Edit tour

Linux Analysis Report
Fantazy.spc.elf

Overview

General Information

Sample name:	Fantazy.spc.elf
Analysis ID:	1584497
MD5:	41a25c69dd620bdcc981fa7f2f9eb17c
SHA1:	3468d96adfdad9b14e3ee85953def329c060d89d
SHA256:	86ea087502d2a58294f70f637833cbdfd1a69ffe82454a6c950fdf5659d7a11d
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Deletes log files

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "rm" command used to delete files or directories

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1584497
Start date and time:	2025-01-05 17:42:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Fantazy.spc.elf
Detection:	MAL
Classification:	mal64.spre.troj.linELF@0/9@0/0

Warnings

Connection to analysis system has been lost, crash info: Unknown

Runtime Messages

Command:	/tmp/Fantazy.spc.elf
PID:	6251
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	VegaSec-KATANA001
Standard Error:

Process Tree

system is lnxubuntu20

dash New Fork (PID: 6222, Parent: 4332)

rm (PID: 6222, Parent: 4332, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.AWtkl2orJL /tmp/tmp.EwQ688Ot4L /tmp/tmp.N5aVoMdhdL

dash New Fork (PID: 6223, Parent: 4332)

rm (PID: 6223, Parent: 4332, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.AWtkl2orJL /tmp/tmp.EwQ688Ot4L /tmp/tmp.N5aVoMdhdL

Fantazy.spc.elf (PID: 6251, Parent: 6146, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/Fantazy.spc.elf

Fantazy.spc.elf New Fork (PID: 6253, Parent: 6251)

Fantazy.spc.elf New Fork (PID: 6254, Parent: 6251)

Fantazy.spc.elf New Fork (PID: 6257, Parent: 6254)

Fantazy.spc.elf New Fork (PID: 6259, Parent: 6254)

Fantazy.spc.elf New Fork (PID: 6261, Parent: 6254)

systemd New Fork (PID: 6264, Parent: 1)

journalctl (PID: 6264, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var

systemd New Fork (PID: 6265, Parent: 1)

dbus-daemon (PID: 6265, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6279, Parent: 1860)

pulseaudio (PID: 6279, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

systemd New Fork (PID: 6280, Parent: 1)

rsyslogd (PID: 6280, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6281, Parent: 1)

systemd-journald (PID: 6281, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

gvfsd-fuse New Fork (PID: 6282, Parent: 2038)

fusermount (PID: 6282, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

systemd New Fork (PID: 6292, Parent: 1)

dbus-daemon (PID: 6292, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6293, Parent: 1)

systemd-journald (PID: 6293, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6294, Parent: 1)

dbus-daemon (PID: 6294, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6296, Parent: 1)

systemd-journald (PID: 6296, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6297, Parent: 1)

rsyslogd (PID: 6297, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6298, Parent: 1)

dbus-daemon (PID: 6298, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6299, Parent: 1)

systemd-journald (PID: 6299, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6300, Parent: 1)

dbus-daemon (PID: 6300, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6302, Parent: 1)

systemd-journald (PID: 6302, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6303, Parent: 1)

rsyslogd (PID: 6303, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

gdm3 New Fork (PID: 6304, Parent: 1320)

Default (PID: 6304, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6305, Parent: 1320)

Default (PID: 6305, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6306, Parent: 1320)

Default (PID: 6306, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6308, Parent: 1)

rsyslogd (PID: 6308, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6309, Parent: 1)

rsyslogd (PID: 6309, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6314, Parent: 1)

gpu-manager (PID: 6314, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 6315, Parent: 1)

generate-config (PID: 6315, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

systemd New Fork (PID: 6318, Parent: 1)

gpu-manager (PID: 6318, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6319, Parent: 6318)

sh (PID: 6319, Parent: 6318, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6320, Parent: 6318)

sh (PID: 6320, Parent: 6318, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6321, Parent: 6318)

sh (PID: 6321, Parent: 6318, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6322, Parent: 6318)

sh (PID: 6322, Parent: 6318, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6323, Parent: 6318)

sh (PID: 6323, Parent: 6318, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6324, Parent: 6318)

sh (PID: 6324, Parent: 6318, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6325, Parent: 6318)

sh (PID: 6325, Parent: 6318, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6326, Parent: 6318)

sh (PID: 6326, Parent: 6318, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

systemd New Fork (PID: 6327, Parent: 1)

generate-config (PID: 6327, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

systemd New Fork (PID: 6328, Parent: 1)

gpu-manager (PID: 6328, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6329, Parent: 6328)

sh (PID: 6329, Parent: 6328, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6330, Parent: 6328)

sh (PID: 6330, Parent: 6328, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6331, Parent: 6328)

gpu-manager New Fork (PID: 6332, Parent: 6328)

sh (PID: 6332, Parent: 6328, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6333, Parent: 6328)

sh (PID: 6333, Parent: 6328, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6334, Parent: 6328)

sh (PID: 6334, Parent: 6328, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

gpu-manager New Fork (PID: 6335, Parent: 6328)

gpu-manager New Fork (PID: 6336, Parent: 6328)

systemd New Fork (PID: 6337, Parent: 1)

systemd New Fork (PID: 6338, Parent: 1)

systemd New Fork (PID: 6339, Parent: 1)

generate-config (PID: 6339, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6340, Parent: 6339)

systemd New Fork (PID: 6344, Parent: 1)

plymouth (PID: 6344, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Fantazy.spc.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Fantazy.spc.elf	ReversingLabs: Detection: 60%
Source: Fantazy.spc.elf	Virustotal: Detection: 57%			Perma Link

Source: global traffic	TCP traffic: 192.168.2.23:49072 -> 41.216.189.127:63645
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 119.238.14.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 222.233.39.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 178.125.146.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 160.22.201.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 105.203.131.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 146.38.32.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 94.15.114.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 207.162.18.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 14.171.90.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 154.73.102.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 86.120.131.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 112.38.252.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 108.47.59.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 126.174.157.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 154.21.87.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 101.235.242.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 48.224.212.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 61.228.7.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 31.168.180.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 2.27.16.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 34.207.128.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 156.124.8.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 97.189.135.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 221.64.198.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 91.100.206.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 67.199.218.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 40.198.172.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 147.171.13.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 40.88.198.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 119.138.62.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 135.255.36.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:10359 -> 196.2.209.201:2323

Source: /usr/sbin/rsyslogd (PID: 6280)	Reads hosts file: /etc/hosts			Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6309)	Reads hosts file: /etc/hosts			Jump to behavior

Source: /tmp/Fantazy.spc.elf (PID: 6251)

Socket: 127.0.0.1:59025

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.189.127
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.189.127
Source: unknown	TCP traffic detected without corresponding DNS query: 119.238.14.180
Source: unknown	TCP traffic detected without corresponding DNS query: 189.219.82.231
Source: unknown	TCP traffic detected without corresponding DNS query: 173.68.136.134
Source: unknown	TCP traffic detected without corresponding DNS query: 174.70.103.211
Source: unknown	TCP traffic detected without corresponding DNS query: 47.183.98.253
Source: unknown	TCP traffic detected without corresponding DNS query: 74.173.7.86
Source: unknown	TCP traffic detected without corresponding DNS query: 169.149.125.59
Source: unknown	TCP traffic detected without corresponding DNS query: 189.57.170.142
Source: unknown	TCP traffic detected without corresponding DNS query: 133.9.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 222.233.39.68
Source: unknown	TCP traffic detected without corresponding DNS query: 121.226.120.33
Source: unknown	TCP traffic detected without corresponding DNS query: 8.35.242.59
Source: unknown	TCP traffic detected without corresponding DNS query: 111.73.27.214
Source: unknown	TCP traffic detected without corresponding DNS query: 91.53.39.62
Source: unknown	TCP traffic detected without corresponding DNS query: 89.221.28.178
Source: unknown	TCP traffic detected without corresponding DNS query: 42.244.45.28
Source: unknown	TCP traffic detected without corresponding DNS query: 88.46.234.167
Source: unknown	TCP traffic detected without corresponding DNS query: 14.205.42.243
Source: unknown	TCP traffic detected without corresponding DNS query: 45.50.182.228
Source: unknown	TCP traffic detected without corresponding DNS query: 178.125.146.244
Source: unknown	TCP traffic detected without corresponding DNS query: 196.192.170.183
Source: unknown	TCP traffic detected without corresponding DNS query: 130.221.84.113
Source: unknown	TCP traffic detected without corresponding DNS query: 141.240.76.83
Source: unknown	TCP traffic detected without corresponding DNS query: 82.98.181.240
Source: unknown	TCP traffic detected without corresponding DNS query: 166.13.88.92
Source: unknown	TCP traffic detected without corresponding DNS query: 34.188.238.215
Source: unknown	TCP traffic detected without corresponding DNS query: 59.244.44.1
Source: unknown	TCP traffic detected without corresponding DNS query: 66.251.7.10
Source: unknown	TCP traffic detected without corresponding DNS query: 115.198.136.163
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.201.149
Source: unknown	TCP traffic detected without corresponding DNS query: 161.229.220.168
Source: unknown	TCP traffic detected without corresponding DNS query: 60.48.39.67
Source: unknown	TCP traffic detected without corresponding DNS query: 113.114.173.149
Source: unknown	TCP traffic detected without corresponding DNS query: 165.150.219.55
Source: unknown	TCP traffic detected without corresponding DNS query: 17.119.103.12
Source: unknown	TCP traffic detected without corresponding DNS query: 5.64.216.149
Source: unknown	TCP traffic detected without corresponding DNS query: 24.109.54.109
Source: unknown	TCP traffic detected without corresponding DNS query: 209.91.136.168
Source: unknown	TCP traffic detected without corresponding DNS query: 105.203.131.69
Source: unknown	TCP traffic detected without corresponding DNS query: 120.157.221.234
Source: unknown	TCP traffic detected without corresponding DNS query: 200.231.114.179
Source: unknown	TCP traffic detected without corresponding DNS query: 113.159.133.242
Source: unknown	TCP traffic detected without corresponding DNS query: 156.80.237.13
Source: unknown	TCP traffic detected without corresponding DNS query: 95.129.142.111
Source: unknown	TCP traffic detected without corresponding DNS query: 221.57.122.114
Source: unknown	TCP traffic detected without corresponding DNS query: 156.176.154.213

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33606
Source: unknown	Network traffic detected: HTTP traffic on port 33606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1389, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1476, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1809, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 2038, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 4530, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6057, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6212, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6213, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6254, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6261, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6265, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6278, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6280, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6281, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6292, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6293, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6294, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6295, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6296, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6297, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6298, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6299, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6300, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6301, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6302, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6303, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6304, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6305, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6306, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6307, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6308, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6310, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6314, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6315, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6319, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6320, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6321, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6322, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6323, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6324, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6325, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6326, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6327, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6329, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6330, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6331, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6332, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6333, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6334, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6335, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6336, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6337, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6338, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6340, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6341, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6342, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6343, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6344, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6345, result: no such process	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1389, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1476, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1809, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 2038, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 4530, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6057, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6212, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6213, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6254, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6261, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6265, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6278, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6280, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6281, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6292, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6293, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6294, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6295, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6296, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6297, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6298, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6299, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6300, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6301, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6302, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6303, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6304, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6305, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6306, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6307, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6308, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6310, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6314, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6315, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6319, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6320, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6321, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6322, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6323, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6324, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6325, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6326, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6327, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6329, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6330, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6331, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6332, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6333, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6334, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6335, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6336, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6337, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6338, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6340, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6341, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6342, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6343, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6344, result: successful	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6345, result: no such process	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior

Source: classification engine

Classification label: mal64.spre.troj.linELF@0/9@0/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 6265)	File: /proc/6265/mounts			Jump to behavior
Source: /bin/fusermount (PID: 6282)	File: /proc/6282/mounts			Jump to behavior

Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1582/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2033/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/3088/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1579/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1612/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1335/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1334/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1576/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2302/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/4444/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/910/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/4445/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/912/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/517/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/759/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2307/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/918/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1594/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2285/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2281/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1349/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/761/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/884/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1983/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2038/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1344/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1465/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1586/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1860/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1463/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/800/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/801/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6254/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6257/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/3021/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/491/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2294/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/772/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1599/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/774/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1477/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/654/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/896/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1476/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1872/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2048/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/655/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1475/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2289/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/777/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/656/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/657/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/658/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/419/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/936/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2208/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2180/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/4480/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6263/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6265/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/4484/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6300/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6302/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1809/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6301/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1494/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6261/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1886/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/420/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1489/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/785/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/788/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/667/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/789/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/4478/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6278/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6310/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/4530/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6279/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/670/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2746/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/793/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/674/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/1532/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/796/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/675/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/797/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/676/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/677/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/799/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/4488/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6304/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6303/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6306/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6305/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6308/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/2749/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6307/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6309/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6320/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6322/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6321/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6324/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6323/maps	Jump to behavior
Source: /tmp/Fantazy.spc.elf (PID: 6259)	File opened: /proc/6281/maps	Jump to behavior

Source: /usr/bin/gpu-manager (PID: 6319)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6320)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6321)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6322)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6323)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6324)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6325)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6326)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6329)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6330)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6332)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6333)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6334)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior

Source: /usr/bin/dash (PID: 6222)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.AWtkl2orJL /tmp/tmp.EwQ688Ot4L /tmp/tmp.N5aVoMdhdL			Jump to behavior
Source: /usr/bin/dash (PID: 6223)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.AWtkl2orJL /tmp/tmp.EwQ688Ot4L /tmp/tmp.N5aVoMdhdL			Jump to behavior

Source: /usr/sbin/rsyslogd (PID: 6280)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6309)	Log file created: /var/log/kern.log	Jump to dropped file
Source: /usr/bin/gpu-manager (PID: 6318)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6328)	Log file created: /var/log/gpu-manager.log	Jump to dropped file

Source: /usr/bin/gpu-manager (PID: 6318)	Truncated file: /var/log/gpu-manager.log			Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6328)	Truncated file: /var/log/gpu-manager.log			Jump to behavior

Source: /tmp/Fantazy.spc.elf (PID: 6251)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6280)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6309)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6318)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6328)	Queries kernel information via 'uname':	Jump to behavior

Source: Fantazy.spc.elf, 6251.1.000055f9922f4000.000055f992359000.rw-.sdmp, Fantazy.spc.elf, 6253.1.000055f9922f4000.000055f992359000.rw-.sdmp, Fantazy.spc.elf, 6254.1.000055f9922f4000.000055f992359000.rw-.sdmp, Fantazy.spc.elf, 6257.1.000055f9922f4000.000055f992359000.rw-.sdmp, Fantazy.spc.elf, 6261.1.000055f9922f4000.000055f992359000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sparc
Source: Fantazy.spc.elf, 6251.1.000055f9922f4000.000055f992359000.rw-.sdmp, Fantazy.spc.elf, 6253.1.000055f9922f4000.000055f992359000.rw-.sdmp, Fantazy.spc.elf, 6254.1.000055f9922f4000.000055f992359000.rw-.sdmp, Fantazy.spc.elf, 6257.1.000055f9922f4000.000055f992359000.rw-.sdmp, Fantazy.spc.elf, 6261.1.000055f9922f4000.000055f992359000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/sparc
Source: Fantazy.spc.elf, 6251.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp, Fantazy.spc.elf, 6253.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp, Fantazy.spc.elf, 6254.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp, Fantazy.spc.elf, 6257.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp, Fantazy.spc.elf, 6261.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp	Binary or memory string: x(x86_64/usr/bin/qemu-sparc/tmp/Fantazy.spc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Fantazy.spc.elf
Source: Fantazy.spc.elf, 6251.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp, Fantazy.spc.elf, 6253.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp, Fantazy.spc.elf, 6254.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp, Fantazy.spc.elf, 6257.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp, Fantazy.spc.elf, 6261.1.00007ffd180ff000.00007ffd18120000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sparc

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Indicator Removal	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	11 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Fantazy.spc.elf	61%	ReversingLabs	Linux.Trojan.Mirai
Fantazy.spc.elf	57%	Virustotal		Browse
Fantazy.spc.elf	100%	Avira	EXP/ELF.Gafgyt.Z.A

