET	53362	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:34.188570023 CET	3778	53362	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:35.357439995 CET	42836	443	192.168.2.23	91.189.91.43
Dec 27, 2024 10:35:35.368767023 CET	3778	53362	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:35.368978024 CET	53362	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:35.368978024 CET	53362	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:35.369441986 CET	53364	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:35.489006042 CET	3778	53364	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:35.489320993 CET	53364	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:35.490714073 CET	53364	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:35.610203981 CET	3778	53364	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:35.610373020 CET	53364	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:35.729824066 CET	3778	53364	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:36.794550896 CET	3778	53364	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:36.795192957 CET	53364	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:36.795449972 CET	53364	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:36.796468973 CET	53366	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:36.915940046 CET	3778	53366	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:36.916239977 CET	53366	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:36.917892933 CET	53366	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:37.037746906 CET	3778	53366	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:37.037972927 CET	53366	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:37.157602072 CET	3778	53366	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:38.268006086 CET	3778	53366	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:38.268224001 CET	53366	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:38.268287897 CET	53366	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:38.268846035 CET	53368	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:38.388369083 CET	3778	53368	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:38.388530970 CET	53368	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:38.389317036 CET	53368	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:38.508929014 CET	3778	53368	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:38.509080887 CET	53368	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:38.628643990 CET	3778	53368	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:39.695590019 CET	3778	53368	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:39.695820093 CET	53368	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:39.695919037 CET	53368	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:39.696628094 CET	53370	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:39.816104889 CET	3778	53370	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:39.816302061 CET	53370	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:39.817750931 CET	53370	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:39.937175035 CET	3778	53370	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:39.937376022 CET	53370	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:40.056941032 CET	3778	53370	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:41.168555975 CET	3778	53370	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:41.168726921 CET	53370	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:41.168765068 CET	53370	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:41.169301987 CET	53372	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:41.288731098 CET	3778	53372	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:41.288882971 CET	53372	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:41.290441990 CET	53372	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:41.409982920 CET	3778	53372	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:41.410128117 CET	53372	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:41.529541016 CET	3778	53372	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:42.593381882 CET	3778	53372	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:42.593475103 CET	53372	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:42.593523979 CET	53372	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:42.594011068 CET	53374	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:42.713445902 CET	3778	53374	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:42.713578939 CET	53374	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:42.714564085 CET	53374	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:42.836080074 CET	3778	53374	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:42.836334944 CET	53374	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:42.955877066 CET	3778	53374	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:44.020488977 CET	3778	53374	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:44.020859957 CET	53374	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:44.020859957 CET	53374	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:44.021395922 CET	53376	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:44.140894890 CET	3778	53376	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:44.141190052 CET	53376	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:44.142487049 CET	53376	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:44.262005091 CET	3778	53376	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:44.262121916 CET	53376	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:44.381792068 CET	3778	53376	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:45.445524931 CET	3778	53376	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:45.445652962 CET	53376	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:45.445678949 CET	53376	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:45.446227074 CET	53378	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:45.565998077 CET	3778	53378	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:45.566198111 CET	53378	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:45.567965031 CET	53378	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:45.697948933 CET	3778	53378	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:45.698071957 CET	53378	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:45.817531109 CET	3778	53378	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:46.825779915 CET	3778	53378	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:46.825937986 CET	53378	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:46.825978041 CET	53378	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:46.826484919 CET	53380	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:46.947355032 CET	3778	53380	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:46.947515965 CET	53380	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:46.948729992 CET	53380	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:47.068206072 CET	3778	53380	159.100.18.129	192.168.2.23
Dec 27, 2024 10:35:47.068324089 CET	53380	3778	192.168.2.23	159.100.18.129
Dec 27, 2024 10:35:47.187824965 CET	3778	53380	159.100.18.129	192.168.2.23

System Behavior

Analysis Process: Space.mips.elf PID: 6217, Parent PID: 6124

General

Start time (UTC):	09:34:11
Start date (UTC):	27/12/2024
Path:	/tmp/Space.mips.elf
Arguments:	/tmp/Space.mips.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: Space.mips.elf PID: 6219, Parent PID: 6217

General

Start time (UTC):	09:34:11
Start date (UTC):	27/12/2024
Path:	/tmp/Space.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: Space.mips.elf PID: 6221, Parent PID: 6219

General

Start time (UTC):	09:34:11
Start date (UTC):	27/12/2024
Path:	/tmp/Space.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: Space.mips.elf PID: 6223, Parent PID: 6219

General

Start time (UTC):	09:34:11
Start date (UTC):	27/12/2024
Path:	/tmp/Space.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: Space.mips.elf PID: 6227, Parent PID: 6217

General

Start time (UTC):	09:34:17
Start date (UTC):	27/12/2024
Path:	/tmp/Space.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: Space.mips.elf PID: 6228, Parent PID: 6217

General

Start time (UTC):	09:34:17
Start date (UTC):	27/12/2024
Path:	/tmp/Space.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Space.mips.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: Space.mips.elf PID: 6217, Parent PID: 6124

General

Chronological Activities

Analysis Process: Space.mips.elf PID: 6219, Parent PID: 6217

General

Chronological Activities

Analysis Process: Space.mips.elf PID: 6221, Parent PID: 6219

General

Chronological Activities

Analysis Process: Space.mips.elf PID: 6223, Parent PID: 6219

General

Chronological Activities

Analysis Process: Space.mips.elf PID: 6227, Parent PID: 6217

General

Chronological Activities

Analysis Process: Space.mips.elf PID: 6228, Parent PID: 6217

General

Chronological Activities

Linux Analysis Report
Space.mips.elf