Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.x86.elf

Overview

General Information

Sample name:ub8ehJSePAfc9FYqZIT6.x86.elf
Analysis ID:1583833
MD5:45f47c10e0d27c00ac46899fda99f1f3
SHA1:f68e23694abb254e1a5c7b169547516baead730b
SHA256:39e7164325dd360f891bf0f9f8e7bebb1c90eb071bb5e98d621793d416647482
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1583833
Start date and time:2025-01-03 17:17:04 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 35s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ub8ehJSePAfc9FYqZIT6.x86.elf
Detection:MAL
Classification:mal64.evad.linELF@0/0@0/0

Warnings

  • VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.x86.elf

Runtime Messages

Command:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
PID:6240
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6242.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x10874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1089c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10900:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10914:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10928:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1093c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10950:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10964:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10978:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1098c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6242.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x8f3b:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
6242.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_dab39a25unknownunknown
  • 0x7726:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
6242.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x7052:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6240.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x10874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1089c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10900:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10914:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10928:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1093c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10950:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10964:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10978:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1098c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 15 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: ub8ehJSePAfc9FYqZIT6.x86.elfReversingLabs: Detection: 42%
Machine Learning detection for sample
Source: ub8ehJSePAfc9FYqZIT6.x86.elfJoe Sandbox ML: detected
Source: global trafficTCP traffic: 192.168.2.23:46920 -> 141.11.33.73:3778
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
Source: ub8ehJSePAfc9FYqZIT6.x86.elfString found in binary or memory: http://upx.sf.net
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6240.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6240.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6240.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6240.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6240, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6240.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6240.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6240.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6240.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6240, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6241, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6246, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal64.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Sample is packed with UPX
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1582/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/3088/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/230/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/110/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/231/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/111/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/232/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1579/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/112/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/233/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1699/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/113/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/234/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1335/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1698/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/114/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/235/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1334/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1576/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/2302/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/115/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/236/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/116/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/237/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/117/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/118/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/910/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/119/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/912/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/10/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/2307/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/11/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/918/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/12/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/6240/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/13/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/6243/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/14/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/15/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/16/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/17/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/18/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1594/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/120/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/121/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1349/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/122/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/243/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/123/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/2/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/124/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/3/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/4/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/125/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/126/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1344/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1465/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1586/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/127/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/6/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/248/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/128/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/249/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1463/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/800/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/9/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/801/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/20/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/21/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1900/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/22/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/23/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/24/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/25/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/26/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/27/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/28/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/29/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/491/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/250/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/130/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/251/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/252/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/132/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/253/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/254/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/255/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/256/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1599/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/257/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1477/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/379/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/258/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1476/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/259/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1475/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/936/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/30/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/2208/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/35/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1809/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/1494/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/260/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6240)File opened: /proc/261/statusJump to behavior
Source: ub8ehJSePAfc9FYqZIT6.x86.elfSubmission file: segment LOAD with 7.964 entropy (max. 8.0)