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
219.83.157.198	unknown	China	4795	INDOSATM2-IDINDOSATM2ASNID	false
99.145.63.186	unknown	United States	7018	ATT-INTERNET4US	false
192.9.30.27	unknown	United States	36224	HCLTA94085US	false
92.240.226.27	unknown	Slovakia (SLOVAK Republic)	42005	LIGHTSTORM-COMMUNICATIONS-SRO-SK-ASPeeringsSK	false
83.44.31.228	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
108.47.59.237	unknown	United States	5650	FRONTIER-FRTRUS	false
203.253.142.147	unknown	Korea Republic of	1237	KREONET-AS-KRKISTIKR	false
78.240.160.233	unknown	France	12322	PROXADFR	false
102.127.104.191	unknown	Sudan	36972	MTNSD	false
59.130.140.239	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
119.238.14.180	unknown	Japan	2518	BIGLOBEBIGLOBEIncJP	false
200.119.220.10	unknown	Bolivia	25620	COTASLTDABO	false
68.95.158.162	unknown	United States	7018	ATT-INTERNET4US	false
155.152.132.33	unknown	United States	1494	DNIC-ASBLK-01494-01495US	false
40.170.82.141	unknown	United States	4249	LILLY-ASUS	false
201.234.205.29	unknown	Argentina	3549	LVLT-3549US	false
170.188.131.84	unknown	United States	47090	SCLHS-47090US	false
172.157.110.11	unknown	United States	7018	ATT-INTERNET4US	false
19.159.168.15	unknown	United States	3	MIT-GATEWAYSUS	false
146.77.114.208	unknown	United Kingdom	4193	WA-STATE-GOVUS	false
121.15.222.122	unknown	China	58543	CHINATELECOM-GUANGDONG-IDCGuangdongCN	false
155.54.25.124	unknown	Spain	766	REDIRISRedIRISAutonomousSystemES	false
171.46.213.10	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
135.255.36.150	unknown	United States	10455	LUCENT-CIOUS	false
91.53.39.62	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
202.137.195.241	unknown	Australia	9328	DATACOM-AUDATACOMSYSTEMSAUPTYLTDAU	false
91.100.206.69	unknown	Denmark	15516	DK-DANSKKABELTVDK	false
221.207.38.133	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
112.38.252.211	unknown	China	24444	CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompany	false
154.254.73.2	unknown	Algeria	36947	ALGTEL-ASDZ	false
74.47.113.23	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
4.210.84.218	unknown	United States	3356	LEVEL3US	false
68.149.0.150	unknown	Canada	6327	SHAWCA	false
212.151.55.251	unknown	Sweden	1257	TELE2EU	false
221.57.122.114	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
163.77.105.57	unknown	France	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
102.20.79.113	unknown	unknown	37054	Telecom-MalagasyMG	false
166.13.88.92	unknown	Switzerland	11798	ACEDATACENTERS-AS-1US	false
150.91.53.82	unknown	Japan	18126	CTCXChubuTelecommunicationsCompanyIncJP	false
189.219.82.231	unknown	Mexico	265594	TelevisionInternacionalSAdeCVMX	false
206.17.250.183	unknown	United States	4264	CERNET-ASN-BLOCKUS	false
19.161.108.127	unknown	United States	3	MIT-GATEWAYSUS	false
155.167.150.238	unknown	United States	20057	ATT-MOBILITY-LLC-AS20057US	false
23.64.64.25	unknown	United States	33657	CMCSUS	false
38.87.190.232	unknown	United States	174	COGENT-174US	false
61.228.7.71	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
198.232.208.252	unknown	United States	292	ESNET-WESTUS	false
221.64.198.4	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
79.134.164.131	unknown	Bulgaria	12829	ANGELSOFTBulgariaBG	false
117.80.205.90	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
24.109.54.109	unknown	Canada	6327	SHAWCA	false
196.71.162.178	unknown	Morocco	6713	IAM-ASMA	false
206.91.176.238	unknown	United States	3549	LVLT-3549US	false
38.254.222.110	unknown	United States	174	COGENT-174US	false
133.9.36.55	unknown	Japan	17956	WASEDAWASEDAUniversityJP	false
121.160.234.29	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
54.60.167.108	unknown	United States	14618	AMAZON-AESUS	false
5.64.216.149	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
105.168.79.207	unknown	Angola	37119	unitel-ASAO	false
174.160.9.42	unknown	United States	7922	COMCAST-7922US	false
204.66.182.38	unknown	United States	1761	TDIR-CAPNETUS	false
160.22.201.149	unknown	unknown	45194	SIPL-ASSysconInfowayPvtLtdIN	false
173.68.136.134	unknown	United States	701	UUNETUS	false
69.154.193.16	unknown	United States	7018	ATT-INTERNET4US	false
95.129.142.111	unknown	Russian Federation	5572	BOTIKPublicnetworkofPereslavl-ZalesskyRU	false
82.98.181.240	unknown	Spain	42612	DINAHOSTING-ASES	false
2.27.16.190	unknown	United Kingdom	12576	EELtdGB	false
67.160.125.132	unknown	United States	7922	COMCAST-7922US	false
101.235.242.12	unknown	Korea Republic of	10036	CNM-AS-KRDLIVEKR	false
96.75.28.12	unknown	United States	7922	COMCAST-7922US	false
14.171.90.125	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
180.173.160.131	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
63.177.121.133	unknown	United States	1239	SPRINTLINKUS	false
97.189.135.25	unknown	United States	6167	CELLCO-PARTUS	false
2.78.110.173	unknown	Kazakhstan	29355	KCELL-ASKZ	false
193.58.82.130	unknown	Belgium	8677	WORLDLINEFR	false
156.124.8.62	unknown	United States	393504	XNSTGCA	false
38.149.112.246	unknown	United States	174	COGENT-174US	false
209.78.227.175	unknown	United States	7132	SBIS-ASUS	false
38.196.127.211	unknown	United States	174	COGENT-174US	false
84.132.46.25	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
113.159.133.242	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
14.205.42.243	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
146.38.32.33	unknown	United States	197938	TRAVIANGAMESDE	false
164.126.36.140	unknown	Poland	39603	P4NETP4UMTSoperatorinPolandPL	false
48.224.212.96	unknown	United States	2686	ATGS-MMD-ASUS	false
196.126.126.38	unknown	Morocco	36925	ASMediMA	false
32.108.110.16	unknown	United States	2688	ATGS-MMD-ASUS	false
46.234.204.43	unknown	Italy	50316	NETGLOBAL-ASNIT	false
179.117.54.128	unknown	Brazil	26599	TELEFONICABRASILSABR	false
72.119.73.55	unknown	United States	22394	CELLCOUS	false
119.138.62.22	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
59.244.44.1	unknown	China	2516	KDDIKDDICORPORATIONJP	false
195.233.37.229	unknown	Germany	12663	VODAFONE-GROUPIT	false
19.12.109.70	unknown	United States	3	MIT-GATEWAYSUS	false
109.79.0.255	unknown	Ireland	15502	VODAFONE-IRELAND-ASNIE	false
5.1.66.185	unknown	Germany	34549	MEER-ASmeerfarbigGmbHCoKGDE	false
196.2.209.201	unknown	Egypt	12258	OPTINETZA	false
211.96.93.84	unknown	China	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
84.136.241.236	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LIGHTSTORM-COMMUNICATIONS-SRO-SK-ASPeeringsSK	ZRgv8wdMtR.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	92.240.253.3
	eVu3uJpmeE.elf	Get hash	malicious	Mirai	Browse	45.149.179.88
	oF9ll1f32d.elf	Get hash	malicious	Mirai	Browse	45.149.179.98
	O11Vx8VJED.dll	Get hash	malicious	Emotet	Browse	92.240.254.110
	U2ORGDN0Qn.dll	Get hash	malicious	Emotet	Browse	92.240.254.110
	xhOJLzQSe7.dll	Get hash	malicious	Emotet	Browse	92.240.254.110
	9818t9ks1s.dll	Get hash	malicious	Emotet	Browse	92.240.254.110
	CUfsVUDkr6.dll	Get hash	malicious	Emotet	Browse	92.240.254.110
	l2sFDHB0lp.dll	Get hash	malicious	Emotet	Browse	92.240.254.110
	FC6cLk6kKz.dll	Get hash	malicious	Emotet	Browse	92.240.254.110
INDOSATM2-IDINDOSATM2ASNID	4.elf	Get hash	malicious	Unknown	Browse	124.81.4.59
	db0fa4b8db0333367e9bda3ab68b8042.i686.elf	Get hash	malicious	Mirai, Gafgyt	Browse	182.28.194.84
	xd.sh4.elf	Get hash	malicious	Mirai	Browse	114.58.228.10
	loligang.mips.elf	Get hash	malicious	Mirai	Browse	182.24.76.182
	nabarm.elf	Get hash	malicious	Unknown	Browse	182.28.58.48
	armv6l.elf	Get hash	malicious	Unknown	Browse	124.81.176.131
	mipsel.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	182.30.97.49
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	124.81.164.58
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	182.28.51.133
	la.bot.mips.elf	Get hash	malicious	Mirai	Browse	182.25.113.39
ATT-INTERNET4US	Fantazy.x86.elf	Get hash	malicious	Unknown	Browse	68.92.37.13
	Fantazy.i686.elf	Get hash	malicious	Unknown	Browse	70.230.219.235
	Fantazy.arm7.elf	Get hash	malicious	Mirai	Browse	99.164.4.73
	momo.mips.elf	Get hash	malicious	Mirai	Browse	70.138.242.7
	momo.arm.elf	Get hash	malicious	Mirai	Browse	216.63.4.111
	momo.mpsl.elf	Get hash	malicious	Mirai	Browse	12.89.103.186
	momo.arm7.elf	Get hash	malicious	Mirai	Browse	107.65.66.153
	armv7l.elf	Get hash	malicious	Unknown	Browse	107.132.174.1
	z0r0.m68k.elf	Get hash	malicious	Mirai	Browse	172.159.109.59
	z0r0.x86.elf	Get hash	malicious	Mirai	Browse	108.68.161.241
HCLTA94085US	nabppc.elf	Get hash	malicious	Unknown	Browse	192.8.90.241
	nabmips.elf	Get hash	malicious	Unknown	Browse	192.10.75.18
	http://192.9.135.73/	Get hash	malicious	Unknown	Browse	192.9.135.73
	botx.mpsl.elf	Get hash	malicious	Mirai	Browse	192.10.186.186
	VxrYNgC0xs.elf	Get hash	malicious	Mirai	Browse	192.9.3.218
	EdAIk9WUtL.elf	Get hash	malicious	Unknown	Browse	192.9.222.32
	RFPkr0m6HL.elf	Get hash	malicious	Mirai	Browse	192.9.25.118
	kckAJXuz5V.elf	Get hash	malicious	Mirai	Browse	192.9.3.221
	loligang.arm.elf	Get hash	malicious	Mirai	Browse	192.8.16.231
	AYSz5iu0AR.elf	Get hash	malicious	Mirai	Browse	192.9.107.31

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/tmp/qemu-open.Ds6lLu (deleted)

Download File

Process:	/tmp/Fantazy.spc.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	312
Entropy (8bit):	3.5567200370478314
Encrypted:	false
SSDEEP:	6:M0DF6EEcsl10Y/VUS/FYDF6EEcsq0/VBVWPj/VfKoO/VNfiY/VH:MMNIluS/FQNIR/l
MD5:	B7A45E6E5336C769A54C375EF3F1D6D3
SHA1:	3261113831C1FA502D0C836EBA6B217167CD526A
SHA-256:	E3A4391A056F742B7A5B6BBF83388FEE74A90E4861D35D903DF6105412538C54
SHA-512:	6E3C1ED2A6C23A695C5D0090FA66CB7EDF31CADBE4B041BD722C92B98F7ECE2137F953761E814FC8D9FF79144C7A869A788D0E17F7E2C4CC6F34A9F95922D4FA
Malicious:	false
Reputation:	low
Preview:	10000-24000 r-xp 00000000 fd:00 531606 /tmp/Fantazy.spc.elf.33000-34000 rw-p 00013000 fd:00 531606 /tmp/Fantazy.spc.elf.34000-35000 rw-p 00000000 00:00 0 .35000-37000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

/var/lib/ubuntu-drivers-common/last_gfx_boot

Download File

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	25
Entropy (8bit):	2.7550849518197795
Encrypted:	false
SSDEEP:	3:JoT/V9fDVbn:M/V3n
MD5:	078760523943E160756979906B85FB5E
SHA1:	0962643266F4C5537F7D125046F28F21D6DD0C89
SHA-256:	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
SHA-512:	DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	15ad:0405;0000:00:0f:0;1.

/var/log/gpu-manager.log

Download File

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	4.8296848499188485
Encrypted:	false
SSDEEP:	24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
MD5:	3AF77E630DA00B3BE24F4E8AA5D78B13
SHA1:	BCF2D99E002F6DE2413A183227B011CFBEF5673D
SHA-256:	EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
SHA-512:	8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

/var/log/kern.log

Download File

Process:	/usr/sbin/rsyslogd
File Type:	ASCII text
Category:	dropped
Size (bytes):	2811
Entropy (8bit):	4.711648435526806
Encrypted:	false
SSDEEP:	48:InmgXPzFnmBP49fnmdNacsn44VWfQ44GWIEBbaFkuApX61oAqVOH8KyOnIwJeEtb:IFfzF02VWnAKtFL
MD5:	89F567CC2A9A8123D9F1AB9602053522
SHA1:	75314BCF92D9680B629E1F5E1AC2078261BB23B2
SHA-256:	E1E4A3EF32E3588325D99E6639F756FEC077692BAE234666117299923776FF9D
SHA-512:	800220FD4476AADD382219637E5DA00605A4FCD257F22D12255FCAB2BFD64D5B37934E1423F67D2A2A5B20C5A4452895DF7B0E12180151351A19446371D5C963
Malicious:	false
Reputation:	low
Preview:	Jan 5 10:42:53 galassia kernel: [ 417.907424] New task spawned: old: (tgid 6309, tid 6309), new (tgid: 6309, tid: 6311).Jan 5 10:42:53 galassia kernel: [ 417.907562] New task spawned: old: (tgid 6309, tid 6309), new (tgid: 6309, tid: 6312).Jan 5 10:42:53 galassia kernel: [ 417.914382] New task spawned: old: (tgid 6309, tid 6312), new (tgid: 6309, tid: 6313).Jan 5 10:42:55 galassia kernel: [ 419.612110] Reached call limit: pid 6259, name getdents.Jan 5 10:42:55 galassia kernel: [ 419.765924] New task spawned: old: (tgid 6318, tid 6318), new (tgid: 6319, tid: 6319).Jan 5 10:42:55 galassia kernel: [ 419.779508] New task spawned: old: (tgid 6318, tid 6318), new (tgid: 6320, tid: 6320).Jan 5 10:42:55 galassia kernel: [ 419.829976] New task spawned: old: (tgid 6318, tid 6318), new (tgid: 6321, tid: 6321).Jan 5 10:42:55 galassia kernel: [ 419.847451] New task spawned: old: (tgid 6318, tid 6318), new (tgid: 6322, tid: 6322).Jan 5 10:42:55 galassia kernel: [ 419.875861] New ta

/var/log/syslog

Download File

Process:	/usr/sbin/rsyslogd
File Type:	ASCII text
Category:	dropped
Size (bytes):	22628
Entropy (8bit):	5.0058128429751205
Encrypted:	false
SSDEEP:	384:Ir45qm75WEU+t5OQysCtwtxso1vY5N+int+Scgn83YH7wkof8YfSOxoMbJ1cl+uD:Ir45qm75WEU+t5OQysCtwtxso1vY5N+4
MD5:	6800E44CD52199B0F0801E17EC4BCB84
SHA1:	CA21842395103A52D12EFAC1A27B44FBBD7A463B
SHA-256:	3B39991801BE5ED63DDF33671C1DED70FBCD4E82EF6A7DF21F09874FDC841FF6
SHA-512:	4614DCBECECE0B4646AEE59385E9129E36FE4E79686024716A308BB3926CE46FE624C94FB4548B47EF7BBADBDB6FB1E708E483A646E0BD52F4A2F8A6D5F635D5
Malicious:	false
Reputation:	low
Preview:	Jan 5 10:42:53 galassia kernel: [ 416.795134] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL.Jan 5 10:42:53 galassia kernel: [ 416.795190] systemd[1]: rsyslog.service: Failed with result 'signal'..Jan 5 10:42:53 galassia kernel: [ 416.809022] systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL.Jan 5 10:42:53 galassia kernel: [ 416.809077] systemd[1]: systemd-journald.service: Failed with result 'signal'..Jan 5 10:42:53 galassia kernel: [ 416.809352] systemd[1]: Failed to start Journal Service..Jan 5 10:42:53 galassia kernel: [ 416.809462] systemd[1]: Dependency failed for Flush Journal to Persistent Storage..Jan 5 10:42:53 galassia kernel: [ 416.809468] systemd[1]: systemd-journal-flush.service: Job systemd-journal-flush.service/start failed with result 'dependency'..Jan 5 10:42:53 galassia kernel: [ 416.809588] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 2..Jan 5 10:

Static File Info

General

File type:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.1341819652300185
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	Fantazy.spc.elf
File size:	79'640 bytes
MD5:	41a25c69dd620bdcc981fa7f2f9eb17c
SHA1:	3468d96adfdad9b14e3ee85953def329c060d89d
SHA256:	86ea087502d2a58294f70f637833cbdfd1a69ffe82454a6c950fdf5659d7a11d
SHA512:	87179bef12ffded589b09bfeaae597cbce9f5a6d1821c69772ce4f6815c1908deeeda5424c57feefc0a256fbd3599ebe2acc226ba5609dae0c44b17fc65d006d
SSDEEP:	1536:3MFBVS4HUzWODr1oufYcac2wGfOECkAVFTSs4wj:IBUM2Hqc9GCXR4wj
TLSH:	A8731814E97D2E2BC0D8A13F12F78716F2E5360E20B0866D7D790F8EFB54680A5467B6
File Content Preview:	.ELF...........................4..5......4. ...(......................3...3...............3...3...3....4............dt.Q................................@..(....@.G.................#.....aH..`.....!.....#,..@.....".........`......$#,..#,..@...........`....