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information		1
OS Credential Dumping		System Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583833 Sample: ub8ehJSePAfc9FYqZIT6.x86.elf Startdate: 03/01/2025 Architecture: LINUX Score: 64 20 109.202.202.202, 80 INIT7CH Switzerland 2->20 22 91.189.91.42, 443 CANONICAL-ASGB United Kingdom 2->22 24 2 other IPs or domains 2->24 26 Malicious sample detected (through community Yara rule) 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Machine Learning detection for sample 2->30 32 Sample is packed with UPX 2->32 8 ub8ehJSePAfc9FYqZIT6.x86.elf 2->8         started        signatures3 process4 process5 10 ub8ehJSePAfc9FYqZIT6.x86.elf 8->10         started        12 ub8ehJSePAfc9FYqZIT6.x86.elf 8->12         started        14 ub8ehJSePAfc9FYqZIT6.x86.elf 8->14         started        process6 16 ub8ehJSePAfc9FYqZIT6.x86.elf 10->16         started        18 ub8ehJSePAfc9FYqZIT6.x86.elf 10->18         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ub8ehJSePAfc9FYqZIT6.x86.elf42%ReversingLabsLinux.Backdoor.Mirai
ub8ehJSePAfc9FYqZIT6.x86.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netub8ehJSePAfc9FYqZIT6.x86.elffalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    141.11.33.73
    		unknownUnited Kingdom
    		553BELWUEBelWue-KoordinationEUfalse
    109.202.202.202
    		unknownSwitzerland
    		13030INIT7CHfalse
    91.189.91.43
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    91.189.91.42
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    141.11.33.73boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
      boatnet.arm7.elfGet hashmaliciousMiraiBrowse
        141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elfGet hashmaliciousMiraiBrowse
          109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
          • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
          91.189.91.43UDMp3dZ7nc.elfGet hashmaliciousXorDDoSBrowse
            nova2.elfGet hashmaliciousUnknownBrowse
              154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elfGet hashmaliciousMiraiBrowse
                g.elfGet hashmaliciousUnknownBrowse
                  aarch643308.elfGet hashmaliciousUnknownBrowse
                    ARMV7L.elfGet hashmaliciousUnknownBrowse
                      bash.elfGet hashmaliciousUnknownBrowse
                        ARMV5L.elfGet hashmaliciousUnknownBrowse
                          boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                            cedhatGet hashmaliciousKaijiBrowse
                              91.189.91.42UDMp3dZ7nc.elfGet hashmaliciousXorDDoSBrowse
                                nova2.elfGet hashmaliciousUnknownBrowse
                                  154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elfGet hashmaliciousMiraiBrowse
                                    g.elfGet hashmaliciousUnknownBrowse
                                      aarch643308.elfGet hashmaliciousUnknownBrowse
                                        ARMV7L.elfGet hashmaliciousUnknownBrowse
                                          bash.elfGet hashmaliciousUnknownBrowse
                                            ARMV5L.elfGet hashmaliciousUnknownBrowse
                                              boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                cedhatGet hashmaliciousKaijiBrowse

                                                  Domains

                                                  No context

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  BELWUEBelWue-KoordinationEUboatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                  • 141.11.33.73
                                                  boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                  • 141.11.33.73
                                                  141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elfGet hashmaliciousMiraiBrowse
                                                  • 141.11.33.73
                                                  Hilix.mips.elfGet hashmaliciousMiraiBrowse
                                                  • 134.155.120.154
                                                  armv5l.elfGet hashmaliciousUnknownBrowse
                                                  • 141.79.218.248
                                                  kwari.arm.elfGet hashmaliciousUnknownBrowse
                                                  • 134.34.202.108
                                                  kwari.arm7.elfGet hashmaliciousMiraiBrowse
                                                  • 134.155.120.139
                                                  sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 141.79.120.12
                                                  loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                  • 141.59.77.71
                                                  armv5l.elfGet hashmaliciousMiraiBrowse
                                                  • 134.63.70.100
                                                  CANONICAL-ASGBUDMp3dZ7nc.elfGet hashmaliciousXorDDoSBrowse
                                                  • 91.189.91.42
                                                  nova2.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elfGet hashmaliciousMiraiBrowse
                                                  • 91.189.91.42
                                                  g.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  aarch643308.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  ARMV7L.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  bash.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  ARMV5L.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                  • 91.189.91.42
                                                  cedhatGet hashmaliciousKaijiBrowse
                                                  • 91.189.91.42
                                                  CANONICAL-ASGBUDMp3dZ7nc.elfGet hashmaliciousXorDDoSBrowse
                                                  • 91.189.91.42
                                                  nova2.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elfGet hashmaliciousMiraiBrowse
                                                  • 91.189.91.42
                                                  g.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  aarch643308.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  ARMV7L.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  bash.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  ARMV5L.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                  • 91.189.91.42
                                                  cedhatGet hashmaliciousKaijiBrowse
                                                  • 91.189.91.42
                                                  INIT7CHUDMp3dZ7nc.elfGet hashmaliciousXorDDoSBrowse
                                                  • 109.202.202.202
                                                  nova2.elfGet hashmaliciousUnknownBrowse
                                                  • 109.202.202.202
                                                  154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elfGet hashmaliciousMiraiBrowse
                                                  • 109.202.202.202
                                                  g.elfGet hashmaliciousUnknownBrowse
                                                  • 109.202.202.202
                                                  aarch643308.elfGet hashmaliciousUnknownBrowse
                                                  • 109.202.202.202
                                                  ARMV7L.elfGet hashmaliciousUnknownBrowse
                                                  • 109.202.202.202
                                                  bash.elfGet hashmaliciousUnknownBrowse
                                                  • 109.202.202.202
                                                  ARMV5L.elfGet hashmaliciousUnknownBrowse
                                                  • 109.202.202.202
                                                  boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                  • 109.202.202.202
                                                  cedhatGet hashmaliciousKaijiBrowse
                                                  • 109.202.202.202