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	Sparc
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x101a4
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	79240
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10094	0x94	0x1c	0x0	0x6	AX	4
.text	PROGBITS	0x100b0	0xb0	0x11e6c	0x0	0x6	AX	4
.fini	PROGBITS	0x21f1c	0x11f1c	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x21f30	0x11f30	0x13e0	0x0	0x2	A	8
.ctors	PROGBITS	0x33314	0x13314	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x3331c	0x1331c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x33328	0x13328	0x220	0x0	0x3	WA	8
.bss	NOBITS	0x33548	0x13548	0x558	0x0	0x3	WA	8
.shstrtab	STRTAB	0x0	0x13548	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000	0x10000	0x13310	0x13310	6.1537	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x13314	0x33314	0x33314	0x234	0x78c	2.9495	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2025 17:42:48.962203979 CET	443	33606	54.171.230.55	192.168.2.23
Jan 5, 2025 17:42:48.962363958 CET	33606	443	192.168.2.23	54.171.230.55
Jan 5, 2025 17:42:48.967216015 CET	443	33606	54.171.230.55	192.168.2.23
Jan 5, 2025 17:42:50.880709887 CET	43928	443	192.168.2.23	91.189.91.42
Jan 5, 2025 17:42:51.026170969 CET	49072	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.031025887 CET	63645	49072	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:51.031078100 CET	49072	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.035131931 CET	10359	2323	192.168.2.23	119.238.14.180
Jan 5, 2025 17:42:51.035260916 CET	10359	23	192.168.2.23	189.219.82.231
Jan 5, 2025 17:42:51.035283089 CET	10359	23	192.168.2.23	173.68.136.134
Jan 5, 2025 17:42:51.035286903 CET	10359	23	192.168.2.23	175.210.143.16
Jan 5, 2025 17:42:51.035334110 CET	10359	23	192.168.2.23	174.70.103.211
Jan 5, 2025 17:42:51.035340071 CET	10359	23	192.168.2.23	47.183.98.253
Jan 5, 2025 17:42:51.035383940 CET	10359	23	192.168.2.23	74.173.7.86
Jan 5, 2025 17:42:51.035423994 CET	10359	23	192.168.2.23	169.149.125.59
Jan 5, 2025 17:42:51.035437107 CET	10359	23	192.168.2.23	189.57.170.142
Jan 5, 2025 17:42:51.035490036 CET	10359	23	192.168.2.23	133.9.36.55
Jan 5, 2025 17:42:51.035494089 CET	10359	2323	192.168.2.23	222.233.39.68
Jan 5, 2025 17:42:51.035506010 CET	10359	23	192.168.2.23	121.226.120.33
Jan 5, 2025 17:42:51.035516977 CET	10359	23	192.168.2.23	8.35.242.59
Jan 5, 2025 17:42:51.035516977 CET	10359	23	192.168.2.23	111.73.27.214
Jan 5, 2025 17:42:51.035542965 CET	10359	23	192.168.2.23	91.53.39.62
Jan 5, 2025 17:42:51.035554886 CET	10359	23	192.168.2.23	89.221.28.178
Jan 5, 2025 17:42:51.035573006 CET	10359	23	192.168.2.23	42.244.45.28
Jan 5, 2025 17:42:51.035584927 CET	10359	23	192.168.2.23	88.46.234.167
Jan 5, 2025 17:42:51.035586119 CET	10359	23	192.168.2.23	14.205.42.243
Jan 5, 2025 17:42:51.035615921 CET	10359	23	192.168.2.23	45.50.182.228
Jan 5, 2025 17:42:51.035723925 CET	10359	2323	192.168.2.23	178.125.146.244
Jan 5, 2025 17:42:51.035762072 CET	10359	23	192.168.2.23	196.192.170.183
Jan 5, 2025 17:42:51.035758972 CET	10359	23	192.168.2.23	130.221.84.113
Jan 5, 2025 17:42:51.035769939 CET	10359	23	192.168.2.23	141.240.76.83
Jan 5, 2025 17:42:51.035784006 CET	10359	23	192.168.2.23	82.98.181.240
Jan 5, 2025 17:42:51.035801888 CET	10359	23	192.168.2.23	166.13.88.92
Jan 5, 2025 17:42:51.035825968 CET	10359	23	192.168.2.23	34.188.238.215
Jan 5, 2025 17:42:51.035830975 CET	10359	23	192.168.2.23	59.244.44.1
Jan 5, 2025 17:42:51.035907030 CET	10359	23	192.168.2.23	66.251.7.10
Jan 5, 2025 17:42:51.035938025 CET	10359	23	192.168.2.23	115.198.136.163
Jan 5, 2025 17:42:51.035988092 CET	10359	2323	192.168.2.23	160.22.201.149
Jan 5, 2025 17:42:51.036024094 CET	10359	23	192.168.2.23	161.229.220.168
Jan 5, 2025 17:42:51.036024094 CET	10359	23	192.168.2.23	60.48.39.67
Jan 5, 2025 17:42:51.036061049 CET	10359	23	192.168.2.23	113.114.173.149
Jan 5, 2025 17:42:51.036061049 CET	10359	23	192.168.2.23	165.150.219.55
Jan 5, 2025 17:42:51.036068916 CET	10359	23	192.168.2.23	17.119.103.12
Jan 5, 2025 17:42:51.036108017 CET	10359	23	192.168.2.23	5.64.216.149
Jan 5, 2025 17:42:51.036111116 CET	10359	23	192.168.2.23	24.109.54.109
Jan 5, 2025 17:42:51.036143064 CET	10359	23	192.168.2.23	209.91.136.168
Jan 5, 2025 17:42:51.036149025 CET	10359	23	192.168.2.23	110.210.46.30
Jan 5, 2025 17:42:51.036161900 CET	10359	2323	192.168.2.23	105.203.131.69
Jan 5, 2025 17:42:51.036192894 CET	10359	23	192.168.2.23	120.157.221.234
Jan 5, 2025 17:42:51.036197901 CET	10359	23	192.168.2.23	200.231.114.179
Jan 5, 2025 17:42:51.036209106 CET	10359	23	192.168.2.23	113.159.133.242
Jan 5, 2025 17:42:51.036240101 CET	10359	23	192.168.2.23	156.80.237.13
Jan 5, 2025 17:42:51.036245108 CET	10359	23	192.168.2.23	95.129.142.111
Jan 5, 2025 17:42:51.036245108 CET	10359	23	192.168.2.23	221.57.122.114
Jan 5, 2025 17:42:51.036251068 CET	10359	23	192.168.2.23	156.176.154.213
Jan 5, 2025 17:42:51.036266088 CET	10359	23	192.168.2.23	81.2.166.198
Jan 5, 2025 17:42:51.036320925 CET	10359	23	192.168.2.23	188.97.111.197
Jan 5, 2025 17:42:51.036376953 CET	10359	2323	192.168.2.23	146.38.32.33
Jan 5, 2025 17:42:51.036393881 CET	10359	23	192.168.2.23	123.35.251.52
Jan 5, 2025 17:42:51.036396027 CET	10359	23	192.168.2.23	38.196.127.211
Jan 5, 2025 17:42:51.036398888 CET	10359	23	192.168.2.23	196.35.10.109
Jan 5, 2025 17:42:51.036415100 CET	10359	23	192.168.2.23	38.87.190.232
Jan 5, 2025 17:42:51.036459923 CET	10359	23	192.168.2.23	90.5.58.221
Jan 5, 2025 17:42:51.036501884 CET	10359	23	192.168.2.23	207.194.128.93
Jan 5, 2025 17:42:51.036510944 CET	10359	23	192.168.2.23	117.80.205.90
Jan 5, 2025 17:42:51.036524057 CET	10359	23	192.168.2.23	5.1.66.185
Jan 5, 2025 17:42:51.036550045 CET	10359	23	192.168.2.23	112.63.250.209
Jan 5, 2025 17:42:51.036551952 CET	10359	2323	192.168.2.23	94.15.114.127
Jan 5, 2025 17:42:51.036576986 CET	10359	23	192.168.2.23	108.95.108.15
Jan 5, 2025 17:42:51.036582947 CET	10359	23	192.168.2.23	202.137.195.241
Jan 5, 2025 17:42:51.036595106 CET	10359	23	192.168.2.23	179.117.54.128
Jan 5, 2025 17:42:51.036617994 CET	10359	23	192.168.2.23	43.39.137.29
Jan 5, 2025 17:42:51.036618948 CET	10359	23	192.168.2.23	210.129.108.91
Jan 5, 2025 17:42:51.036631107 CET	10359	23	192.168.2.23	72.239.139.184
Jan 5, 2025 17:42:51.036640882 CET	10359	23	192.168.2.23	102.127.104.191
Jan 5, 2025 17:42:51.036657095 CET	10359	23	192.168.2.23	59.130.140.239
Jan 5, 2025 17:42:51.036695004 CET	10359	2323	192.168.2.23	207.162.18.203
Jan 5, 2025 17:42:51.036695957 CET	10359	23	192.168.2.23	91.128.36.98
Jan 5, 2025 17:42:51.036710024 CET	10359	23	192.168.2.23	173.110.243.45
Jan 5, 2025 17:42:51.036711931 CET	10359	23	192.168.2.23	31.109.187.8
Jan 5, 2025 17:42:51.036778927 CET	10359	23	192.168.2.23	155.92.113.22
Jan 5, 2025 17:42:51.036780119 CET	10359	23	192.168.2.23	101.43.141.247
Jan 5, 2025 17:42:51.036781073 CET	10359	23	192.168.2.23	196.126.126.38
Jan 5, 2025 17:42:51.036843061 CET	10359	23	192.168.2.23	147.78.222.166
Jan 5, 2025 17:42:51.036928892 CET	10359	23	192.168.2.23	163.77.105.57
Jan 5, 2025 17:42:51.036928892 CET	10359	23	192.168.2.23	58.245.106.225
Jan 5, 2025 17:42:51.036928892 CET	10359	23	192.168.2.23	4.210.84.218
Jan 5, 2025 17:42:51.036932945 CET	10359	2323	192.168.2.23	14.171.90.125
Jan 5, 2025 17:42:51.036988974 CET	10359	23	192.168.2.23	172.56.194.180
Jan 5, 2025 17:42:51.036992073 CET	10359	23	192.168.2.23	222.143.85.173
Jan 5, 2025 17:42:51.037015915 CET	10359	23	192.168.2.23	219.172.47.16
Jan 5, 2025 17:42:51.037030935 CET	10359	23	192.168.2.23	206.91.176.238
Jan 5, 2025 17:42:51.037035942 CET	10359	23	192.168.2.23	165.201.239.89
Jan 5, 2025 17:42:51.037060976 CET	10359	23	192.168.2.23	19.12.109.70
Jan 5, 2025 17:42:51.037065029 CET	10359	23	192.168.2.23	200.119.220.10
Jan 5, 2025 17:42:51.037065029 CET	10359	23	192.168.2.23	99.236.88.56
Jan 5, 2025 17:42:51.037079096 CET	10359	23	192.168.2.23	103.202.41.121
Jan 5, 2025 17:42:51.037085056 CET	10359	2323	192.168.2.23	154.73.102.221
Jan 5, 2025 17:42:51.037132978 CET	10359	23	192.168.2.23	104.65.102.131
Jan 5, 2025 17:42:51.037156105 CET	10359	23	192.168.2.23	159.72.16.217
Jan 5, 2025 17:42:51.037159920 CET	10359	23	192.168.2.23	92.240.226.27
Jan 5, 2025 17:42:51.037193060 CET	10359	23	192.168.2.23	205.194.249.216
Jan 5, 2025 17:42:51.037223101 CET	10359	23	192.168.2.23	67.6.162.135
Jan 5, 2025 17:42:51.037228107 CET	10359	23	192.168.2.23	19.174.212.159
Jan 5, 2025 17:42:51.037250996 CET	10359	23	192.168.2.23	203.253.142.147
Jan 5, 2025 17:42:51.037256956 CET	10359	23	192.168.2.23	19.161.108.127
Jan 5, 2025 17:42:51.037271023 CET	10359	23	192.168.2.23	86.230.52.32
Jan 5, 2025 17:42:51.037271023 CET	49072	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.037275076 CET	10359	2323	192.168.2.23	86.120.131.79
Jan 5, 2025 17:42:51.037280083 CET	10359	23	192.168.2.23	32.108.110.16
Jan 5, 2025 17:42:51.037290096 CET	10359	23	192.168.2.23	222.6.51.22
Jan 5, 2025 17:42:51.037326097 CET	10359	23	192.168.2.23	66.234.50.141
Jan 5, 2025 17:42:51.037328959 CET	10359	23	192.168.2.23	40.170.82.141
Jan 5, 2025 17:42:51.037337065 CET	10359	23	192.168.2.23	219.83.157.198
Jan 5, 2025 17:42:51.037348986 CET	10359	23	192.168.2.23	8.9.144.227
Jan 5, 2025 17:42:51.037369013 CET	10359	23	192.168.2.23	159.220.253.207
Jan 5, 2025 17:42:51.037370920 CET	10359	23	192.168.2.23	217.201.149.173
Jan 5, 2025 17:42:51.037393093 CET	10359	23	192.168.2.23	115.3.166.241
Jan 5, 2025 17:42:51.037393093 CET	10359	2323	192.168.2.23	112.38.252.211
Jan 5, 2025 17:42:51.037421942 CET	10359	23	192.168.2.23	34.17.223.197
Jan 5, 2025 17:42:51.037445068 CET	10359	23	192.168.2.23	101.85.81.242
Jan 5, 2025 17:42:51.037461996 CET	10359	23	192.168.2.23	46.234.204.43
Jan 5, 2025 17:42:51.037466049 CET	10359	23	192.168.2.23	121.137.50.87
Jan 5, 2025 17:42:51.037502050 CET	10359	23	192.168.2.23	13.165.145.48
Jan 5, 2025 17:42:51.037503004 CET	10359	23	192.168.2.23	96.208.56.37
Jan 5, 2025 17:42:51.037508011 CET	10359	23	192.168.2.23	31.164.7.144
Jan 5, 2025 17:42:51.037516117 CET	10359	23	192.168.2.23	189.173.211.20
Jan 5, 2025 17:42:51.037528992 CET	10359	23	192.168.2.23	69.154.193.16
Jan 5, 2025 17:42:51.037545919 CET	10359	2323	192.168.2.23	108.47.59.237
Jan 5, 2025 17:42:51.037559986 CET	10359	23	192.168.2.23	59.131.124.219
Jan 5, 2025 17:42:51.037559986 CET	10359	23	192.168.2.23	84.136.241.236
Jan 5, 2025 17:42:51.037596941 CET	10359	23	192.168.2.23	138.230.197.121
Jan 5, 2025 17:42:51.037635088 CET	10359	23	192.168.2.23	136.82.227.247
Jan 5, 2025 17:42:51.037637949 CET	10359	23	192.168.2.23	172.157.110.11
Jan 5, 2025 17:42:51.037657976 CET	10359	23	192.168.2.23	97.24.24.45
Jan 5, 2025 17:42:51.037658930 CET	10359	23	192.168.2.23	79.224.2.216
Jan 5, 2025 17:42:51.037662983 CET	10359	23	192.168.2.23	20.190.13.86
Jan 5, 2025 17:42:51.037667990 CET	10359	2323	192.168.2.23	126.174.157.91
Jan 5, 2025 17:42:51.037668943 CET	10359	23	192.168.2.23	126.220.190.232
Jan 5, 2025 17:42:51.037686110 CET	10359	23	192.168.2.23	219.5.174.0
Jan 5, 2025 17:42:51.037693977 CET	10359	23	192.168.2.23	96.75.28.12
Jan 5, 2025 17:42:51.037709951 CET	10359	23	192.168.2.23	121.15.222.122
Jan 5, 2025 17:42:51.037714958 CET	10359	23	192.168.2.23	65.152.206.9
Jan 5, 2025 17:42:51.037715912 CET	10359	23	192.168.2.23	218.60.152.164
Jan 5, 2025 17:42:51.037736893 CET	10359	23	192.168.2.23	78.168.167.62
Jan 5, 2025 17:42:51.037736893 CET	10359	23	192.168.2.23	99.145.63.186
Jan 5, 2025 17:42:51.037740946 CET	10359	23	192.168.2.23	126.172.173.45
Jan 5, 2025 17:42:51.037755966 CET	10359	23	192.168.2.23	86.255.65.148
Jan 5, 2025 17:42:51.037763119 CET	10359	2323	192.168.2.23	154.21.87.166
Jan 5, 2025 17:42:51.037765980 CET	10359	23	192.168.2.23	102.20.79.113
Jan 5, 2025 17:42:51.037772894 CET	10359	23	192.168.2.23	156.174.130.69
Jan 5, 2025 17:42:51.037785053 CET	10359	23	192.168.2.23	65.221.169.190
Jan 5, 2025 17:42:51.037786961 CET	10359	23	192.168.2.23	175.211.236.57
Jan 5, 2025 17:42:51.037798882 CET	10359	23	192.168.2.23	99.248.132.98
Jan 5, 2025 17:42:51.037817955 CET	10359	23	192.168.2.23	218.71.38.14
Jan 5, 2025 17:42:51.037834883 CET	10359	23	192.168.2.23	155.167.150.238
Jan 5, 2025 17:42:51.037863970 CET	10359	23	192.168.2.23	157.165.31.253
Jan 5, 2025 17:42:51.037864923 CET	10359	23	192.168.2.23	196.71.162.178
Jan 5, 2025 17:42:51.037888050 CET	10359	2323	192.168.2.23	101.235.242.12
Jan 5, 2025 17:42:51.037888050 CET	10359	23	192.168.2.23	72.119.73.55
Jan 5, 2025 17:42:51.037899017 CET	10359	23	192.168.2.23	1.155.227.112
Jan 5, 2025 17:42:51.037899017 CET	10359	23	192.168.2.23	141.97.190.94
Jan 5, 2025 17:42:51.037903070 CET	10359	23	192.168.2.23	161.71.62.70
Jan 5, 2025 17:42:51.037930965 CET	10359	23	192.168.2.23	98.212.178.68
Jan 5, 2025 17:42:51.037935019 CET	10359	23	192.168.2.23	67.180.90.149
Jan 5, 2025 17:42:51.037952900 CET	10359	23	192.168.2.23	139.160.32.197
Jan 5, 2025 17:42:51.038002014 CET	10359	23	192.168.2.23	151.247.106.7
Jan 5, 2025 17:42:51.038002014 CET	10359	23	192.168.2.23	223.181.220.51
Jan 5, 2025 17:42:51.039949894 CET	2323	10359	119.238.14.180	192.168.2.23
Jan 5, 2025 17:42:51.039999962 CET	10359	2323	192.168.2.23	119.238.14.180
Jan 5, 2025 17:42:51.040034056 CET	23	10359	189.219.82.231	192.168.2.23
Jan 5, 2025 17:42:51.040044069 CET	23	10359	173.68.136.134	192.168.2.23
Jan 5, 2025 17:42:51.040055990 CET	23	10359	175.210.143.16	192.168.2.23
Jan 5, 2025 17:42:51.040076971 CET	10359	23	192.168.2.23	189.219.82.231
Jan 5, 2025 17:42:51.040076971 CET	10359	23	192.168.2.23	173.68.136.134
Jan 5, 2025 17:42:51.040088892 CET	10359	23	192.168.2.23	175.210.143.16
Jan 5, 2025 17:42:51.040144920 CET	23	10359	174.70.103.211	192.168.2.23
Jan 5, 2025 17:42:51.040158987 CET	23	10359	47.183.98.253	192.168.2.23
Jan 5, 2025 17:42:51.040169001 CET	23	10359	74.173.7.86	192.168.2.23
Jan 5, 2025 17:42:51.040184021 CET	10359	23	192.168.2.23	174.70.103.211
Jan 5, 2025 17:42:51.040200949 CET	23	10359	169.149.125.59	192.168.2.23
Jan 5, 2025 17:42:51.040204048 CET	10359	23	192.168.2.23	47.183.98.253
Jan 5, 2025 17:42:51.040211916 CET	23	10359	189.57.170.142	192.168.2.23
Jan 5, 2025 17:42:51.040220976 CET	10359	23	192.168.2.23	74.173.7.86
Jan 5, 2025 17:42:51.040241003 CET	23	10359	133.9.36.55	192.168.2.23
Jan 5, 2025 17:42:51.040246010 CET	10359	23	192.168.2.23	169.149.125.59
Jan 5, 2025 17:42:51.040254116 CET	10359	23	192.168.2.23	189.57.170.142
Jan 5, 2025 17:42:51.040277004 CET	10359	23	192.168.2.23	133.9.36.55
Jan 5, 2025 17:42:51.044933081 CET	23	10359	121.226.120.33	192.168.2.23
Jan 5, 2025 17:42:51.044943094 CET	2323	10359	222.233.39.68	192.168.2.23
Jan 5, 2025 17:42:51.044960022 CET	23	10359	8.35.242.59	192.168.2.23
Jan 5, 2025 17:42:51.044970036 CET	23	10359	111.73.27.214	192.168.2.23
Jan 5, 2025 17:42:51.044982910 CET	10359	2323	192.168.2.23	222.233.39.68
Jan 5, 2025 17:42:51.044982910 CET	10359	23	192.168.2.23	121.226.120.33
Jan 5, 2025 17:42:51.044989109 CET	10359	23	192.168.2.23	8.35.242.59
Jan 5, 2025 17:42:51.045008898 CET	10359	23	192.168.2.23	111.73.27.214
Jan 5, 2025 17:42:51.049675941 CET	23	10359	91.53.39.62	192.168.2.23
Jan 5, 2025 17:42:51.049686909 CET	23	10359	89.221.28.178	192.168.2.23
Jan 5, 2025 17:42:51.049695015 CET	23	10359	42.244.45.28	192.168.2.23
Jan 5, 2025 17:42:51.049705029 CET	23	10359	88.46.234.167	192.168.2.23
Jan 5, 2025 17:42:51.049717903 CET	23	10359	14.205.42.243	192.168.2.23
Jan 5, 2025 17:42:51.049724102 CET	10359	23	192.168.2.23	89.221.28.178
Jan 5, 2025 17:42:51.049725056 CET	10359	23	192.168.2.23	91.53.39.62
Jan 5, 2025 17:42:51.049726963 CET	10359	23	192.168.2.23	42.244.45.28
Jan 5, 2025 17:42:51.049726963 CET	23	10359	45.50.182.228	192.168.2.23
Jan 5, 2025 17:42:51.049731016 CET	10359	23	192.168.2.23	88.46.234.167
Jan 5, 2025 17:42:51.049738884 CET	2323	10359	178.125.146.244	192.168.2.23