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  No created / dropped files found

                                                  Static File Info

                                                  General

                                                  File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
                                                  Entropy (8bit):7.962140216649861
                                                  TrID:
                                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                  File name:ub8ehJSePAfc9FYqZIT6.x86.elf
                                                  File size:38'724 bytes
                                                  MD5:45f47c10e0d27c00ac46899fda99f1f3
                                                  SHA1:f68e23694abb254e1a5c7b169547516baead730b
                                                  SHA256:39e7164325dd360f891bf0f9f8e7bebb1c90eb071bb5e98d621793d416647482
                                                  SHA512:dde1d3c1a50cc5647bb2003309da0d1211bb2261de1655ae21bc7782bf36648b08793667ab5b91992f40829f019ee3cda4de48caf5245960b162c7f5f6b3bc6e
                                                  SSDEEP:768:MxaYe0syQ8ETE9v4uNc5B0G3kSKs+NNt1nbcuyD7UrQRjU:BYgBboHcfNUSKs+bnouy8ryA
                                                  TLSH:2F03F17DD78C7FC2E1152034F867F88F2D16D109D0D08A62ABC0A1B789BD6562A9C3D6
                                                  File Content Preview:.ELF....................X...4...........4. ...(.....................L...L...........................................Q.td.............................-..UPX!.........2...2......W..........?..k.I/.j....\.R......)..n.4go.|.>#.....{~o....8.F.^...MFL.f.5 ..I.r

                                                  Static ELF Info

                                                  ELF header

                                                  Class:ELF32
                                                  Data:2's complement, little endian
                                                  Version:1 (current)
                                                  Machine:Intel 80386
                                                  Version Number:0x1
                                                  Type:EXEC (Executable file)
                                                  OS/ABI:UNIX - Linux
                                                  ABI Version:0
                                                  Entry Point Address:0xc09458
                                                  Flags:0x0
                                                  ELF Header Size:52
                                                  Program Header Offset:52
                                                  Program Header Size:32
                                                  Number of Program Headers:3
                                                  Section Header Offset:0
                                                  Section Header Size:40
                                                  Number of Section Headers:0
                                                  Header String Table Index:0