Jan 5, 2025 17:42:51.049747944 CET	23	10359	196.192.170.183	192.168.2.23
Jan 5, 2025 17:42:51.049756050 CET	23	10359	130.221.84.113	192.168.2.23
Jan 5, 2025 17:42:51.049758911 CET	10359	23	192.168.2.23	14.205.42.243
Jan 5, 2025 17:42:51.049761057 CET	10359	23	192.168.2.23	45.50.182.228
Jan 5, 2025 17:42:51.049767017 CET	23	10359	141.240.76.83	192.168.2.23
Jan 5, 2025 17:42:51.049774885 CET	23	10359	82.98.181.240	192.168.2.23
Jan 5, 2025 17:42:51.049782991 CET	10359	2323	192.168.2.23	178.125.146.244
Jan 5, 2025 17:42:51.049782991 CET	23	10359	166.13.88.92	192.168.2.23
Jan 5, 2025 17:42:51.049782991 CET	10359	23	192.168.2.23	196.192.170.183
Jan 5, 2025 17:42:51.049788952 CET	10359	23	192.168.2.23	130.221.84.113
Jan 5, 2025 17:42:51.049793959 CET	23	10359	34.188.238.215	192.168.2.23
Jan 5, 2025 17:42:51.049793959 CET	10359	23	192.168.2.23	141.240.76.83
Jan 5, 2025 17:42:51.049793959 CET	10359	23	192.168.2.23	82.98.181.240
Jan 5, 2025 17:42:51.049802065 CET	23	10359	59.244.44.1	192.168.2.23
Jan 5, 2025 17:42:51.049806118 CET	23	10359	66.251.7.10	192.168.2.23
Jan 5, 2025 17:42:51.049814939 CET	23	10359	115.198.136.163	192.168.2.23
Jan 5, 2025 17:42:51.049824953 CET	2323	10359	160.22.201.149	192.168.2.23
Jan 5, 2025 17:42:51.049824953 CET	10359	23	192.168.2.23	34.188.238.215
Jan 5, 2025 17:42:51.049834013 CET	23	10359	161.229.220.168	192.168.2.23
Jan 5, 2025 17:42:51.049835920 CET	10359	23	192.168.2.23	166.13.88.92
Jan 5, 2025 17:42:51.049835920 CET	10359	23	192.168.2.23	59.244.44.1
Jan 5, 2025 17:42:51.049835920 CET	10359	23	192.168.2.23	66.251.7.10
Jan 5, 2025 17:42:51.049843073 CET	23	10359	60.48.39.67	192.168.2.23
Jan 5, 2025 17:42:51.049846888 CET	23	10359	113.114.173.149	192.168.2.23
Jan 5, 2025 17:42:51.049849987 CET	10359	23	192.168.2.23	115.198.136.163
Jan 5, 2025 17:42:51.049850941 CET	23	10359	17.119.103.12	192.168.2.23
Jan 5, 2025 17:42:51.049858093 CET	10359	2323	192.168.2.23	160.22.201.149
Jan 5, 2025 17:42:51.049860001 CET	23	10359	165.150.219.55	192.168.2.23
Jan 5, 2025 17:42:51.049875021 CET	10359	23	192.168.2.23	161.229.220.168
Jan 5, 2025 17:42:51.049876928 CET	23	10359	5.64.216.149	192.168.2.23
Jan 5, 2025 17:42:51.049879074 CET	10359	23	192.168.2.23	113.114.173.149
Jan 5, 2025 17:42:51.049879074 CET	10359	23	192.168.2.23	165.150.219.55
Jan 5, 2025 17:42:51.049881935 CET	10359	23	192.168.2.23	60.48.39.67
Jan 5, 2025 17:42:51.049889088 CET	23	10359	24.109.54.109	192.168.2.23
Jan 5, 2025 17:42:51.049896955 CET	10359	23	192.168.2.23	17.119.103.12
Jan 5, 2025 17:42:51.049901009 CET	23	10359	209.91.136.168	192.168.2.23
Jan 5, 2025 17:42:51.049911976 CET	23	10359	110.210.46.30	192.168.2.23
Jan 5, 2025 17:42:51.049921989 CET	2323	10359	105.203.131.69	192.168.2.23
Jan 5, 2025 17:42:51.049931049 CET	23	10359	120.157.221.234	192.168.2.23
Jan 5, 2025 17:42:51.049935102 CET	23	10359	200.231.114.179	192.168.2.23
Jan 5, 2025 17:42:51.049935102 CET	10359	23	192.168.2.23	5.64.216.149
Jan 5, 2025 17:42:51.049935102 CET	10359	23	192.168.2.23	24.109.54.109
Jan 5, 2025 17:42:51.049938917 CET	10359	23	192.168.2.23	110.210.46.30
Jan 5, 2025 17:42:51.049938917 CET	23	10359	113.159.133.242	192.168.2.23
Jan 5, 2025 17:42:51.049941063 CET	10359	23	192.168.2.23	209.91.136.168
Jan 5, 2025 17:42:51.049942970 CET	23	10359	156.80.237.13	192.168.2.23
Jan 5, 2025 17:42:51.049953938 CET	23	10359	221.57.122.114	192.168.2.23
Jan 5, 2025 17:42:51.049957991 CET	10359	23	192.168.2.23	120.157.221.234
Jan 5, 2025 17:42:51.049962997 CET	23	10359	95.129.142.111	192.168.2.23
Jan 5, 2025 17:42:51.049963951 CET	10359	2323	192.168.2.23	105.203.131.69
Jan 5, 2025 17:42:51.049973965 CET	23	10359	156.176.154.213	192.168.2.23
Jan 5, 2025 17:42:51.049979925 CET	10359	23	192.168.2.23	200.231.114.179
Jan 5, 2025 17:42:51.049981117 CET	10359	23	192.168.2.23	113.159.133.242
Jan 5, 2025 17:42:51.049988985 CET	23	10359	81.2.166.198	192.168.2.23
Jan 5, 2025 17:42:51.049988985 CET	10359	23	192.168.2.23	156.80.237.13
Jan 5, 2025 17:42:51.049992085 CET	10359	23	192.168.2.23	221.57.122.114
Jan 5, 2025 17:42:51.049998045 CET	23	10359	188.97.111.197	192.168.2.23
Jan 5, 2025 17:42:51.050007105 CET	2323	10359	146.38.32.33	192.168.2.23
Jan 5, 2025 17:42:51.050009966 CET	10359	23	192.168.2.23	95.129.142.111
Jan 5, 2025 17:42:51.050015926 CET	23	10359	123.35.251.52	192.168.2.23
Jan 5, 2025 17:42:51.050024986 CET	23	10359	38.196.127.211	192.168.2.23
Jan 5, 2025 17:42:51.050025940 CET	10359	23	192.168.2.23	156.176.154.213
Jan 5, 2025 17:42:51.050035954 CET	23	10359	196.35.10.109	192.168.2.23
Jan 5, 2025 17:42:51.050036907 CET	10359	2323	192.168.2.23	146.38.32.33
Jan 5, 2025 17:42:51.050038099 CET	10359	23	192.168.2.23	81.2.166.198
Jan 5, 2025 17:42:51.050041914 CET	10359	23	192.168.2.23	123.35.251.52
Jan 5, 2025 17:42:51.050045013 CET	23	10359	38.87.190.232	192.168.2.23
Jan 5, 2025 17:42:51.050045967 CET	10359	23	192.168.2.23	188.97.111.197
Jan 5, 2025 17:42:51.050054073 CET	23	10359	90.5.58.221	192.168.2.23
Jan 5, 2025 17:42:51.050064087 CET	23	10359	207.194.128.93	192.168.2.23
Jan 5, 2025 17:42:51.050070047 CET	10359	23	192.168.2.23	196.35.10.109
Jan 5, 2025 17:42:51.050070047 CET	10359	23	192.168.2.23	38.87.190.232
Jan 5, 2025 17:42:51.050071955 CET	23	10359	117.80.205.90	192.168.2.23
Jan 5, 2025 17:42:51.050076962 CET	10359	23	192.168.2.23	38.196.127.211
Jan 5, 2025 17:42:51.050082922 CET	23	10359	5.1.66.185	192.168.2.23
Jan 5, 2025 17:42:51.050091982 CET	23	10359	112.63.250.209	192.168.2.23
Jan 5, 2025 17:42:51.050101995 CET	2323	10359	94.15.114.127	192.168.2.23
Jan 5, 2025 17:42:51.050107002 CET	10359	23	192.168.2.23	90.5.58.221
Jan 5, 2025 17:42:51.050112963 CET	23	10359	108.95.108.15	192.168.2.23
Jan 5, 2025 17:42:51.050117970 CET	10359	23	192.168.2.23	117.80.205.90
Jan 5, 2025 17:42:51.050120115 CET	10359	23	192.168.2.23	5.1.66.185
Jan 5, 2025 17:42:51.050121069 CET	23	10359	202.137.195.241	192.168.2.23
Jan 5, 2025 17:42:51.050129890 CET	23	10359	179.117.54.128	192.168.2.23
Jan 5, 2025 17:42:51.050137043 CET	10359	23	192.168.2.23	207.194.128.93
Jan 5, 2025 17:42:51.050137997 CET	10359	2323	192.168.2.23	94.15.114.127
Jan 5, 2025 17:42:51.050137997 CET	10359	23	192.168.2.23	108.95.108.15
Jan 5, 2025 17:42:51.050138950 CET	10359	23	192.168.2.23	112.63.250.209
Jan 5, 2025 17:42:51.050138950 CET	23	10359	210.129.108.91	192.168.2.23
Jan 5, 2025 17:42:51.050148964 CET	23	10359	43.39.137.29	192.168.2.23
Jan 5, 2025 17:42:51.050160885 CET	23	10359	72.239.139.184	192.168.2.23
Jan 5, 2025 17:42:51.050164938 CET	10359	23	192.168.2.23	202.137.195.241
Jan 5, 2025 17:42:51.050173998 CET	23	10359	102.127.104.191	192.168.2.23
Jan 5, 2025 17:42:51.050182104 CET	23	10359	59.130.140.239	192.168.2.23
Jan 5, 2025 17:42:51.050184965 CET	23	10359	91.128.36.98	192.168.2.23
Jan 5, 2025 17:42:51.050184965 CET	10359	23	192.168.2.23	179.117.54.128
Jan 5, 2025 17:42:51.050190926 CET	10359	23	192.168.2.23	43.39.137.29
Jan 5, 2025 17:42:51.050194979 CET	2323	10359	207.162.18.203	192.168.2.23
Jan 5, 2025 17:42:51.050203085 CET	10359	23	192.168.2.23	210.129.108.91
Jan 5, 2025 17:42:51.050209999 CET	10359	23	192.168.2.23	72.239.139.184
Jan 5, 2025 17:42:51.050213099 CET	23	10359	173.110.243.45	192.168.2.23
Jan 5, 2025 17:42:51.050215006 CET	10359	23	192.168.2.23	102.127.104.191
Jan 5, 2025 17:42:51.050221920 CET	23	10359	31.109.187.8	192.168.2.23
Jan 5, 2025 17:42:51.050224066 CET	10359	23	192.168.2.23	59.130.140.239
Jan 5, 2025 17:42:51.050229073 CET	10359	23	192.168.2.23	91.128.36.98
Jan 5, 2025 17:42:51.050231934 CET	23	10359	155.92.113.22	192.168.2.23
Jan 5, 2025 17:42:51.050236940 CET	10359	2323	192.168.2.23	207.162.18.203
Jan 5, 2025 17:42:51.050240993 CET	23	10359	101.43.141.247	192.168.2.23
Jan 5, 2025 17:42:51.050251007 CET	23	10359	196.126.126.38	192.168.2.23
Jan 5, 2025 17:42:51.050260067 CET	23	10359	147.78.222.166	192.168.2.23
Jan 5, 2025 17:42:51.050263882 CET	10359	23	192.168.2.23	155.92.113.22
Jan 5, 2025 17:42:51.050263882 CET	10359	23	192.168.2.23	31.109.187.8
Jan 5, 2025 17:42:51.050265074 CET	23	10359	58.245.106.225	192.168.2.23
Jan 5, 2025 17:42:51.050270081 CET	23	10359	163.77.105.57	192.168.2.23
Jan 5, 2025 17:42:51.050280094 CET	23	10359	4.210.84.218	192.168.2.23
Jan 5, 2025 17:42:51.050288916 CET	2323	10359	14.171.90.125	192.168.2.23
Jan 5, 2025 17:42:51.050293922 CET	10359	23	192.168.2.23	147.78.222.166
Jan 5, 2025 17:42:51.050297022 CET	10359	23	192.168.2.23	173.110.243.45
Jan 5, 2025 17:42:51.050297022 CET	23	10359	172.56.194.180	192.168.2.23
Jan 5, 2025 17:42:51.050297976 CET	10359	23	192.168.2.23	101.43.141.247
Jan 5, 2025 17:42:51.050297976 CET	10359	23	192.168.2.23	196.126.126.38
Jan 5, 2025 17:42:51.050308943 CET	23	10359	222.143.85.173	192.168.2.23
Jan 5, 2025 17:42:51.050309896 CET	10359	23	192.168.2.23	4.210.84.218
Jan 5, 2025 17:42:51.050312996 CET	10359	23	192.168.2.23	58.245.106.225
Jan 5, 2025 17:42:51.050312996 CET	10359	2323	192.168.2.23	14.171.90.125
Jan 5, 2025 17:42:51.050314903 CET	10359	23	192.168.2.23	163.77.105.57
Jan 5, 2025 17:42:51.050323963 CET	23	10359	219.172.47.16	192.168.2.23
Jan 5, 2025 17:42:51.050333977 CET	23	10359	206.91.176.238	192.168.2.23
Jan 5, 2025 17:42:51.050340891 CET	23	10359	165.201.239.89	192.168.2.23
Jan 5, 2025 17:42:51.050344944 CET	10359	23	192.168.2.23	172.56.194.180
Jan 5, 2025 17:42:51.050350904 CET	10359	23	192.168.2.23	222.143.85.173
Jan 5, 2025 17:42:51.050354958 CET	23	10359	19.12.109.70	192.168.2.23
Jan 5, 2025 17:42:51.050355911 CET	10359	23	192.168.2.23	219.172.47.16
Jan 5, 2025 17:42:51.050364971 CET	23	10359	200.119.220.10	192.168.2.23
Jan 5, 2025 17:42:51.050369024 CET	23	10359	99.236.88.56	192.168.2.23
Jan 5, 2025 17:42:51.050376892 CET	23	10359	103.202.41.121	192.168.2.23
Jan 5, 2025 17:42:51.050385952 CET	2323	10359	154.73.102.221	192.168.2.23
Jan 5, 2025 17:42:51.050389051 CET	10359	23	192.168.2.23	206.91.176.238
Jan 5, 2025 17:42:51.050395966 CET	23	10359	104.65.102.131	192.168.2.23
Jan 5, 2025 17:42:51.050404072 CET	23	10359	159.72.16.217	192.168.2.23
Jan 5, 2025 17:42:51.050405025 CET	10359	23	192.168.2.23	165.201.239.89
Jan 5, 2025 17:42:51.050405979 CET	10359	23	192.168.2.23	19.12.109.70
Jan 5, 2025 17:42:51.050404072 CET	10359	23	192.168.2.23	200.119.220.10
Jan 5, 2025 17:42:51.050404072 CET	10359	23	192.168.2.23	103.202.41.121
Jan 5, 2025 17:42:51.050414085 CET	23	10359	92.240.226.27	192.168.2.23
Jan 5, 2025 17:42:51.050421953 CET	10359	23	192.168.2.23	99.236.88.56
Jan 5, 2025 17:42:51.050421953 CET	10359	2323	192.168.2.23	154.73.102.221
Jan 5, 2025 17:42:51.050422907 CET	23	10359	205.194.249.216	192.168.2.23
Jan 5, 2025 17:42:51.050436974 CET	10359	23	192.168.2.23	104.65.102.131
Jan 5, 2025 17:42:51.050436974 CET	10359	23	192.168.2.23	159.72.16.217
Jan 5, 2025 17:42:51.050448895 CET	10359	23	192.168.2.23	92.240.226.27
Jan 5, 2025 17:42:51.050487041 CET	10359	23	192.168.2.23	205.194.249.216
Jan 5, 2025 17:42:51.054430008 CET	23	10359	67.6.162.135	192.168.2.23
Jan 5, 2025 17:42:51.054444075 CET	23	10359	19.174.212.159	192.168.2.23
Jan 5, 2025 17:42:51.054455996 CET	23	10359	203.253.142.147	192.168.2.23
Jan 5, 2025 17:42:51.054465055 CET	23	10359	19.161.108.127	192.168.2.23
Jan 5, 2025 17:42:51.054475069 CET	63645	49072	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:51.054483891 CET	23	10359	86.230.52.32	192.168.2.23
Jan 5, 2025 17:42:51.054493904 CET	2323	10359	86.120.131.79	192.168.2.23
Jan 5, 2025 17:42:51.054503918 CET	10359	23	192.168.2.23	203.253.142.147
Jan 5, 2025 17:42:51.054503918 CET	23	10359	32.108.110.16	192.168.2.23
Jan 5, 2025 17:42:51.054507017 CET	10359	23	192.168.2.23	19.174.212.159
Jan 5, 2025 17:42:51.054507017 CET	10359	23	192.168.2.23	19.161.108.127
Jan 5, 2025 17:42:51.054512978 CET	10359	23	192.168.2.23	86.230.52.32
Jan 5, 2025 17:42:51.054514885 CET	23	10359	222.6.51.22	192.168.2.23
Jan 5, 2025 17:42:51.054524899 CET	23	10359	66.234.50.141	192.168.2.23
Jan 5, 2025 17:42:51.054533958 CET	23	10359	40.170.82.141	192.168.2.23
Jan 5, 2025 17:42:51.054543972 CET	23	10359	219.83.157.198	192.168.2.23
Jan 5, 2025 17:42:51.054553986 CET	23	10359	8.9.144.227	192.168.2.23
Jan 5, 2025 17:42:51.054563046 CET	23	10359	159.220.253.207	192.168.2.23
Jan 5, 2025 17:42:51.054569006 CET	10359	23	192.168.2.23	40.170.82.141
Jan 5, 2025 17:42:51.054570913 CET	23	10359	217.201.149.173	192.168.2.23
Jan 5, 2025 17:42:51.054573059 CET	10359	23	192.168.2.23	66.234.50.141
Jan 5, 2025 17:42:51.054580927 CET	23	10359	115.3.166.241	192.168.2.23
Jan 5, 2025 17:42:51.054586887 CET	2323	10359	112.38.252.211	192.168.2.23
Jan 5, 2025 17:42:51.054596901 CET	10359	23	192.168.2.23	8.9.144.227
Jan 5, 2025 17:42:51.054596901 CET	23	10359	34.17.223.197	192.168.2.23
Jan 5, 2025 17:42:51.054608107 CET	23	10359	101.85.81.242	192.168.2.23
Jan 5, 2025 17:42:51.054615021 CET	10359	23	192.168.2.23	115.3.166.241
Jan 5, 2025 17:42:51.054615974 CET	10359	2323	192.168.2.23	112.38.252.211
Jan 5, 2025 17:42:51.054617882 CET	23	10359	46.234.204.43	192.168.2.23
Jan 5, 2025 17:42:51.054622889 CET	10359	23	192.168.2.23	34.17.223.197
Jan 5, 2025 17:42:51.054626942 CET	23	10359	121.137.50.87	192.168.2.23
Jan 5, 2025 17:42:51.054636002 CET	23	10359	13.165.145.48	192.168.2.23
Jan 5, 2025 17:42:51.054645061 CET	23	10359	96.208.56.37	192.168.2.23
Jan 5, 2025 17:42:51.054651976 CET	10359	23	192.168.2.23	101.85.81.242
Jan 5, 2025 17:42:51.054657936 CET	10359	23	192.168.2.23	67.6.162.135
Jan 5, 2025 17:42:51.054660082 CET	49072	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.054661989 CET	23	10359	31.164.7.144	192.168.2.23
Jan 5, 2025 17:42:51.054662943 CET	10359	2323	192.168.2.23	86.120.131.79
Jan 5, 2025 17:42:51.054666042 CET	10359	23	192.168.2.23	32.108.110.16
Jan 5, 2025 17:42:51.054666042 CET	10359	23	192.168.2.23	222.6.51.22
Jan 5, 2025 17:42:51.054672956 CET	10359	23	192.168.2.23	13.165.145.48
Jan 5, 2025 17:42:51.054672956 CET	10359	23	192.168.2.23	159.220.253.207
Jan 5, 2025 17:42:51.054675102 CET	23	10359	189.173.211.20	192.168.2.23
Jan 5, 2025 17:42:51.054676056 CET	10359	23	192.168.2.23	219.83.157.198
Jan 5, 2025 17:42:51.054683924 CET	10359	23	192.168.2.23	217.201.149.173
Jan 5, 2025 17:42:51.054683924 CET	10359	23	192.168.2.23	96.208.56.37
Jan 5, 2025 17:42:51.054685116 CET	23	10359	69.154.193.16	192.168.2.23
Jan 5, 2025 17:42:51.054696083 CET	2323	10359	108.47.59.237	192.168.2.23
Jan 5, 2025 17:42:51.054702044 CET	10359	23	192.168.2.23	46.234.204.43
Jan 5, 2025 17:42:51.054706097 CET	23	10359	59.131.124.219	192.168.2.23
Jan 5, 2025 17:42:51.054707050 CET	10359	23	192.168.2.23	121.137.50.87
Jan 5, 2025 17:42:51.054707050 CET	10359	23	192.168.2.23	31.164.7.144
Jan 5, 2025 17:42:51.054711103 CET	10359	23	192.168.2.23	69.154.193.16
Jan 5, 2025 17:42:51.054714918 CET	10359	23	192.168.2.23	189.173.211.20
Jan 5, 2025 17:42:51.054716110 CET	23	10359	84.136.241.236	192.168.2.23
Jan 5, 2025 17:42:51.054728031 CET	23	10359	138.230.197.121	192.168.2.23
Jan 5, 2025 17:42:51.054728985 CET	10359	2323	192.168.2.23	108.47.59.237
Jan 5, 2025 17:42:51.054735899 CET	23	10359	136.82.227.247	192.168.2.23
Jan 5, 2025 17:42:51.054744005 CET	10359	23	192.168.2.23	59.131.124.219
Jan 5, 2025 17:42:51.054744959 CET	23	10359	172.157.110.11	192.168.2.23
Jan 5, 2025 17:42:51.054754972 CET	23	10359	97.24.24.45	192.168.2.23
Jan 5, 2025 17:42:51.054764032 CET	23	10359	79.224.2.216	192.168.2.23
Jan 5, 2025 17:42:51.054768085 CET	10359	23	192.168.2.23	84.136.241.236
Jan 5, 2025 17:42:51.054769039 CET	23	10359	20.190.13.86	192.168.2.23
Jan 5, 2025 17:42:51.054769039 CET	10359	23	192.168.2.23	138.230.197.121
Jan 5, 2025 17:42:51.054769039 CET	10359	23	192.168.2.23	136.82.227.247
Jan 5, 2025 17:42:51.054779053 CET	10359	23	192.168.2.23	172.157.110.11
Jan 5, 2025 17:42:51.054779053 CET	2323	10359	126.174.157.91	192.168.2.23
Jan 5, 2025 17:42:51.054788113 CET	10359	23	192.168.2.23	79.224.2.216
Jan 5, 2025 17:42:51.054789066 CET	23	10359	126.220.190.232	192.168.2.23
Jan 5, 2025 17:42:51.054795027 CET	10359	23	192.168.2.23	20.190.13.86
Jan 5, 2025 17:42:51.054796934 CET	23	10359	219.5.174.0	192.168.2.23
Jan 5, 2025 17:42:51.054800034 CET	10359	23	192.168.2.23	97.24.24.45
Jan 5, 2025 17:42:51.054807901 CET	23	10359	96.75.28.12	192.168.2.23
Jan 5, 2025 17:42:51.054816008 CET	10359	2323	192.168.2.23	126.174.157.91
Jan 5, 2025 17:42:51.054817915 CET	23	10359	121.15.222.122	192.168.2.23
Jan 5, 2025 17:42:51.054820061 CET	10359	23	192.168.2.23	126.220.190.232
Jan 5, 2025 17:42:51.054827929 CET	23	10359	65.152.206.9	192.168.2.23
Jan 5, 2025 17:42:51.054837942 CET	23	10359	218.60.152.164	192.168.2.23
Jan 5, 2025 17:42:51.054838896 CET	10359	23	192.168.2.23	96.75.28.12
Jan 5, 2025 17:42:51.054841042 CET	10359	23	192.168.2.23	219.5.174.0
Jan 5, 2025 17:42:51.054847002 CET	23	10359	78.168.167.62	192.168.2.23
Jan 5, 2025 17:42:51.054856062 CET	23	10359	126.172.173.45	192.168.2.23
Jan 5, 2025 17:42:51.054857016 CET	10359	23	192.168.2.23	65.152.206.9
Jan 5, 2025 17:42:51.054857016 CET	10359	23	192.168.2.23	121.15.222.122
Jan 5, 2025 17:42:51.054861069 CET	10359	23	192.168.2.23	218.60.152.164
Jan 5, 2025 17:42:51.054864883 CET	23	10359	99.145.63.186	192.168.2.23
Jan 5, 2025 17:42:51.054874897 CET	23	10359	86.255.65.148	192.168.2.23
Jan 5, 2025 17:42:51.054883957 CET	2323	10359	154.21.87.166	192.168.2.23
Jan 5, 2025 17:42:51.054891109 CET	10359	23	192.168.2.23	78.168.167.62
Jan 5, 2025 17:42:51.054891109 CET	10359	23	192.168.2.23	99.145.63.186
Jan 5, 2025 17:42:51.054893017 CET	10359	23	192.168.2.23	126.172.173.45
Jan 5, 2025 17:42:51.054897070 CET	23	10359	102.20.79.113	192.168.2.23
Jan 5, 2025 17:42:51.054905891 CET	23	10359	156.174.130.69	192.168.2.23
Jan 5, 2025 17:42:51.054909945 CET	10359	23	192.168.2.23	86.255.65.148
Jan 5, 2025 17:42:51.054914951 CET	23	10359	65.221.169.190	192.168.2.23
Jan 5, 2025 17:42:51.054918051 CET	10359	2323	192.168.2.23	154.21.87.166
Jan 5, 2025 17:42:51.054924965 CET	23	10359	175.211.236.57	192.168.2.23
Jan 5, 2025 17:42:51.054934978 CET	10359	23	192.168.2.23	156.174.130.69
Jan 5, 2025 17:42:51.054934978 CET	10359	23	192.168.2.23	102.20.79.113
Jan 5, 2025 17:42:51.054941893 CET	23	10359	99.248.132.98	192.168.2.23
Jan 5, 2025 17:42:51.054951906 CET	23	10359	218.71.38.14	192.168.2.23
Jan 5, 2025 17:42:51.054959059 CET	23	10359	155.167.150.238	192.168.2.23
Jan 5, 2025 17:42:51.054968119 CET	23	10359	157.165.31.253	192.168.2.23
Jan 5, 2025 17:42:51.054980040 CET	23	10359	196.71.162.178	192.168.2.23
Jan 5, 2025 17:42:51.054995060 CET	23	10359	72.119.73.55	192.168.2.23
Jan 5, 2025 17:42:51.055003881 CET	2323	10359	101.235.242.12	192.168.2.23
Jan 5, 2025 17:42:51.055013895 CET	23	10359	1.155.227.112	192.168.2.23
Jan 5, 2025 17:42:51.055023909 CET	23	10359	161.71.62.70	192.168.2.23
Jan 5, 2025 17:42:51.055032015 CET	23	10359	141.97.190.94	192.168.2.23
Jan 5, 2025 17:42:51.055033922 CET	10359	2323	192.168.2.23	101.235.242.12
Jan 5, 2025 17:42:51.055037022 CET	10359	23	192.168.2.23	72.119.73.55
Jan 5, 2025 17:42:51.055042028 CET	23	10359	98.212.178.68	192.168.2.23
Jan 5, 2025 17:42:51.055051088 CET	23	10359	67.180.90.149	192.168.2.23
Jan 5, 2025 17:42:51.055058956 CET	23	10359	139.160.32.197	192.168.2.23
Jan 5, 2025 17:42:51.055061102 CET	10359	23	192.168.2.23	161.71.62.70
Jan 5, 2025 17:42:51.055068970 CET	23	10359	151.247.106.7	192.168.2.23
Jan 5, 2025 17:42:51.055078030 CET	23	10359	223.181.220.51	192.168.2.23
Jan 5, 2025 17:42:51.055099010 CET	10359	23	192.168.2.23	151.247.106.7
Jan 5, 2025 17:42:51.055238008 CET	10359	23	192.168.2.23	65.221.169.190
Jan 5, 2025 17:42:51.055244923 CET	10359	23	192.168.2.23	99.248.132.98
Jan 5, 2025 17:42:51.055247068 CET	10359	23	192.168.2.23	218.71.38.14
Jan 5, 2025 17:42:51.055248022 CET	10359	23	192.168.2.23	155.167.150.238
Jan 5, 2025 17:42:51.055247068 CET	10359	23	192.168.2.23	175.211.236.57
Jan 5, 2025 17:42:51.055252075 CET	10359	23	192.168.2.23	157.165.31.253
Jan 5, 2025 17:42:51.055255890 CET	10359	23	192.168.2.23	196.71.162.178
Jan 5, 2025 17:42:51.055270910 CET	10359	23	192.168.2.23	1.155.227.112
Jan 5, 2025 17:42:51.055270910 CET	10359	23	192.168.2.23	141.97.190.94
Jan 5, 2025 17:42:51.055274963 CET	10359	23	192.168.2.23	67.180.90.149
Jan 5, 2025 17:42:51.055277109 CET	10359	23	192.168.2.23	98.212.178.68
Jan 5, 2025 17:42:51.055278063 CET	10359	23	192.168.2.23	223.181.220.51
Jan 5, 2025 17:42:51.055280924 CET	10359	23	192.168.2.23	139.160.32.197
Jan 5, 2025 17:42:51.059937000 CET	63645	49072	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:51.747476101 CET	63645	49072	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:51.747719049 CET	49072	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.747719049 CET	49072	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.751008034 CET	49074	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.757884979 CET	63645	49074	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:51.757965088 CET	49074	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.767935991 CET	49074	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.772864103 CET	63645	49074	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:51.772902012 CET	49074	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:51.777686119 CET	63645	49074	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:52.039302111 CET	10359	23	192.168.2.23	190.80.134.167
Jan 5, 2025 17:42:52.039304972 CET	10359	2323	192.168.2.23	48.224.212.96
Jan 5, 2025 17:42:52.039330959 CET	10359	23	192.168.2.23	68.149.0.150
Jan 5, 2025 17:42:52.039334059 CET	10359	23	192.168.2.23	206.17.250.183
Jan 5, 2025 17:42:52.039335012 CET	10359	23	192.168.2.23	86.163.114.176
Jan 5, 2025 17:42:52.039350033 CET	10359	23	192.168.2.23	135.25.196.201
Jan 5, 2025 17:42:52.039413929 CET	10359	23	192.168.2.23	122.142.68.207
Jan 5, 2025 17:42:52.039414883 CET	10359	23	192.168.2.23	192.198.127.46
Jan 5, 2025 17:42:52.039417028 CET	10359	23	192.168.2.23	176.200.62.76
Jan 5, 2025 17:42:52.039423943 CET	10359	23	192.168.2.23	193.58.82.130
Jan 5, 2025 17:42:52.039460897 CET	10359	23	192.168.2.23	31.237.126.163
Jan 5, 2025 17:42:52.039462090 CET	10359	2323	192.168.2.23	61.228.7.71
Jan 5, 2025 17:42:52.039462090 CET	10359	23	192.168.2.23	41.94.79.171
Jan 5, 2025 17:42:52.039467096 CET	10359	23	192.168.2.23	88.1.113.5
Jan 5, 2025 17:42:52.039519072 CET	10359	23	192.168.2.23	164.243.202.203
Jan 5, 2025 17:42:52.039527893 CET	10359	23	192.168.2.23	20.122.32.192
Jan 5, 2025 17:42:52.039530993 CET	10359	23	192.168.2.23	164.126.36.140
Jan 5, 2025 17:42:52.039530993 CET	10359	2323	192.168.2.23	31.168.180.141
Jan 5, 2025 17:42:52.039531946 CET	10359	23	192.168.2.23	83.176.152.59
Jan 5, 2025 17:42:52.039531946 CET	10359	23	192.168.2.23	14.219.236.251
Jan 5, 2025 17:42:52.039535999 CET	10359	23	192.168.2.23	186.104.179.215
Jan 5, 2025 17:42:52.039599895 CET	10359	23	192.168.2.23	180.173.160.131
Jan 5, 2025 17:42:52.039609909 CET	10359	23	192.168.2.23	121.160.234.29
Jan 5, 2025 17:42:52.039612055 CET	10359	23	192.168.2.23	150.91.53.82
Jan 5, 2025 17:42:52.039627075 CET	10359	23	192.168.2.23	146.77.114.208
Jan 5, 2025 17:42:52.039628983 CET	10359	23	192.168.2.23	79.146.37.120
Jan 5, 2025 17:42:52.039633036 CET	10359	23	192.168.2.23	88.163.229.160
Jan 5, 2025 17:42:52.039635897 CET	10359	23	192.168.2.23	44.158.32.60
Jan 5, 2025 17:42:52.039685965 CET	10359	23	192.168.2.23	198.28.195.129
Jan 5, 2025 17:42:52.039695024 CET	10359	23	192.168.2.23	105.168.79.207
Jan 5, 2025 17:42:52.039699078 CET	10359	2323	192.168.2.23	2.27.16.190
Jan 5, 2025 17:42:52.039724112 CET	10359	23	192.168.2.23	115.192.35.232
Jan 5, 2025 17:42:52.039729118 CET	10359	23	192.168.2.23	190.21.29.13
Jan 5, 2025 17:42:52.039743900 CET	10359	23	192.168.2.23	78.48.119.212
Jan 5, 2025 17:42:52.039743900 CET	10359	23	192.168.2.23	79.25.218.173
Jan 5, 2025 17:42:52.039752007 CET	10359	23	192.168.2.23	167.70.91.4
Jan 5, 2025 17:42:52.039752007 CET	10359	23	192.168.2.23	59.133.7.27
Jan 5, 2025 17:42:52.039760113 CET	10359	23	192.168.2.23	188.130.146.26
Jan 5, 2025 17:42:52.039794922 CET	10359	23	192.168.2.23	63.177.121.133
Jan 5, 2025 17:42:52.039794922 CET	10359	2323	192.168.2.23	34.207.128.241
Jan 5, 2025 17:42:52.039794922 CET	10359	23	192.168.2.23	88.65.129.210
Jan 5, 2025 17:42:52.039803982 CET	10359	23	192.168.2.23	18.247.240.208
Jan 5, 2025 17:42:52.039803982 CET	10359	23	192.168.2.23	155.54.25.124
Jan 5, 2025 17:42:52.039829969 CET	10359	23	192.168.2.23	114.13.34.172
Jan 5, 2025 17:42:52.039830923 CET	10359	23	192.168.2.23	80.75.171.156
Jan 5, 2025 17:42:52.039834023 CET	10359	23	192.168.2.23	2.191.80.57
Jan 5, 2025 17:42:52.039834023 CET	10359	23	192.168.2.23	157.244.201.211
Jan 5, 2025 17:42:52.039839983 CET	10359	23	192.168.2.23	47.198.217.33
Jan 5, 2025 17:42:52.039844990 CET	10359	23	192.168.2.23	201.234.205.29
Jan 5, 2025 17:42:52.039844990 CET	10359	2323	192.168.2.23	156.124.8.62
Jan 5, 2025 17:42:52.039849997 CET	10359	23	192.168.2.23	194.23.184.174
Jan 5, 2025 17:42:52.039849997 CET	10359	23	192.168.2.23	109.133.42.129
Jan 5, 2025 17:42:52.039863110 CET	10359	23	192.168.2.23	68.95.158.162
Jan 5, 2025 17:42:52.039871931 CET	10359	23	192.168.2.23	221.207.38.133
Jan 5, 2025 17:42:52.039875031 CET	10359	23	192.168.2.23	213.147.108.133
Jan 5, 2025 17:42:52.039875031 CET	10359	23	192.168.2.23	91.75.127.70
Jan 5, 2025 17:42:52.039881945 CET	10359	23	192.168.2.23	83.44.31.228
Jan 5, 2025 17:42:52.039920092 CET	10359	23	192.168.2.23	154.254.73.2
Jan 5, 2025 17:42:52.039936066 CET	10359	23	192.168.2.23	54.60.167.108
Jan 5, 2025 17:42:52.039937019 CET	10359	23	192.168.2.23	179.90.118.205
Jan 5, 2025 17:42:52.039977074 CET	10359	23	192.168.2.23	38.149.112.246
Jan 5, 2025 17:42:52.039984941 CET	10359	23	192.168.2.23	80.219.52.22
Jan 5, 2025 17:42:52.039987087 CET	10359	2323	192.168.2.23	97.189.135.25
Jan 5, 2025 17:42:52.039988041 CET	10359	23	192.168.2.23	160.213.9.21
Jan 5, 2025 17:42:52.039988041 CET	10359	23	192.168.2.23	178.106.8.232
Jan 5, 2025 17:42:52.039994955 CET	10359	23	192.168.2.23	81.239.206.232
Jan 5, 2025 17:42:52.040000916 CET	10359	23	192.168.2.23	182.217.214.220
Jan 5, 2025 17:42:52.040004015 CET	10359	23	192.168.2.23	125.17.212.245
Jan 5, 2025 17:42:52.040004015 CET	10359	23	192.168.2.23	181.157.215.173
Jan 5, 2025 17:42:52.040005922 CET	10359	23	192.168.2.23	109.97.74.9
Jan 5, 2025 17:42:52.040005922 CET	10359	2323	192.168.2.23	221.64.198.4
Jan 5, 2025 17:42:52.040009022 CET	10359	23	192.168.2.23	217.241.218.182
Jan 5, 2025 17:42:52.040036917 CET	10359	23	192.168.2.23	128.28.152.126
Jan 5, 2025 17:42:52.040036917 CET	10359	23	192.168.2.23	132.251.135.169
Jan 5, 2025 17:42:52.040043116 CET	10359	23	192.168.2.23	212.151.55.251
Jan 5, 2025 17:42:52.040046930 CET	10359	23	192.168.2.23	142.26.184.49
Jan 5, 2025 17:42:52.040050030 CET	10359	23	192.168.2.23	81.34.224.203
Jan 5, 2025 17:42:52.040061951 CET	10359	23	192.168.2.23	68.137.4.102
Jan 5, 2025 17:42:52.040074110 CET	10359	23	192.168.2.23	116.38.167.77
Jan 5, 2025 17:42:52.040077925 CET	10359	23	192.168.2.23	170.188.131.84
Jan 5, 2025 17:42:52.040082932 CET	10359	23	192.168.2.23	90.116.215.96
Jan 5, 2025 17:42:52.040085077 CET	10359	2323	192.168.2.23	91.100.206.69
Jan 5, 2025 17:42:52.040105104 CET	10359	23	192.168.2.23	168.94.147.85
Jan 5, 2025 17:42:52.040108919 CET	10359	23	192.168.2.23	155.152.132.33
Jan 5, 2025 17:42:52.040148020 CET	10359	23	192.168.2.23	175.141.201.193
Jan 5, 2025 17:42:52.040155888 CET	10359	23	192.168.2.23	87.143.94.197
Jan 5, 2025 17:42:52.040158033 CET	10359	23	192.168.2.23	192.117.155.50
Jan 5, 2025 17:42:52.040158987 CET	10359	23	192.168.2.23	72.22.223.221
Jan 5, 2025 17:42:52.040158987 CET	10359	23	192.168.2.23	13.10.3.88
Jan 5, 2025 17:42:52.040174961 CET	10359	2323	192.168.2.23	67.199.218.44
Jan 5, 2025 17:42:52.040177107 CET	10359	23	192.168.2.23	175.228.233.245
Jan 5, 2025 17:42:52.040188074 CET	10359	23	192.168.2.23	1.222.217.202
Jan 5, 2025 17:42:52.040193081 CET	10359	23	192.168.2.23	41.58.93.194
Jan 5, 2025 17:42:52.040208101 CET	10359	23	192.168.2.23	167.206.24.183
Jan 5, 2025 17:42:52.040208101 CET	10359	23	192.168.2.23	23.64.64.25
Jan 5, 2025 17:42:52.040210009 CET	10359	23	192.168.2.23	197.44.206.193
Jan 5, 2025 17:42:52.040210009 CET	10359	23	192.168.2.23	78.240.160.233
Jan 5, 2025 17:42:52.040215969 CET	10359	23	192.168.2.23	159.231.33.248
Jan 5, 2025 17:42:52.040229082 CET	10359	23	192.168.2.23	90.89.151.223
Jan 5, 2025 17:42:52.040234089 CET	10359	23	192.168.2.23	84.132.46.25
Jan 5, 2025 17:42:52.040234089 CET	10359	2323	192.168.2.23	40.198.172.74
Jan 5, 2025 17:42:52.040246964 CET	10359	23	192.168.2.23	174.160.9.42
Jan 5, 2025 17:42:52.040249109 CET	10359	23	192.168.2.23	145.119.221.237
Jan 5, 2025 17:42:52.040257931 CET	10359	23	192.168.2.23	102.31.188.137
Jan 5, 2025 17:42:52.040258884 CET	10359	23	192.168.2.23	59.109.19.164
Jan 5, 2025 17:42:52.040258884 CET	10359	23	192.168.2.23	8.90.203.18
Jan 5, 2025 17:42:52.040261030 CET	10359	23	192.168.2.23	163.55.230.180
Jan 5, 2025 17:42:52.040266991 CET	10359	23	192.168.2.23	198.232.208.252
Jan 5, 2025 17:42:52.040267944 CET	10359	23	192.168.2.23	126.7.100.142
Jan 5, 2025 17:42:52.040297985 CET	10359	23	192.168.2.23	184.46.10.86
Jan 5, 2025 17:42:52.040323973 CET	10359	2323	192.168.2.23	147.171.13.60
Jan 5, 2025 17:42:52.040338039 CET	10359	23	192.168.2.23	31.220.215.45
Jan 5, 2025 17:42:52.040348053 CET	10359	23	192.168.2.23	67.17.193.253
Jan 5, 2025 17:42:52.040358067 CET	10359	23	192.168.2.23	5.136.131.174
Jan 5, 2025 17:42:52.040360928 CET	10359	23	192.168.2.23	96.146.104.252
Jan 5, 2025 17:42:52.040378094 CET	10359	23	192.168.2.23	189.213.98.29
Jan 5, 2025 17:42:52.040381908 CET	10359	23	192.168.2.23	171.46.213.10
Jan 5, 2025 17:42:52.040381908 CET	10359	23	192.168.2.23	1.21.146.26
Jan 5, 2025 17:42:52.040381908 CET	10359	23	192.168.2.23	105.134.109.214
Jan 5, 2025 17:42:52.040385962 CET	10359	2323	192.168.2.23	40.88.198.29
Jan 5, 2025 17:42:52.040385962 CET	10359	23	192.168.2.23	197.144.58.62
Jan 5, 2025 17:42:52.040393114 CET	10359	23	192.168.2.23	19.159.168.15
Jan 5, 2025 17:42:52.040400028 CET	10359	23	192.168.2.23	114.188.131.217
Jan 5, 2025 17:42:52.040400028 CET	10359	23	192.168.2.23	209.78.227.175
Jan 5, 2025 17:42:52.040415049 CET	10359	23	192.168.2.23	76.20.150.189
Jan 5, 2025 17:42:52.040416956 CET	10359	23	192.168.2.23	24.195.65.240
Jan 5, 2025 17:42:52.040422916 CET	10359	23	192.168.2.23	94.29.46.44
Jan 5, 2025 17:42:52.040425062 CET	10359	23	192.168.2.23	90.36.107.240
Jan 5, 2025 17:42:52.040425062 CET	10359	23	192.168.2.23	195.233.37.229
Jan 5, 2025 17:42:52.040433884 CET	10359	23	192.168.2.23	72.139.253.83
Jan 5, 2025 17:42:52.040440083 CET	10359	23	192.168.2.23	2.78.110.173
Jan 5, 2025 17:42:52.040442944 CET	10359	2323	192.168.2.23	119.138.62.22
Jan 5, 2025 17:42:52.040452957 CET	10359	23	192.168.2.23	70.3.255.206
Jan 5, 2025 17:42:52.040468931 CET	10359	23	192.168.2.23	79.134.164.131
Jan 5, 2025 17:42:52.040477991 CET	10359	23	192.168.2.23	68.200.101.27
Jan 5, 2025 17:42:52.040481091 CET	10359	23	192.168.2.23	71.131.125.87
Jan 5, 2025 17:42:52.040482044 CET	10359	23	192.168.2.23	109.79.0.255
Jan 5, 2025 17:42:52.040486097 CET	10359	23	192.168.2.23	223.139.123.244
Jan 5, 2025 17:42:52.040486097 CET	10359	23	192.168.2.23	63.171.211.216
Jan 5, 2025 17:42:52.040502071 CET	10359	2323	192.168.2.23	135.255.36.150
Jan 5, 2025 17:42:52.040509939 CET	10359	23	192.168.2.23	74.47.113.23
Jan 5, 2025 17:42:52.040549040 CET	10359	23	192.168.2.23	13.87.121.49
Jan 5, 2025 17:42:52.040553093 CET	10359	23	192.168.2.23	148.136.129.51
Jan 5, 2025 17:42:52.040565968 CET	10359	23	192.168.2.23	166.210.22.6
Jan 5, 2025 17:42:52.040575027 CET	10359	23	192.168.2.23	136.250.233.71