                                                  Program Segments

                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                  LOAD0x00xc010000xc010000x964c0x964c7.96400x5R E0x1000
                                                  LOAD0xc080x805bc080x805bc080x00x00.00000x6RW 0x1000
                                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jan 3, 2025 17:17:48.937299967 CET469203778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:48.942198038 CET377846920141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:48.942262888 CET469203778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:48.942420006 CET469203778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:48.947165012 CET377846920141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:48.947210073 CET469203778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:48.951967001 CET377846920141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:49.960037947 CET43928443192.168.2.2391.189.91.42
                                                  Jan 3, 2025 17:17:50.073848009 CET377846920141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:50.073968887 CET469203778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:50.074027061 CET469203778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:50.074070930 CET469223778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:50.078828096 CET377846922141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:50.078908920 CET469223778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:50.078934908 CET469223778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:50.083734035 CET377846922141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:50.083794117 CET469223778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:50.088629961 CET377846922141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:51.116905928 CET377846922141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:51.117062092 CET469223778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:51.117106915 CET469223778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:51.117147923 CET469243778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:51.121932030 CET377846924141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:51.122013092 CET469243778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:51.122037888 CET469243778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:51.126847982 CET377846924141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:51.126914978 CET469243778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:51.131695032 CET377846924141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:53.703668118 CET377846924141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:53.703800917 CET469243778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:53.703845978 CET469243778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:53.703881979 CET469263778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:53.708652020 CET377846926141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:53.708719015 CET469263778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:53.708748102 CET469263778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:53.713581085 CET377846926141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:53.713634014 CET469263778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:53.718441963 CET377846926141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:54.368674994 CET469283778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.373636961 CET377846928141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:54.373692989 CET469283778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.373796940 CET469283778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.378585100 CET377846928141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:54.378632069 CET469283778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.383414030 CET377846928141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:54.749994993 CET377846926141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:54.750137091 CET469263778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.750178099 CET469263778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.750263929 CET469303778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.755014896 CET377846930141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:54.755079985 CET469303778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.755104065 CET469303778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.759841919 CET377846930141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:54.759890079 CET469303778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:54.764642000 CET377846930141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:55.399127007 CET377846928141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:55.399261951 CET469283778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.399305105 CET469283778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.399377108 CET469323778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.404201984 CET377846932141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:55.404253960 CET469323778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.404279947 CET469323778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.409044027 CET377846932141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:55.409086943 CET469323778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.413809061 CET377846932141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:55.591207027 CET42836443192.168.2.2391.189.91.43
                                                  Jan 3, 2025 17:17:55.775671005 CET377846930141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:55.775934935 CET469303778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.775935888 CET469303778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.775944948 CET469343778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.781989098 CET377846934141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:55.782094002 CET469343778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.782169104 CET469343778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.788800001 CET377846934141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:55.788852930 CET469343778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:55.794789076 CET377846934141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:56.829473019 CET377846934141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:56.829615116 CET469343778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:56.829651117 CET469343778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:56.829714060 CET469363778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:56.834481001 CET377846936141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:56.834536076 CET469363778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:56.834583998 CET469363778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:56.840483904 CET377846936141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:56.840578079 CET469363778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:56.845741034 CET377846936141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:57.131078005 CET4251680192.168.2.23109.202.202.202
                                                  Jan 3, 2025 17:17:57.854028940 CET377846936141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:57.854248047 CET469363778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:57.854248047 CET469363778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:57.854248047 CET469383778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:57.859112978 CET377846938141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:57.859164953 CET469383778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:57.859188080 CET469383778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:57.863923073 CET377846938141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:17:57.863965988 CET469383778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:17:57.868716955 CET377846938141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:00.074728012 CET377846932141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:00.074897051 CET469403778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:00.074913979 CET469323778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:00.074913979 CET469323778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:00.079716921 CET377846940141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:00.079768896 CET469403778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:00.079781055 CET469403778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:00.084508896 CET377846940141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:00.084557056 CET469403778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:00.089297056 CET377846940141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:04.183185101 CET377846940141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:04.183466911 CET469403778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:04.183494091 CET469403778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:04.183584929 CET469423778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:04.188374996 CET377846942141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:04.188451052 CET469423778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:04.188530922 CET469423778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:04.193296909 CET377846942141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:04.193427086 CET469423778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:04.198219061 CET377846942141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:07.863996983 CET469383778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:07.956321001 CET377846938141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:07.956568003 CET469383778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:07.956681013 CET469383778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:07.956794024 CET469443778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:07.958236933 CET377846938141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:07.958308935 CET469383778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:07.961546898 CET377846944141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:07.961661100 CET469443778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:07.961719990 CET469443778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:07.966491938 CET377846944141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:07.966552973 CET469443778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:07.971307039 CET377846944141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:09.622672081 CET377846944141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:09.622884035 CET469443778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:09.622924089 CET469443778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:09.622961044 CET469463778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:09.627707005 CET377846946141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:09.627937078 CET469463778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:09.627948999 CET469463778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:09.632744074 CET377846946141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:09.632808924 CET469463778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:09.637592077 CET377846946141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:11.461095095 CET43928443192.168.2.2391.189.91.42
                                                  Jan 3, 2025 17:18:14.197259903 CET469423778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:14.202116013 CET377846942141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:16.543817043 CET377846942141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:16.543966055 CET469423778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:16.543966055 CET469423778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:16.544008970 CET469483778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:16.548793077 CET377846948141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:16.548945904 CET469483778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:16.548971891 CET469483778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:16.553747892 CET377846948141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:16.553824902 CET469483778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:16.558573961 CET377846948141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:18.214670897 CET377846948141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:18.214903116 CET469483778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:18.214904070 CET469483778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:18.214904070 CET469503778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:18.219782114 CET377846950141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:18.219846010 CET469503778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:18.219907045 CET469503778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:18.224610090 CET377846950141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:18.224657059 CET469503778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:18.229423046 CET377846950141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:19.257036924 CET377846950141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:19.257236958 CET469503778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:19.257236958 CET469503778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:19.257272959 CET469523778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:19.262001991 CET377846952141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:19.262092113 CET469523778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:19.262120962 CET469523778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:19.266885042 CET377846952141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:19.266985893 CET469523778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:19.271676064 CET377846952141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:21.699578047 CET42836443192.168.2.2391.189.91.43