Jan 5, 2025 17:42:52.040575027 CET	10359	23	192.168.2.23	1.237.152.175
Jan 5, 2025 17:42:52.040575027 CET	10359	23	192.168.2.23	67.160.125.132
Jan 5, 2025 17:42:52.040587902 CET	10359	23	192.168.2.23	164.243.206.168
Jan 5, 2025 17:42:52.040617943 CET	10359	2323	192.168.2.23	196.2.209.201
Jan 5, 2025 17:42:52.040620089 CET	10359	23	192.168.2.23	142.47.57.123
Jan 5, 2025 17:42:52.040620089 CET	10359	23	192.168.2.23	204.66.182.38
Jan 5, 2025 17:42:52.040621996 CET	10359	23	192.168.2.23	211.96.93.84
Jan 5, 2025 17:42:52.040626049 CET	10359	23	192.168.2.23	161.142.13.94
Jan 5, 2025 17:42:52.040644884 CET	10359	23	192.168.2.23	38.254.222.110
Jan 5, 2025 17:42:52.040646076 CET	10359	23	192.168.2.23	41.189.231.12
Jan 5, 2025 17:42:52.040648937 CET	10359	23	192.168.2.23	192.9.30.27
Jan 5, 2025 17:42:52.040652037 CET	10359	23	192.168.2.23	97.9.6.41
Jan 5, 2025 17:42:52.040652990 CET	10359	23	192.168.2.23	63.237.252.183
Jan 5, 2025 17:42:52.040653944 CET	10359	23	192.168.2.23	66.91.77.86
Jan 5, 2025 17:42:52.040653944 CET	10359	23	192.168.2.23	94.177.5.92
Jan 5, 2025 17:42:52.044132948 CET	40380	2323	192.168.2.23	119.238.14.180
Jan 5, 2025 17:42:52.044413090 CET	23	10359	190.80.134.167	192.168.2.23
Jan 5, 2025 17:42:52.044425011 CET	2323	10359	48.224.212.96	192.168.2.23
Jan 5, 2025 17:42:52.044434071 CET	23	10359	206.17.250.183	192.168.2.23
Jan 5, 2025 17:42:52.044442892 CET	23	10359	68.149.0.150	192.168.2.23
Jan 5, 2025 17:42:52.044461012 CET	23	10359	86.163.114.176	192.168.2.23
Jan 5, 2025 17:42:52.044462919 CET	10359	23	192.168.2.23	190.80.134.167
Jan 5, 2025 17:42:52.044472933 CET	23	10359	135.25.196.201	192.168.2.23
Jan 5, 2025 17:42:52.044478893 CET	10359	2323	192.168.2.23	48.224.212.96
Jan 5, 2025 17:42:52.044481039 CET	10359	23	192.168.2.23	206.17.250.183
Jan 5, 2025 17:42:52.044485092 CET	23	10359	122.142.68.207	192.168.2.23
Jan 5, 2025 17:42:52.044490099 CET	10359	23	192.168.2.23	68.149.0.150
Jan 5, 2025 17:42:52.044503927 CET	10359	23	192.168.2.23	86.163.114.176
Jan 5, 2025 17:42:52.044512987 CET	10359	23	192.168.2.23	135.25.196.201
Jan 5, 2025 17:42:52.044526100 CET	10359	23	192.168.2.23	122.142.68.207
Jan 5, 2025 17:42:52.044928074 CET	23	10359	176.200.62.76	192.168.2.23
Jan 5, 2025 17:42:52.044938087 CET	23	10359	193.58.82.130	192.168.2.23
Jan 5, 2025 17:42:52.044953108 CET	23	10359	192.198.127.46	192.168.2.23
Jan 5, 2025 17:42:52.044965029 CET	23	10359	31.237.126.163	192.168.2.23
Jan 5, 2025 17:42:52.044965982 CET	10359	23	192.168.2.23	193.58.82.130
Jan 5, 2025 17:42:52.044975996 CET	2323	10359	61.228.7.71	192.168.2.23
Jan 5, 2025 17:42:52.044991970 CET	10359	23	192.168.2.23	192.198.127.46
Jan 5, 2025 17:42:52.044992924 CET	10359	23	192.168.2.23	176.200.62.76
Jan 5, 2025 17:42:52.044992924 CET	10359	23	192.168.2.23	31.237.126.163
Jan 5, 2025 17:42:52.045018911 CET	10359	2323	192.168.2.23	61.228.7.71
Jan 5, 2025 17:42:52.045057058 CET	23	10359	41.94.79.171	192.168.2.23
Jan 5, 2025 17:42:52.045067072 CET	23	10359	88.1.113.5	192.168.2.23
Jan 5, 2025 17:42:52.045074940 CET	23	10359	20.122.32.192	192.168.2.23
Jan 5, 2025 17:42:52.045084953 CET	23	10359	164.126.36.140	192.168.2.23
Jan 5, 2025 17:42:52.045094967 CET	10359	23	192.168.2.23	88.1.113.5
Jan 5, 2025 17:42:52.045095921 CET	23	10359	164.243.202.203	192.168.2.23
Jan 5, 2025 17:42:52.045106888 CET	2323	10359	31.168.180.141	192.168.2.23
Jan 5, 2025 17:42:52.045109987 CET	10359	23	192.168.2.23	41.94.79.171
Jan 5, 2025 17:42:52.045109987 CET	10359	23	192.168.2.23	20.122.32.192
Jan 5, 2025 17:42:52.045118093 CET	23	10359	186.104.179.215	192.168.2.23
Jan 5, 2025 17:42:52.045128107 CET	10359	23	192.168.2.23	164.243.202.203
Jan 5, 2025 17:42:52.045130968 CET	23	10359	83.176.152.59	192.168.2.23
Jan 5, 2025 17:42:52.045131922 CET	10359	23	192.168.2.23	164.126.36.140
Jan 5, 2025 17:42:52.045157909 CET	23	10359	14.219.236.251	192.168.2.23
Jan 5, 2025 17:42:52.045161009 CET	10359	2323	192.168.2.23	31.168.180.141
Jan 5, 2025 17:42:52.045161009 CET	10359	23	192.168.2.23	186.104.179.215
Jan 5, 2025 17:42:52.045166016 CET	10359	23	192.168.2.23	83.176.152.59
Jan 5, 2025 17:42:52.045170069 CET	23	10359	180.173.160.131	192.168.2.23
Jan 5, 2025 17:42:52.045180082 CET	23	10359	121.160.234.29	192.168.2.23
Jan 5, 2025 17:42:52.045192003 CET	23	10359	150.91.53.82	192.168.2.23
Jan 5, 2025 17:42:52.045195103 CET	10359	23	192.168.2.23	14.219.236.251
Jan 5, 2025 17:42:52.045201063 CET	10359	23	192.168.2.23	180.173.160.131
Jan 5, 2025 17:42:52.045202017 CET	23	10359	79.146.37.120	192.168.2.23
Jan 5, 2025 17:42:52.045218945 CET	23	10359	146.77.114.208	192.168.2.23
Jan 5, 2025 17:42:52.045224905 CET	10359	23	192.168.2.23	121.160.234.29
Jan 5, 2025 17:42:52.045229912 CET	23	10359	44.158.32.60	192.168.2.23
Jan 5, 2025 17:42:52.045241117 CET	10359	23	192.168.2.23	79.146.37.120
Jan 5, 2025 17:42:52.045242071 CET	23	10359	88.163.229.160	192.168.2.23
Jan 5, 2025 17:42:52.045243979 CET	10359	23	192.168.2.23	150.91.53.82
Jan 5, 2025 17:42:52.045254946 CET	10359	23	192.168.2.23	146.77.114.208
Jan 5, 2025 17:42:52.045254946 CET	23	10359	198.28.195.129	192.168.2.23
Jan 5, 2025 17:42:52.045267105 CET	23	10359	105.168.79.207	192.168.2.23
Jan 5, 2025 17:42:52.045269966 CET	10359	23	192.168.2.23	44.158.32.60
Jan 5, 2025 17:42:52.045278072 CET	2323	10359	2.27.16.190	192.168.2.23
Jan 5, 2025 17:42:52.045288086 CET	10359	23	192.168.2.23	198.28.195.129
Jan 5, 2025 17:42:52.045290947 CET	23	10359	115.192.35.232	192.168.2.23
Jan 5, 2025 17:42:52.045295954 CET	10359	23	192.168.2.23	88.163.229.160
Jan 5, 2025 17:42:52.045300961 CET	23	10359	190.21.29.13	192.168.2.23
Jan 5, 2025 17:42:52.045312881 CET	10359	2323	192.168.2.23	2.27.16.190
Jan 5, 2025 17:42:52.045315027 CET	23	10359	78.48.119.212	192.168.2.23
Jan 5, 2025 17:42:52.045320988 CET	10359	23	192.168.2.23	115.192.35.232
Jan 5, 2025 17:42:52.045325994 CET	23	10359	79.25.218.173	192.168.2.23
Jan 5, 2025 17:42:52.045329094 CET	10359	23	192.168.2.23	105.168.79.207
Jan 5, 2025 17:42:52.045337915 CET	23	10359	167.70.91.4	192.168.2.23
Jan 5, 2025 17:42:52.045339108 CET	10359	23	192.168.2.23	190.21.29.13
Jan 5, 2025 17:42:52.045347929 CET	23	10359	59.133.7.27	192.168.2.23
Jan 5, 2025 17:42:52.045351028 CET	10359	23	192.168.2.23	78.48.119.212
Jan 5, 2025 17:42:52.045360088 CET	23	10359	188.130.146.26	192.168.2.23
Jan 5, 2025 17:42:52.045371056 CET	23	10359	63.177.121.133	192.168.2.23
Jan 5, 2025 17:42:52.045378923 CET	2323	10359	34.207.128.241	192.168.2.23
Jan 5, 2025 17:42:52.045389891 CET	23	10359	18.247.240.208	192.168.2.23
Jan 5, 2025 17:42:52.045401096 CET	23	10359	88.65.129.210	192.168.2.23
Jan 5, 2025 17:42:52.045406103 CET	10359	23	192.168.2.23	167.70.91.4
Jan 5, 2025 17:42:52.045406103 CET	10359	23	192.168.2.23	59.133.7.27
Jan 5, 2025 17:42:52.045414925 CET	10359	23	192.168.2.23	79.25.218.173
Jan 5, 2025 17:42:52.045416117 CET	23	10359	155.54.25.124	192.168.2.23
Jan 5, 2025 17:42:52.045417070 CET	10359	23	192.168.2.23	188.130.146.26
Jan 5, 2025 17:42:52.045424938 CET	10359	23	192.168.2.23	63.177.121.133
Jan 5, 2025 17:42:52.045424938 CET	10359	2323	192.168.2.23	34.207.128.241
Jan 5, 2025 17:42:52.045433044 CET	10359	23	192.168.2.23	88.65.129.210
Jan 5, 2025 17:42:52.045439005 CET	23	10359	114.13.34.172	192.168.2.23
Jan 5, 2025 17:42:52.045440912 CET	10359	23	192.168.2.23	18.247.240.208
Jan 5, 2025 17:42:52.045449972 CET	23	10359	80.75.171.156	192.168.2.23
Jan 5, 2025 17:42:52.045449972 CET	10359	23	192.168.2.23	155.54.25.124
Jan 5, 2025 17:42:52.045459986 CET	23	10359	2.191.80.57	192.168.2.23
Jan 5, 2025 17:42:52.045473099 CET	23	10359	157.244.201.211	192.168.2.23
Jan 5, 2025 17:42:52.045479059 CET	10359	23	192.168.2.23	114.13.34.172
Jan 5, 2025 17:42:52.045480013 CET	10359	23	192.168.2.23	80.75.171.156
Jan 5, 2025 17:42:52.045485020 CET	23	10359	47.198.217.33	192.168.2.23
Jan 5, 2025 17:42:52.045496941 CET	23	10359	201.234.205.29	192.168.2.23
Jan 5, 2025 17:42:52.045497894 CET	10359	23	192.168.2.23	2.191.80.57
Jan 5, 2025 17:42:52.045516014 CET	10359	23	192.168.2.23	157.244.201.211
Jan 5, 2025 17:42:52.045648098 CET	23	10359	194.23.184.174	192.168.2.23
Jan 5, 2025 17:42:52.045658112 CET	23	10359	109.133.42.129	192.168.2.23
Jan 5, 2025 17:42:52.045661926 CET	2323	10359	156.124.8.62	192.168.2.23
Jan 5, 2025 17:42:52.045665026 CET	23	10359	68.95.158.162	192.168.2.23
Jan 5, 2025 17:42:52.045670033 CET	23	10359	221.207.38.133	192.168.2.23
Jan 5, 2025 17:42:52.045674086 CET	23	10359	213.147.108.133	192.168.2.23
Jan 5, 2025 17:42:52.045677900 CET	23	10359	91.75.127.70	192.168.2.23
Jan 5, 2025 17:42:52.045681953 CET	23	10359	83.44.31.228	192.168.2.23
Jan 5, 2025 17:42:52.045686007 CET	23	10359	154.254.73.2	192.168.2.23
Jan 5, 2025 17:42:52.045690060 CET	23	10359	54.60.167.108	192.168.2.23
Jan 5, 2025 17:42:52.045692921 CET	23	10359	179.90.118.205	192.168.2.23
Jan 5, 2025 17:42:52.045696974 CET	23	10359	38.149.112.246	192.168.2.23
Jan 5, 2025 17:42:52.045701027 CET	23	10359	80.219.52.22	192.168.2.23
Jan 5, 2025 17:42:52.045705080 CET	2323	10359	97.189.135.25	192.168.2.23
Jan 5, 2025 17:42:52.045711994 CET	23	10359	160.213.9.21	192.168.2.23
Jan 5, 2025 17:42:52.045715094 CET	23	10359	178.106.8.232	192.168.2.23
Jan 5, 2025 17:42:52.045720100 CET	23	10359	81.239.206.232	192.168.2.23
Jan 5, 2025 17:42:52.045723915 CET	23	10359	182.217.214.220	192.168.2.23
Jan 5, 2025 17:42:52.045753002 CET	10359	23	192.168.2.23	47.198.217.33
Jan 5, 2025 17:42:52.045764923 CET	10359	23	192.168.2.23	201.234.205.29
Jan 5, 2025 17:42:52.045784950 CET	10359	23	192.168.2.23	68.95.158.162
Jan 5, 2025 17:42:52.045787096 CET	23	10359	109.97.74.9	192.168.2.23
Jan 5, 2025 17:42:52.045789003 CET	10359	23	192.168.2.23	221.207.38.133
Jan 5, 2025 17:42:52.045789003 CET	10359	2323	192.168.2.23	156.124.8.62
Jan 5, 2025 17:42:52.045790911 CET	10359	23	192.168.2.23	109.133.42.129
Jan 5, 2025 17:42:52.045790911 CET	10359	23	192.168.2.23	194.23.184.174
Jan 5, 2025 17:42:52.045794010 CET	10359	23	192.168.2.23	213.147.108.133
Jan 5, 2025 17:42:52.045794010 CET	10359	23	192.168.2.23	91.75.127.70
Jan 5, 2025 17:42:52.045797110 CET	23	10359	125.17.212.245	192.168.2.23
Jan 5, 2025 17:42:52.045805931 CET	10359	23	192.168.2.23	179.90.118.205
Jan 5, 2025 17:42:52.045805931 CET	10359	23	192.168.2.23	178.106.8.232
Jan 5, 2025 17:42:52.045808077 CET	10359	23	192.168.2.23	83.44.31.228
Jan 5, 2025 17:42:52.045808077 CET	10359	23	192.168.2.23	154.254.73.2
Jan 5, 2025 17:42:52.045809984 CET	23	10359	217.241.218.182	192.168.2.23
Jan 5, 2025 17:42:52.045815945 CET	10359	23	192.168.2.23	54.60.167.108
Jan 5, 2025 17:42:52.045816898 CET	10359	23	192.168.2.23	38.149.112.246
Jan 5, 2025 17:42:52.045816898 CET	10359	23	192.168.2.23	182.217.214.220
Jan 5, 2025 17:42:52.045818090 CET	10359	23	192.168.2.23	80.219.52.22
Jan 5, 2025 17:42:52.045818090 CET	10359	23	192.168.2.23	81.239.206.232
Jan 5, 2025 17:42:52.045820951 CET	10359	23	192.168.2.23	160.213.9.21
Jan 5, 2025 17:42:52.045821905 CET	2323	10359	221.64.198.4	192.168.2.23
Jan 5, 2025 17:42:52.045833111 CET	10359	2323	192.168.2.23	97.189.135.25
Jan 5, 2025 17:42:52.045834064 CET	23	10359	181.157.215.173	192.168.2.23
Jan 5, 2025 17:42:52.045838118 CET	10359	23	192.168.2.23	125.17.212.245
Jan 5, 2025 17:42:52.045842886 CET	10359	23	192.168.2.23	217.241.218.182
Jan 5, 2025 17:42:52.045849085 CET	23	10359	128.28.152.126	192.168.2.23
Jan 5, 2025 17:42:52.045850039 CET	10359	23	192.168.2.23	109.97.74.9
Jan 5, 2025 17:42:52.045856953 CET	10359	2323	192.168.2.23	221.64.198.4
Jan 5, 2025 17:42:52.045861959 CET	23	10359	212.151.55.251	192.168.2.23
Jan 5, 2025 17:42:52.045874119 CET	23	10359	132.251.135.169	192.168.2.23
Jan 5, 2025 17:42:52.045892000 CET	23	10359	142.26.184.49	192.168.2.23
Jan 5, 2025 17:42:52.045897007 CET	10359	23	192.168.2.23	128.28.152.126
Jan 5, 2025 17:42:52.045905113 CET	10359	23	192.168.2.23	181.157.215.173
Jan 5, 2025 17:42:52.045907974 CET	10359	23	192.168.2.23	212.151.55.251
Jan 5, 2025 17:42:52.045909882 CET	10359	23	192.168.2.23	132.251.135.169
Jan 5, 2025 17:42:52.045936108 CET	10359	23	192.168.2.23	142.26.184.49
Jan 5, 2025 17:42:52.045938969 CET	23	10359	81.34.224.203	192.168.2.23
Jan 5, 2025 17:42:52.045948029 CET	23	10359	68.137.4.102	192.168.2.23
Jan 5, 2025 17:42:52.045959949 CET	23	10359	116.38.167.77	192.168.2.23
Jan 5, 2025 17:42:52.045969963 CET	23	10359	170.188.131.84	192.168.2.23
Jan 5, 2025 17:42:52.045973063 CET	10359	23	192.168.2.23	81.34.224.203
Jan 5, 2025 17:42:52.045981884 CET	23	10359	90.116.215.96	192.168.2.23
Jan 5, 2025 17:42:52.045994043 CET	2323	10359	91.100.206.69	192.168.2.23
Jan 5, 2025 17:42:52.045996904 CET	10359	23	192.168.2.23	68.137.4.102
Jan 5, 2025 17:42:52.046004057 CET	10359	23	192.168.2.23	116.38.167.77
Jan 5, 2025 17:42:52.046005964 CET	23	10359	168.94.147.85	192.168.2.23
Jan 5, 2025 17:42:52.046015978 CET	10359	23	192.168.2.23	170.188.131.84
Jan 5, 2025 17:42:52.046017885 CET	23	10359	155.152.132.33	192.168.2.23
Jan 5, 2025 17:42:52.046032906 CET	10359	23	192.168.2.23	90.116.215.96
Jan 5, 2025 17:42:52.046039104 CET	10359	23	192.168.2.23	168.94.147.85
Jan 5, 2025 17:42:52.046046972 CET	10359	2323	192.168.2.23	91.100.206.69
Jan 5, 2025 17:42:52.046051025 CET	10359	23	192.168.2.23	155.152.132.33
Jan 5, 2025 17:42:52.049401045 CET	23	10359	175.141.201.193	192.168.2.23
Jan 5, 2025 17:42:52.049411058 CET	23	10359	87.143.94.197	192.168.2.23
Jan 5, 2025 17:42:52.049422026 CET	23	10359	192.117.155.50	192.168.2.23
Jan 5, 2025 17:42:52.049432993 CET	23	10359	72.22.223.221	192.168.2.23
Jan 5, 2025 17:42:52.049441099 CET	10359	23	192.168.2.23	175.141.201.193
Jan 5, 2025 17:42:52.049443960 CET	23	10359	13.10.3.88	192.168.2.23
Jan 5, 2025 17:42:52.049444914 CET	10359	23	192.168.2.23	87.143.94.197
Jan 5, 2025 17:42:52.049454927 CET	2323	10359	67.199.218.44	192.168.2.23
Jan 5, 2025 17:42:52.049464941 CET	10359	23	192.168.2.23	192.117.155.50
Jan 5, 2025 17:42:52.049465895 CET	23	10359	175.228.233.245	192.168.2.23
Jan 5, 2025 17:42:52.049468994 CET	10359	23	192.168.2.23	72.22.223.221
Jan 5, 2025 17:42:52.049480915 CET	10359	23	192.168.2.23	13.10.3.88
Jan 5, 2025 17:42:52.049480915 CET	23	10359	1.222.217.202	192.168.2.23
Jan 5, 2025 17:42:52.049491882 CET	23	10359	41.58.93.194	192.168.2.23
Jan 5, 2025 17:42:52.049493074 CET	10359	2323	192.168.2.23	67.199.218.44
Jan 5, 2025 17:42:52.049501896 CET	23	10359	167.206.24.183	192.168.2.23
Jan 5, 2025 17:42:52.049508095 CET	10359	23	192.168.2.23	175.228.233.245
Jan 5, 2025 17:42:52.049513102 CET	10359	23	192.168.2.23	1.222.217.202
Jan 5, 2025 17:42:52.049518108 CET	23	10359	23.64.64.25	192.168.2.23
Jan 5, 2025 17:42:52.049540043 CET	23	10359	159.231.33.248	192.168.2.23
Jan 5, 2025 17:42:52.049542904 CET	10359	23	192.168.2.23	167.206.24.183
Jan 5, 2025 17:42:52.049542904 CET	10359	23	192.168.2.23	23.64.64.25
Jan 5, 2025 17:42:52.049547911 CET	10359	23	192.168.2.23	41.58.93.194
Jan 5, 2025 17:42:52.049550056 CET	23	10359	197.44.206.193	192.168.2.23
Jan 5, 2025 17:42:52.049559116 CET	23	10359	78.240.160.233	192.168.2.23
Jan 5, 2025 17:42:52.049575090 CET	10359	23	192.168.2.23	159.231.33.248
Jan 5, 2025 17:42:52.049614906 CET	10359	23	192.168.2.23	78.240.160.233
Jan 5, 2025 17:42:52.049614906 CET	10359	23	192.168.2.23	197.44.206.193
Jan 5, 2025 17:42:52.049710989 CET	23	10359	90.89.151.223	192.168.2.23
Jan 5, 2025 17:42:52.049719095 CET	23	10359	84.132.46.25	192.168.2.23
Jan 5, 2025 17:42:52.049724102 CET	2323	10359	40.198.172.74	192.168.2.23
Jan 5, 2025 17:42:52.049726963 CET	23	10359	145.119.221.237	192.168.2.23
Jan 5, 2025 17:42:52.049736023 CET	23	10359	174.160.9.42	192.168.2.23
Jan 5, 2025 17:42:52.049746037 CET	23	10359	59.109.19.164	192.168.2.23
Jan 5, 2025 17:42:52.049757004 CET	23	10359	163.55.230.180	192.168.2.23
Jan 5, 2025 17:42:52.049758911 CET	10359	23	192.168.2.23	174.160.9.42