                                                  Jan 3, 2025 17:18:27.842861891 CET4251680192.168.2.23109.202.202.202
                                                  Jan 3, 2025 17:18:40.615869999 CET377846952141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:40.616204023 CET469523778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:40.620979071 CET377846952141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:41.618480921 CET469543778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:41.623344898 CET377846954141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:41.623423100 CET469543778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:41.623502016 CET469543778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:41.628222942 CET377846954141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:41.628279924 CET469543778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:41.633019924 CET377846954141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:42.692651033 CET377846954141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:42.692760944 CET469543778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:42.692805052 CET469543778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:42.692852020 CET469563778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:42.697616100 CET377846956141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:42.697674036 CET469563778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:42.697694063 CET469563778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:42.702538967 CET377846956141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:42.702620983 CET469563778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:42.707348108 CET377846956141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:43.712644100 CET377846956141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:43.712791920 CET469563778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:43.712862015 CET469563778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:43.712941885 CET469583778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:43.717742920 CET377846958141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:43.717792034 CET469583778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:43.717808962 CET469583778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:43.722577095 CET377846958141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:43.722637892 CET469583778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:43.727421999 CET377846958141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:44.743339062 CET377846958141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:44.743611097 CET469583778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:44.743705988 CET469583778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:44.743799925 CET469603778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:44.748538971 CET377846960141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:44.748614073 CET469603778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:44.748688936 CET469603778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:44.753439903 CET377846960141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:44.753500938 CET469603778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:44.758284092 CET377846960141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:48.822855949 CET377846960141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:48.822957993 CET469603778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:48.822985888 CET469603778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:48.823015928 CET469623778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:48.827840090 CET377846962141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:48.827893019 CET469623778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:48.827920914 CET469623778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:48.832676888 CET377846962141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:48.832725048 CET469623778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:48.837462902 CET377846962141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:52.415277958 CET43928443192.168.2.2391.189.91.42
                                                  Jan 3, 2025 17:18:58.865097046 CET377846962141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:58.865261078 CET469623778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:58.865313053 CET469623778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:58.865398884 CET469643778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:58.870148897 CET377846964141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:58.870223999 CET469643778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:58.870296955 CET469643778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:58.875015974 CET377846964141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:58.875072956 CET469643778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:58.879817963 CET377846964141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:59.902615070 CET377846964141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:59.902734041 CET469643778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:59.902769089 CET469643778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:59.902831078 CET469663778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:59.907596111 CET377846966141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:59.907675028 CET469663778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:59.907746077 CET469663778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:59.912525892 CET377846966141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:18:59.912585974 CET469663778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:18:59.917347908 CET377846966141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:00.933989048 CET377846966141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:00.934266090 CET469663778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:00.934362888 CET469663778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:00.934457064 CET469683778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:00.939213037 CET377846968141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:00.939292908 CET469683778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:00.939356089 CET469683778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:00.944148064 CET377846968141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:00.944211006 CET469683778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:00.949048996 CET377846968141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:02.626813889 CET377846968141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:02.627123117 CET469683778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:02.627217054 CET469683778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:02.627310038 CET469703778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:02.632036924 CET377846970141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:02.632141113 CET469703778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:02.632210016 CET469703778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:02.636941910 CET377846970141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:02.637005091 CET469703778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:02.642616034 CET377846970141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:05.221009970 CET377846970141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:05.221282959 CET469703778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:05.221368074 CET469703778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:05.221508980 CET469723778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:05.226295948 CET377846972141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:05.226368904 CET469723778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:05.226443052 CET469723778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:05.231192112 CET377846972141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:05.231256008 CET469723778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:05.236021042 CET377846972141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:09.361732006 CET377846972141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:09.361912012 CET469723778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:09.361984015 CET469723778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:09.362072945 CET469743778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:09.366862059 CET377846974141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:09.366964102 CET469743778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:09.367018938 CET469743778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:09.371815920 CET377846974141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:09.371881008 CET469743778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:09.376631021 CET377846974141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:09.677979946 CET469463778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:09.682889938 CET377846946141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:10.689815998 CET377846946141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:10.690257072 CET469463778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:11.076942921 CET377846974141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:11.077172041 CET469763778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:11.077172995 CET469743778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:11.077172995 CET469743778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:11.082032919 CET377846976141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:11.082108974 CET469763778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:11.082206964 CET469763778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:11.086954117 CET377846976141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:11.087013960 CET469763778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:11.091789007 CET377846976141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:12.129513025 CET377846976141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:12.129663944 CET469763778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:12.129663944 CET469763778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:12.129663944 CET469783778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:12.134505033 CET377846978141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:12.134557009 CET469783778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:12.134576082 CET469783778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:12.139363050 CET377846978141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:12.139410973 CET469783778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:12.144237995 CET377846978141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:13.383552074 CET377846978141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:13.383687019 CET469783778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:13.383723021 CET469783778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:13.383748055 CET469803778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:13.386729002 CET377846978141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:13.386785030 CET469783778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:13.389213085 CET377846980141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:13.389262915 CET469803778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:13.389276981 CET469803778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:13.394078970 CET377846980141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:13.394120932 CET469803778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:13.398890018 CET377846980141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:17.445734978 CET377846980141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:17.445858955 CET469803778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:17.445894957 CET469803778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:17.445913076 CET469823778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:17.450820923 CET377846982141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:17.450875044 CET469823778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:17.450891018 CET469823778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:17.455713987 CET377846982141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:17.455758095 CET469823778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:17.460486889 CET377846982141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:18.488574028 CET377846982141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:18.488684893 CET469823778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:18.488715887 CET469823778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:18.488749027 CET469843778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:18.493554115 CET377846984141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:18.493613005 CET469843778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:18.493639946 CET469843778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:18.498413086 CET377846984141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:18.498457909 CET469843778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:18.503240108 CET377846984141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:22.999355078 CET377846984141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:22.999469042 CET469843778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:22.999500036 CET469843778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:22.999533892 CET469863778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:23.004647017 CET377846986141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:23.004699945 CET469863778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:23.004735947 CET469863778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:23.009516954 CET377846986141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:23.009562016 CET469863778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:23.014296055 CET377846986141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:33.043766022 CET377846986141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:33.043885946 CET469863778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:33.043885946 CET469863778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:33.043940067 CET469883778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:33.048744917 CET377846988141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:33.048803091 CET469883778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:33.048825026 CET469883778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:33.053667068 CET377846988141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:33.053709984 CET469883778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:33.058573961 CET377846988141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:34.074172974 CET377846988141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:34.074302912 CET469883778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:34.074333906 CET469883778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:34.074387074 CET469903778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:34.079133987 CET377846990141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:34.079190016 CET469903778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:34.079209089 CET469903778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:34.084019899 CET377846990141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:34.084064007 CET469903778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:34.088870049 CET377846990141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:35.130409956 CET377846990141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:35.130536079 CET469903778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:35.130536079 CET469903778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:35.130573988 CET469923778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:35.135390997 CET377846992141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:35.135442019 CET469923778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:35.135459900 CET469923778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:35.140247107 CET377846992141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:35.140295029 CET469923778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:35.145049095 CET377846992141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:39.172390938 CET377846992141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:39.172560930 CET469923778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:39.172595978 CET469923778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:39.172621012 CET469943778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:39.177495003 CET377846994141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:39.177548885 CET469943778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:39.177577019 CET469943778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:39.182339907 CET377846994141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:39.182384014 CET469943778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:39.187201023 CET377846994141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:41.721223116 CET377846994141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:41.721389055 CET469943778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:41.721446991 CET469943778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:41.721539021 CET469963778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:41.726377010 CET377846996141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:41.726454020 CET469963778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:41.726526976 CET469963778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:41.731328964 CET377846996141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:41.731411934 CET469963778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:41.736193895 CET377846996141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:42.844310045 CET377846996141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:42.844440937 CET469963778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:42.844469070 CET469963778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:42.844500065 CET469983778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:42.849288940 CET377846998141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:42.849342108 CET469983778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:42.849360943 CET469983778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:42.854139090 CET377846998141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:42.854187012 CET469983778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:42.858985901 CET377846998141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:43.878021955 CET377846998141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:43.878189087 CET469983778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:43.878248930 CET469983778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:43.878340006 CET470003778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:43.883120060 CET377847000141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:43.883193016 CET470003778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:43.883264065 CET470003778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:43.888021946 CET377847000141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:43.888098001 CET470003778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:43.892879963 CET377847000141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:44.946620941 CET377847000141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:44.946787119 CET470003778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:44.946852922 CET470003778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:44.946935892 CET470023778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:44.951699972 CET377847002141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:44.951771975 CET470023778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:44.951843977 CET470023778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:44.956614017 CET377847002141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:44.956681013 CET470023778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:44.961484909 CET377847002141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:46.027892113 CET377847002141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:46.028182983 CET470023778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:46.028280973 CET470023778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:46.028383970 CET470043778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:46.033126116 CET377847004141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:46.033205986 CET470043778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:46.033303022 CET470043778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:46.038086891 CET377847004141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:46.038150072 CET470043778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:46.042905092 CET377847004141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:50.892034054 CET377847004141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:50.892153978 CET470043778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:50.892185926 CET470043778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:50.892210007 CET470063778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:50.897001982 CET377847006141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:50.897058010 CET470063778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:50.897075891 CET470063778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:50.901866913 CET377847006141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:50.901911974 CET470063778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:50.906735897 CET377847006141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:51.945060968 CET377847006141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:51.945184946 CET470063778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:51.945207119 CET470063778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:51.945246935 CET470083778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:51.950083971 CET377847008141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:51.950153112 CET470083778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:51.950153112 CET470083778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:51.954921007 CET377847008141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:51.954968929 CET470083778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:51.959770918 CET377847008141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:56.861112118 CET377847008141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:56.861207962 CET470083778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:56.861241102 CET470083778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:56.861275911 CET470103778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:56.866017103 CET377847010141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:56.866076946 CET470103778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:56.866103888 CET470103778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:56.870829105 CET377847010141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:56.870876074 CET470103778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:56.875593901 CET377847010141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:58.515813112 CET377847010141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:58.515881062 CET470103778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:58.515914917 CET470103778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:58.515942097 CET470123778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:58.520699024 CET377847012141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:58.520765066 CET470123778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:58.520803928 CET470123778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:58.525610924 CET377847012141.11.33.73192.168.2.23
                                                  Jan 3, 2025 17:19:58.525674105 CET470123778192.168.2.23141.11.33.73
                                                  Jan 3, 2025 17:19:58.530457020 CET377847012141.11.33.73192.168.2.23