Jan 5, 2025 17:42:52.049761057 CET	10359	23	192.168.2.23	90.89.151.223
Jan 5, 2025 17:42:52.049767971 CET	23	10359	102.31.188.137	192.168.2.23
Jan 5, 2025 17:42:52.049768925 CET	10359	23	192.168.2.23	145.119.221.237
Jan 5, 2025 17:42:52.049770117 CET	10359	23	192.168.2.23	84.132.46.25
Jan 5, 2025 17:42:52.049770117 CET	10359	2323	192.168.2.23	40.198.172.74
Jan 5, 2025 17:42:52.049779892 CET	23	10359	198.232.208.252	192.168.2.23
Jan 5, 2025 17:42:52.049783945 CET	10359	23	192.168.2.23	163.55.230.180
Jan 5, 2025 17:42:52.049796104 CET	10359	23	192.168.2.23	59.109.19.164
Jan 5, 2025 17:42:52.049817085 CET	10359	23	192.168.2.23	198.232.208.252
Jan 5, 2025 17:42:52.049827099 CET	10359	23	192.168.2.23	102.31.188.137
Jan 5, 2025 17:42:52.049875021 CET	23	10359	126.7.100.142	192.168.2.23
Jan 5, 2025 17:42:52.049885035 CET	23	10359	8.90.203.18	192.168.2.23
Jan 5, 2025 17:42:52.049922943 CET	10359	23	192.168.2.23	8.90.203.18
Jan 5, 2025 17:42:52.049926043 CET	10359	23	192.168.2.23	126.7.100.142
Jan 5, 2025 17:42:52.050020933 CET	23	10359	184.46.10.86	192.168.2.23
Jan 5, 2025 17:42:52.050030947 CET	2323	10359	147.171.13.60	192.168.2.23
Jan 5, 2025 17:42:52.050043106 CET	23	10359	31.220.215.45	192.168.2.23
Jan 5, 2025 17:42:52.050054073 CET	23	10359	67.17.193.253	192.168.2.23
Jan 5, 2025 17:42:52.050069094 CET	10359	2323	192.168.2.23	147.171.13.60
Jan 5, 2025 17:42:52.050071955 CET	10359	23	192.168.2.23	184.46.10.86
Jan 5, 2025 17:42:52.050084114 CET	10359	23	192.168.2.23	31.220.215.45
Jan 5, 2025 17:42:52.050096989 CET	10359	23	192.168.2.23	67.17.193.253
Jan 5, 2025 17:42:52.050106049 CET	23	10359	5.136.131.174	192.168.2.23
Jan 5, 2025 17:42:52.050116062 CET	23	10359	96.146.104.252	192.168.2.23
Jan 5, 2025 17:42:52.050127029 CET	23	10359	189.213.98.29	192.168.2.23
Jan 5, 2025 17:42:52.050137043 CET	23	10359	171.46.213.10	192.168.2.23
Jan 5, 2025 17:42:52.050144911 CET	10359	23	192.168.2.23	96.146.104.252
Jan 5, 2025 17:42:52.050146103 CET	10359	23	192.168.2.23	5.136.131.174
Jan 5, 2025 17:42:52.050148010 CET	23	10359	1.21.146.26	192.168.2.23
Jan 5, 2025 17:42:52.050158024 CET	2323	10359	40.88.198.29	192.168.2.23
Jan 5, 2025 17:42:52.050168991 CET	23	10359	105.134.109.214	192.168.2.23
Jan 5, 2025 17:42:52.050175905 CET	10359	23	192.168.2.23	189.213.98.29
Jan 5, 2025 17:42:52.050179958 CET	23	10359	197.144.58.62	192.168.2.23
Jan 5, 2025 17:42:52.050182104 CET	10359	23	192.168.2.23	1.21.146.26
Jan 5, 2025 17:42:52.050184011 CET	10359	23	192.168.2.23	171.46.213.10
Jan 5, 2025 17:42:52.050190926 CET	23	10359	19.159.168.15	192.168.2.23
Jan 5, 2025 17:42:52.050200939 CET	10359	2323	192.168.2.23	40.88.198.29
Jan 5, 2025 17:42:52.050208092 CET	10359	23	192.168.2.23	105.134.109.214
Jan 5, 2025 17:42:52.050220013 CET	23	10359	114.188.131.217	192.168.2.23
Jan 5, 2025 17:42:52.050220013 CET	10359	23	192.168.2.23	197.144.58.62
Jan 5, 2025 17:42:52.050230980 CET	23	10359	209.78.227.175	192.168.2.23
Jan 5, 2025 17:42:52.050242901 CET	23	10359	24.195.65.240	192.168.2.23
Jan 5, 2025 17:42:52.050254107 CET	23	10359	76.20.150.189	192.168.2.23
Jan 5, 2025 17:42:52.050255060 CET	10359	23	192.168.2.23	114.188.131.217
Jan 5, 2025 17:42:52.050260067 CET	10359	23	192.168.2.23	19.159.168.15
Jan 5, 2025 17:42:52.050263882 CET	10359	23	192.168.2.23	209.78.227.175
Jan 5, 2025 17:42:52.050265074 CET	23	10359	94.29.46.44	192.168.2.23
Jan 5, 2025 17:42:52.050276041 CET	23	10359	90.36.107.240	192.168.2.23
Jan 5, 2025 17:42:52.050287008 CET	23	10359	195.233.37.229	192.168.2.23
Jan 5, 2025 17:42:52.050291061 CET	10359	23	192.168.2.23	76.20.150.189
Jan 5, 2025 17:42:52.050292969 CET	10359	23	192.168.2.23	24.195.65.240
Jan 5, 2025 17:42:52.050296068 CET	10359	23	192.168.2.23	94.29.46.44
Jan 5, 2025 17:42:52.050308943 CET	23	10359	72.139.253.83	192.168.2.23
Jan 5, 2025 17:42:52.050311089 CET	10359	23	192.168.2.23	90.36.107.240
Jan 5, 2025 17:42:52.050323009 CET	23	10359	2.78.110.173	192.168.2.23
Jan 5, 2025 17:42:52.050331116 CET	10359	23	192.168.2.23	195.233.37.229
Jan 5, 2025 17:42:52.050333977 CET	2323	10359	119.138.62.22	192.168.2.23
Jan 5, 2025 17:42:52.050340891 CET	10359	23	192.168.2.23	72.139.253.83
Jan 5, 2025 17:42:52.050343990 CET	23	10359	70.3.255.206	192.168.2.23
Jan 5, 2025 17:42:52.050353050 CET	23	10359	79.134.164.131	192.168.2.23
Jan 5, 2025 17:42:52.050364017 CET	23	10359	68.200.101.27	192.168.2.23
Jan 5, 2025 17:42:52.050370932 CET	10359	23	192.168.2.23	2.78.110.173
Jan 5, 2025 17:42:52.050374985 CET	10359	23	192.168.2.23	70.3.255.206
Jan 5, 2025 17:42:52.050390005 CET	23	10359	71.131.125.87	192.168.2.23
Jan 5, 2025 17:42:52.050393105 CET	10359	23	192.168.2.23	79.134.164.131
Jan 5, 2025 17:42:52.050400019 CET	23	10359	109.79.0.255	192.168.2.23
Jan 5, 2025 17:42:52.050405025 CET	10359	23	192.168.2.23	68.200.101.27
Jan 5, 2025 17:42:52.050410986 CET	10359	2323	192.168.2.23	119.138.62.22
Jan 5, 2025 17:42:52.050411940 CET	23	10359	223.139.123.244	192.168.2.23
Jan 5, 2025 17:42:52.050419092 CET	10359	23	192.168.2.23	71.131.125.87
Jan 5, 2025 17:42:52.050447941 CET	10359	23	192.168.2.23	109.79.0.255
Jan 5, 2025 17:42:52.050468922 CET	23	10359	63.171.211.216	192.168.2.23
Jan 5, 2025 17:42:52.050477982 CET	2323	10359	135.255.36.150	192.168.2.23
Jan 5, 2025 17:42:52.050487041 CET	23	10359	74.47.113.23	192.168.2.23
Jan 5, 2025 17:42:52.050498962 CET	23	10359	13.87.121.49	192.168.2.23
Jan 5, 2025 17:42:52.050499916 CET	10359	23	192.168.2.23	223.139.123.244
Jan 5, 2025 17:42:52.050508022 CET	10359	23	192.168.2.23	63.171.211.216
Jan 5, 2025 17:42:52.050510883 CET	23	10359	148.136.129.51	192.168.2.23
Jan 5, 2025 17:42:52.050518036 CET	10359	2323	192.168.2.23	135.255.36.150
Jan 5, 2025 17:42:52.050520897 CET	10359	23	192.168.2.23	74.47.113.23
Jan 5, 2025 17:42:52.050520897 CET	23	10359	166.210.22.6	192.168.2.23
Jan 5, 2025 17:42:52.050534010 CET	23	10359	1.237.152.175	192.168.2.23
Jan 5, 2025 17:42:52.050540924 CET	10359	23	192.168.2.23	13.87.121.49
Jan 5, 2025 17:42:52.050543070 CET	23	10359	136.250.233.71	192.168.2.23
Jan 5, 2025 17:42:52.050553083 CET	23	10359	67.160.125.132	192.168.2.23
Jan 5, 2025 17:42:52.050560951 CET	10359	23	192.168.2.23	1.237.152.175
Jan 5, 2025 17:42:52.050560951 CET	10359	23	192.168.2.23	148.136.129.51
Jan 5, 2025 17:42:52.050564051 CET	23	10359	164.243.206.168	192.168.2.23
Jan 5, 2025 17:42:52.050575972 CET	2323	10359	196.2.209.201	192.168.2.23
Jan 5, 2025 17:42:52.050575972 CET	50096	23	192.168.2.23	189.219.82.231
Jan 5, 2025 17:42:52.050575972 CET	10359	23	192.168.2.23	136.250.233.71
Jan 5, 2025 17:42:52.050585985 CET	10359	23	192.168.2.23	67.160.125.132
Jan 5, 2025 17:42:52.050587893 CET	23	10359	142.47.57.123	192.168.2.23
Jan 5, 2025 17:42:52.050599098 CET	23	10359	211.96.93.84	192.168.2.23
Jan 5, 2025 17:42:52.050600052 CET	10359	23	192.168.2.23	166.210.22.6
Jan 5, 2025 17:42:52.050611973 CET	10359	23	192.168.2.23	164.243.206.168
Jan 5, 2025 17:42:52.050621033 CET	23	10359	204.66.182.38	192.168.2.23
Jan 5, 2025 17:42:52.050631046 CET	10359	23	192.168.2.23	142.47.57.123
Jan 5, 2025 17:42:52.050631046 CET	10359	2323	192.168.2.23	196.2.209.201
Jan 5, 2025 17:42:52.050632954 CET	23	10359	161.142.13.94	192.168.2.23
Jan 5, 2025 17:42:52.050637960 CET	10359	23	192.168.2.23	211.96.93.84
Jan 5, 2025 17:42:52.050642967 CET	23	10359	38.254.222.110	192.168.2.23
Jan 5, 2025 17:42:52.050654888 CET	23	10359	192.9.30.27	192.168.2.23
Jan 5, 2025 17:42:52.050658941 CET	10359	23	192.168.2.23	204.66.182.38
Jan 5, 2025 17:42:52.050666094 CET	23	10359	97.9.6.41	192.168.2.23
Jan 5, 2025 17:42:52.050674915 CET	23	10359	63.237.252.183	192.168.2.23
Jan 5, 2025 17:42:52.050684929 CET	23	10359	66.91.77.86	192.168.2.23
Jan 5, 2025 17:42:52.050685883 CET	10359	23	192.168.2.23	161.142.13.94
Jan 5, 2025 17:42:52.050695896 CET	10359	23	192.168.2.23	97.9.6.41
Jan 5, 2025 17:42:52.050700903 CET	23	10359	94.177.5.92	192.168.2.23
Jan 5, 2025 17:42:52.050709009 CET	10359	23	192.168.2.23	192.9.30.27
Jan 5, 2025 17:42:52.050709009 CET	10359	23	192.168.2.23	63.237.252.183
Jan 5, 2025 17:42:52.050712109 CET	23	10359	41.189.231.12	192.168.2.23
Jan 5, 2025 17:42:52.050723076 CET	2323	40380	119.238.14.180	192.168.2.23
Jan 5, 2025 17:42:52.050726891 CET	10359	23	192.168.2.23	66.91.77.86
Jan 5, 2025 17:42:52.050730944 CET	10359	23	192.168.2.23	38.254.222.110
Jan 5, 2025 17:42:52.050734997 CET	10359	23	192.168.2.23	94.177.5.92
Jan 5, 2025 17:42:52.050765991 CET	10359	23	192.168.2.23	41.189.231.12
Jan 5, 2025 17:42:52.051615953 CET	40380	2323	192.168.2.23	119.238.14.180
Jan 5, 2025 17:42:52.055979967 CET	23	50096	189.219.82.231	192.168.2.23
Jan 5, 2025 17:42:52.056025028 CET	50096	23	192.168.2.23	189.219.82.231
Jan 5, 2025 17:42:52.057636976 CET	48144	23	192.168.2.23	173.68.136.134
Jan 5, 2025 17:42:52.062407017 CET	23	48144	173.68.136.134	192.168.2.23
Jan 5, 2025 17:42:52.062455893 CET	48144	23	192.168.2.23	173.68.136.134
Jan 5, 2025 17:42:52.064562082 CET	52484	23	192.168.2.23	175.210.143.16
Jan 5, 2025 17:42:52.069576979 CET	23	52484	175.210.143.16	192.168.2.23
Jan 5, 2025 17:42:52.069643974 CET	52484	23	192.168.2.23	175.210.143.16
Jan 5, 2025 17:42:52.071104050 CET	48162	23	192.168.2.23	174.70.103.211
Jan 5, 2025 17:42:52.075920105 CET	23	48162	174.70.103.211	192.168.2.23
Jan 5, 2025 17:42:52.075958967 CET	48162	23	192.168.2.23	174.70.103.211
Jan 5, 2025 17:42:52.077510118 CET	54524	23	192.168.2.23	47.183.98.253
Jan 5, 2025 17:42:52.082407951 CET	23	54524	47.183.98.253	192.168.2.23
Jan 5, 2025 17:42:52.082452059 CET	54524	23	192.168.2.23	47.183.98.253
Jan 5, 2025 17:42:52.083574057 CET	33462	23	192.168.2.23	74.173.7.86
Jan 5, 2025 17:42:52.088572979 CET	23	33462	74.173.7.86	192.168.2.23
Jan 5, 2025 17:42:52.088622093 CET	33462	23	192.168.2.23	74.173.7.86
Jan 5, 2025 17:42:52.088850021 CET	43034	23	192.168.2.23	169.149.125.59
Jan 5, 2025 17:42:52.093760014 CET	23	43034	169.149.125.59	192.168.2.23
Jan 5, 2025 17:42:52.094754934 CET	43034	23	192.168.2.23	169.149.125.59
Jan 5, 2025 17:42:52.104310989 CET	43044	23	192.168.2.23	189.57.170.142
Jan 5, 2025 17:42:52.109097004 CET	23	43044	189.57.170.142	192.168.2.23
Jan 5, 2025 17:42:52.109142065 CET	43044	23	192.168.2.23	189.57.170.142
Jan 5, 2025 17:42:52.112095118 CET	35534	23	192.168.2.23	133.9.36.55
Jan 5, 2025 17:42:52.116980076 CET	23	35534	133.9.36.55	192.168.2.23
Jan 5, 2025 17:42:52.117043018 CET	35534	23	192.168.2.23	133.9.36.55
Jan 5, 2025 17:42:52.120038033 CET	34314	23	192.168.2.23	121.226.120.33
Jan 5, 2025 17:42:52.124957085 CET	23	34314	121.226.120.33	192.168.2.23
Jan 5, 2025 17:42:52.124999046 CET	34314	23	192.168.2.23	121.226.120.33
Jan 5, 2025 17:42:52.127985001 CET	41580	2323	192.168.2.23	222.233.39.68
Jan 5, 2025 17:42:52.132745981 CET	2323	41580	222.233.39.68	192.168.2.23
Jan 5, 2025 17:42:52.132792950 CET	41580	2323	192.168.2.23	222.233.39.68
Jan 5, 2025 17:42:52.135509014 CET	55652	23	192.168.2.23	8.35.242.59
Jan 5, 2025 17:42:52.140219927 CET	23	55652	8.35.242.59	192.168.2.23
Jan 5, 2025 17:42:52.140264034 CET	55652	23	192.168.2.23	8.35.242.59
Jan 5, 2025 17:42:52.143017054 CET	35734	23	192.168.2.23	111.73.27.214
Jan 5, 2025 17:42:52.147763014 CET	23	35734	111.73.27.214	192.168.2.23
Jan 5, 2025 17:42:52.147808075 CET	35734	23	192.168.2.23	111.73.27.214
Jan 5, 2025 17:42:52.464240074 CET	63645	49074	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:52.465127945 CET	49074	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:52.465127945 CET	49074	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:52.468348980 CET	49106	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:52.473198891 CET	63645	49106	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:52.473268032 CET	49106	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:52.480082989 CET	49106	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:52.484935999 CET	63645	49106	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:52.484978914 CET	49106	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:52.490083933 CET	63645	49106	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:52.782346964 CET	49106	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:52.829516888 CET	63645	49106	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:52.958369970 CET	63645	49106	41.216.189.127	192.168.2.23
Jan 5, 2025 17:42:52.958422899 CET	49106	63645	192.168.2.23	41.216.189.127
Jan 5, 2025 17:42:53.074197054 CET	35734	23	192.168.2.23	111.73.27.214
Jan 5, 2025 17:42:53.074213982 CET	55652	23	192.168.2.23	8.35.242.59
Jan 5, 2025 17:42:53.074213982 CET	41580	2323	192.168.2.23	222.233.39.68
Jan 5, 2025 17:42:53.074238062 CET	34314	23	192.168.2.23	121.226.120.33
Jan 5, 2025 17:42:53.074239969 CET	35534	23	192.168.2.23	133.9.36.55
Jan 5, 2025 17:42:53.074239016 CET	43044	23	192.168.2.23	189.57.170.142
Jan 5, 2025 17:42:53.074255943 CET	48162	23	192.168.2.23	174.70.103.211
Jan 5, 2025 17:42:53.074258089 CET	43034	23	192.168.2.23	169.149.125.59
Jan 5, 2025 17:42:53.074258089 CET	33462	23	192.168.2.23	74.173.7.86
Jan 5, 2025 17:42:53.074265957 CET	54524	23	192.168.2.23	47.183.98.253
Jan 5, 2025 17:42:53.074265957 CET	48144	23	192.168.2.23	173.68.136.134
Jan 5, 2025 17:42:53.074279070 CET	52484	23	192.168.2.23	175.210.143.16
Jan 5, 2025 17:42:53.074294090 CET	50096	23	192.168.2.23	189.219.82.231
Jan 5, 2025 17:42:53.074440956 CET	40380	2323	192.168.2.23	119.238.14.180
Jan 5, 2025 17:42:53.079152107 CET	23	35734	111.73.27.214	192.168.2.23
Jan 5, 2025 17:42:53.079193115 CET	35734	23	192.168.2.23	111.73.27.214
Jan 5, 2025 17:42:53.079258919 CET	23	55652	8.35.242.59	192.168.2.23
Jan 5, 2025 17:42:53.079272985 CET	2323	41580	222.233.39.68	192.168.2.23
Jan 5, 2025 17:42:53.079282999 CET	23	35534	133.9.36.55	192.168.2.23
Jan 5, 2025 17:42:53.079304934 CET	23	48162	174.70.103.211	192.168.2.23
Jan 5, 2025 17:42:53.079307079 CET	55652	23	192.168.2.23	8.35.242.59
Jan 5, 2025 17:42:53.079307079 CET	41580	2323	192.168.2.23	222.233.39.68
Jan 5, 2025 17:42:53.079324961 CET	23	34314	121.226.120.33	192.168.2.23
Jan 5, 2025 17:42:53.079329014 CET	35534	23	192.168.2.23	133.9.36.55
Jan 5, 2025 17:42:53.079333067 CET	48162	23	192.168.2.23	174.70.103.211
Jan 5, 2025 17:42:53.079344988 CET	23	43044	189.57.170.142	192.168.2.23
Jan 5, 2025 17:42:53.079354048 CET	23	43034	169.149.125.59	192.168.2.23
Jan 5, 2025 17:42:53.079368114 CET	34314	23	192.168.2.23	121.226.120.33
Jan 5, 2025 17:42:53.079379082 CET	43044	23	192.168.2.23	189.57.170.142
Jan 5, 2025 17:42:53.079391003 CET	43034	23	192.168.2.23	169.149.125.59
Jan 5, 2025 17:42:53.079391956 CET	23	33462	74.173.7.86	192.168.2.23
Jan 5, 2025 17:42:53.079401016 CET	23	52484	175.210.143.16	192.168.2.23
Jan 5, 2025 17:42:53.079437017 CET	52484	23	192.168.2.23	175.210.143.16
Jan 5, 2025 17:42:53.079437971 CET	33462	23	192.168.2.23	74.173.7.86
Jan 5, 2025 17:42:53.079930067 CET	23	54524	47.183.98.253	192.168.2.23
Jan 5, 2025 17:42:53.079940081 CET	23	48144	173.68.136.134	192.168.2.23
Jan 5, 2025 17:42:53.079957008 CET	23	50096	189.219.82.231	192.168.2.23
Jan 5, 2025 17:42:53.079957962 CET	54524	23	192.168.2.23	47.183.98.253
Jan 5, 2025 17:42:53.080001116 CET	48144	23	192.168.2.23	173.68.136.134
Jan 5, 2025 17:42:53.080008984 CET	50096	23	192.168.2.23	189.219.82.231
Jan 5, 2025 17:42:53.080024958 CET	2323	40380	119.238.14.180	192.168.2.23
Jan 5, 2025 17:42:53.080070972 CET	40380	2323	192.168.2.23	119.238.14.180
Jan 5, 2025 17:42:56.511955023 CET	42836	443	192.168.2.23	91.189.91.43
Jan 5, 2025 17:42:58.047741890 CET	42516	80	192.168.2.23	109.202.202.202
Jan 5, 2025 17:43:11.358150005 CET	43928	443	192.168.2.23	91.189.91.42
Jan 5, 2025 17:43:23.644453049 CET	42836	443	192.168.2.23	91.189.91.43
Jan 5, 2025 17:43:27.739764929 CET	42516	80	192.168.2.23	109.202.202.202
Jan 5, 2025 17:43:52.312536001 CET	43928	443	192.168.2.23	91.189.91.42