                                                  System Behavior

                                                  General

                                                  Start time (UTC):16:17:47
                                                  Start date (UTC):03/01/2025
                                                  Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                                  Arguments:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                                  File size:38724 bytes
                                                  MD5 hash:45f47c10e0d27c00ac46899fda99f1f3

                                                  Chronological Activities


                                                  General

                                                  Start time (UTC):16:17:47
                                                  Start date (UTC):03/01/2025
                                                  Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                                  Arguments:-
                                                  File size:38724 bytes
                                                  MD5 hash:45f47c10e0d27c00ac46899fda99f1f3

                                                  Chronological Activities


                                                  General

                                                  Start time (UTC):16:17:47
                                                  Start date (UTC):03/01/2025
                                                  Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                                  Arguments:-
                                                  File size:38724 bytes
                                                  MD5 hash:45f47c10e0d27c00ac46899fda99f1f3

                                                  Chronological Activities


                                                  General

                                                  Start time (UTC):16:17:47
                                                  Start date (UTC):03/01/2025
                                                  Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                                  Arguments:-
                                                  File size:38724 bytes
                                                  MD5 hash:45f47c10e0d27c00ac46899fda99f1f3

                                                  General

                                                  Start time (UTC):16:17:53
                                                  Start date (UTC):03/01/2025
                                                  Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                                  Arguments:-
                                                  File size:38724 bytes
                                                  MD5 hash:45f47c10e0d27c00ac46899fda99f1f3

                                                  Chronological Activities


                                                  General

                                                  Start time (UTC):16:17:53
                                                  Start date (UTC):03/01/2025
                                                  Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                                  Arguments:-
                                                  File size:38724 bytes
                                                  MD5 hash:45f47c10e0d27c00ac46899fda99f1f3

                                                  Chronological Activities