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 5, 2025 17:42:58.950357914 CET	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable
Jan 5, 2025 17:44:18.960700035 CET	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable

System Behavior

Analysis Process: dash PID: 6222, Parent PID: 4332

General

Start time (UTC):	16:42:48
Start date (UTC):	05/01/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6222, Parent PID: 4332

General

Start time (UTC):	16:42:48
Start date (UTC):	05/01/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.AWtkl2orJL /tmp/tmp.EwQ688Ot4L /tmp/tmp.N5aVoMdhdL
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6223, Parent PID: 4332

General

Start time (UTC):	16:42:48
Start date (UTC):	05/01/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6223, Parent PID: 4332

General

Start time (UTC):	16:42:48
Start date (UTC):	05/01/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.AWtkl2orJL /tmp/tmp.EwQ688Ot4L /tmp/tmp.N5aVoMdhdL
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: Fantazy.spc.elf PID: 6251, Parent PID: 6146

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/tmp/Fantazy.spc.elf
Arguments:	/tmp/Fantazy.spc.elf
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: Fantazy.spc.elf PID: 6253, Parent PID: 6251

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/tmp/Fantazy.spc.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: Fantazy.spc.elf PID: 6254, Parent PID: 6251

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/tmp/Fantazy.spc.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: Fantazy.spc.elf PID: 6257, Parent PID: 6254

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/tmp/Fantazy.spc.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: Fantazy.spc.elf PID: 6259, Parent PID: 6254

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/tmp/Fantazy.spc.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: Fantazy.spc.elf PID: 6261, Parent PID: 6254

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/tmp/Fantazy.spc.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: systemd PID: 6264, Parent PID: 1

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: journalctl PID: 6264, Parent PID: 1

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/usr/bin/journalctl
Arguments:	/usr/bin/journalctl --smart-relinquish-var
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Chronological Activities

Analysis Process: systemd PID: 6265, Parent PID: 1

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6265, Parent PID: 1

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6279, Parent PID: 1860

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: pulseaudio PID: 6279, Parent PID: 1860

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/usr/bin/pulseaudio
Arguments:	/usr/bin/pulseaudio --daemonize=no --log-target=journal
File size:	100832 bytes
MD5 hash:	0c3b4c789d8ffb12b25507f27e14c186

Chronological Activities

Analysis Process: systemd PID: 6280, Parent PID: 1

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6280, Parent PID: 1

General

Start time (UTC):	16:42:50
Start date (UTC):	05/01/2025
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 6281, Parent PID: 1

General

Start time (UTC):	16:42:51
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6281, Parent PID: 1

General

Start time (UTC):	16:42:51
Start date (UTC):	05/01/2025
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: gvfsd-fuse PID: 6282, Parent PID: 2038

General

Start time (UTC):	16:42:51
Start date (UTC):	05/01/2025
Path:	/usr/libexec/gvfsd-fuse
Arguments:	-
File size:	47632 bytes
MD5 hash:	d18fbf1cbf8eb57b17fac48b7b4be933

Chronological Activities

Analysis Process: fusermount PID: 6282, Parent PID: 2038

General

Start time (UTC):	16:42:51
Start date (UTC):	05/01/2025
Path:	/bin/fusermount
Arguments:	fusermount -u -q -z -- /run/user/1000/gvfs
File size:	39144 bytes
MD5 hash:	576a1b135c82bdcbc97a91acea900566

Chronological Activities

Analysis Process: systemd PID: 6292, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6292, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6293, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6293, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: systemd PID: 6294, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6294, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6296, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6296, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: systemd PID: 6297, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6297, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 6298, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6298, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6299, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6299, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: systemd PID: 6300, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: dbus-daemon PID: 6300, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: systemd PID: 6302, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd-journald PID: 6302, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Chronological Activities

Analysis Process: systemd PID: 6303, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6303, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: gdm3 PID: 6304, Parent PID: 1320

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 6304, Parent PID: 1320

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm3 PID: 6305, Parent PID: 1320

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 6305, Parent PID: 1320

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gdm3 PID: 6306, Parent PID: 1320

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Chronological Activities

Analysis Process: Default PID: 6306, Parent PID: 1320

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 6308, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6308, Parent PID: 1

General

Start time (UTC):	16:42:52
Start date (UTC):	05/01/2025
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 6309, Parent PID: 1

General

Start time (UTC):	16:42:53
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: rsyslogd PID: 6309, Parent PID: 1

General

Start time (UTC):	16:42:53
Start date (UTC):	05/01/2025
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Chronological Activities

Analysis Process: systemd PID: 6314, Parent PID: 1

General

Start time (UTC):	16:42:53
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gpu-manager PID: 6314, Parent PID: 1

General

Start time (UTC):	16:42:53
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: systemd PID: 6315, Parent PID: 1

General

Start time (UTC):	16:42:53
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: generate-config PID: 6315, Parent PID: 1

General

Start time (UTC):	16:42:53
Start date (UTC):	05/01/2025
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 6318, Parent PID: 1

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gpu-manager PID: 6318, Parent PID: 1

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: gpu-manager PID: 6319, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6319, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6320, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6320, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6321, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6321, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6322, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6322, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6323, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6323, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gpu-manager PID: 6324, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6324, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6325, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6325, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6326, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6326, Parent PID: 6318

General

Start time (UTC):	16:42:55
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 6327, Parent PID: 1

General

Start time (UTC):	16:42:56
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: generate-config PID: 6327, Parent PID: 1

General

Start time (UTC):	16:42:56
Start date (UTC):	05/01/2025
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: systemd PID: 6328, Parent PID: 1

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: gpu-manager PID: 6328, Parent PID: 1

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: gpu-manager PID: 6329, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6329, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6330, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6330, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6331, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: gpu-manager PID: 6332, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6332, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6333, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6333, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6334, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Chronological Activities

Analysis Process: sh PID: 6334, Parent PID: 6328

General

Start time (UTC):	16:42:57
Start date (UTC):	05/01/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gpu-manager PID: 6335, Parent PID: 6328

General

Start time (UTC):	16:42:58
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Analysis Process: gpu-manager PID: 6336, Parent PID: 6328

General

Start time (UTC):	16:42:58
Start date (UTC):	05/01/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Analysis Process: systemd PID: 6337, Parent PID: 1

General

Start time (UTC):	16:42:59
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd PID: 6338, Parent PID: 1

General

Start time (UTC):	16:43:00
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: systemd PID: 6339, Parent PID: 1

General

Start time (UTC):	16:43:00
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: generate-config PID: 6339, Parent PID: 1

General

Start time (UTC):	16:43:00
Start date (UTC):	05/01/2025
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: generate-config PID: 6340, Parent PID: 6339

General

Start time (UTC):	16:43:00
Start date (UTC):	05/01/2025
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: systemd PID: 6344, Parent PID: 1

General

Start time (UTC):	16:43:02
Start date (UTC):	05/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: plymouth PID: 6344, Parent PID: 1

General

Start time (UTC):	16:43:02
Start date (UTC):	05/01/2025
Path:	/bin/plymouth
Arguments:	/bin/plymouth quit
File size:	51352 bytes
MD5 hash:	87003efd8dad470042f5e75360a8f49f

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts may be created by an adversary or something that can be attributed to an adversary’s actions. Typically these artifacts are used as defensive indicators related to monitored events, such as strings from downloaded files, logs that are generated from user actions, and other data analyzed by defenders. Location, format, and type of artifact (such as command or login history) are often specific to each platform.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Deletion, File: File Metadata, File: File Modification, Firewall: Firewall Rule Modification, Network Traffic: Network Traffic Content, Process: OS API Execution, Process: Process Creation, Scheduled Job: Scheduled Job Modification, User Account: User Account Authentication, User Account: User Account Deletion, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, Google Workspace, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Fantazy.spc.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/qemu-open.Ds6lLu (deleted)

/var/lib/ubuntu-drivers-common/last_gfx_boot

/var/log/gpu-manager.log

/var/log/kern.log

/var/log/syslog

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

ICMP Packets

System Behavior

Analysis Process: dash PID: 6222, Parent PID: 4332

General

Chronological Activities

Analysis Process: rm PID: 6222, Parent PID: 4332

General

Chronological Activities

Analysis Process: dash PID: 6223, Parent PID: 4332

General

Chronological Activities

Analysis Process: rm PID: 6223, Parent PID: 4332

General

Chronological Activities

Analysis Process: Fantazy.spc.elf PID: 6251, Parent PID: 6146

General

Chronological Activities

Analysis Process: Fantazy.spc.elf PID: 6253, Parent PID: 6251

General

Chronological Activities

Analysis Process: Fantazy.spc.elf PID: 6254, Parent PID: 6251

General

Linux Analysis Report
Fantazy.spc.elf