Edit tour

Linux Analysis Report
ppc.elf

Overview

General Information

Sample name:	ppc.elf
Analysis ID:	1588737
MD5:	8c7b72161082b652c42c91091c479471
SHA1:	ee7e836fa2474f220a90bfb1d744f2233f3616a4
SHA256:	04ff0628b46e45010d4579d8a1ae4ae87b10782526e17fdbbd91f547aa24a06a
Tags:	elfMiraiuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588737
Start date and time:	2025-01-11 04:51:18 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ppc.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/ppc.elf
PID:	5432
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	wormbot
Standard Error:

Process Tree

system is lnxubuntu20

ppc.elf (PID: 5432, Parent: 5353, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/ppc.elf

ppc.elf New Fork (PID: 5434, Parent: 5432)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
ppc.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xc548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc55c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc610:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc624:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc638:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc64c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc660:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc674:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc688:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc69c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
5432.1.00007f0734001000.00007f073400f000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xc548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc55c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc610:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc624:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc638:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc64c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc660:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc674:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc688:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc69c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ppc.elf PID: 5432	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x106a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x106b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x106cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x106e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x106f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10708:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1071c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10730:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10744:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10758:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1076c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10780:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10794:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x107a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x107bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x107d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x107e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x107f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1080c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10820:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10834:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: ppc.elf	Virustotal: Detection: 29%			Perma Link
Source: ppc.elf	ReversingLabs: Detection: 39%

Source: global traffic

TCP traffic: 192.168.2.13:45928 -> 85.239.34.134:999

Source: /tmp/ppc.elf (PID: 5432)

Socket: 127.0.0.1:7567

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134

System Summary

Malicious sample detected (through community Yara rule)

Source: ppc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5432.1.00007f0734001000.00007f073400f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ppc.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: ppc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5432.1.00007f0734001000.00007f073400f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ppc.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Source: /tmp/ppc.elf (PID: 5432)

Queries kernel information via 'uname':

Jump to behavior

Source: ppc.elf, 5432.1.000056537831f000.00005653783d6000.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: ppc.elf, 5432.1.00007ffc47579000.00007ffc4759a000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ppc.elf
Source: ppc.elf, 5432.1.000056537831f000.00005653783d6000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: ppc.elf, 5432.1.00007ffc47579000.00007ffc4759a000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ppc.elf	30%	Virustotal		Browse
ppc.elf	39%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
85.239.34.134	unknown	Russian Federation		134121	RAINBOW-HKRainbownetworklimitedHK	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
85.239.34.134	arm6.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	m68k.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	harm.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	spc.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	arm.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
RAINBOW-HKRainbownetworklimitedHK	arm6.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	arm5.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	m68k.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	mpsl.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	harm.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	mips.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	spc.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	x86.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	arm.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	arm7.elf	Get hash	malicious	Mirai	Browse	85.239.34.134

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.192781244144005
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	ppc.elf
File size:	55'268 bytes
MD5:	8c7b72161082b652c42c91091c479471
SHA1:	ee7e836fa2474f220a90bfb1d744f2233f3616a4
SHA256:	04ff0628b46e45010d4579d8a1ae4ae87b10782526e17fdbbd91f547aa24a06a
SHA512:	b7d6d7bc3ab35f2169bba778586697cbb747ee294bc6e1b929abdfaaac6840617417325463ab9145fb6c6b86c7cf0e8b3d0d1f73c2ff1c82c9217160184883c8
SSDEEP:	1536:grn8Zo0iS/XZG5uiwGCgptyTU+NhlF/0I:gLSo0FPGuZXg0t8I
TLSH:	2B431A0272250E57E6934EB42A2F2BD0D7BB9DD026F0F6492A1F7B554D72E370483E89
File Content Preview:	.ELF...........................4...d.....4. ...(..........................................................-................X...X...X................dt.Q.............................!..\|......$H...H..9...$8!. \|...N.. .!..\|.......?..........p..../...@..`= .

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	PowerPC
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x10000218
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	4
Section Header Offset:	54628
Section Header Size:	40
Number of Section Headers:	16
Header String Table Index:	15

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x100000b4	0xb4	0x24	0x0	0x6	AX	4
.text	PROGBITS	0x100000d8	0xd8	0xbf90	0x0	0x6	AX	4
.fini	PROGBITS	0x1000c068	0xc068	0x20	0x0	0x6	AX	4
.rodata	PROGBITS	0x1000c088	0xc088	0x107c	0x0	0x2	A	4
.eh_frame	PROGBITS	0x1000e104	0xd104	0x54	0x0	0x3	WA	4
.tbss	NOBITS	0x1000e158	0xd158	0x8	0x0	0x403	WAT	4
.ctors	PROGBITS	0x1000e158	0xd158	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x1000e160	0xd160	0x8	0x0	0x3	WA	4
.jcr	PROGBITS	0x1000e168	0xd168	0x4	0x0	0x3	WA	4
.data	PROGBITS	0x1000e16c	0xd16c	0x320	0x0	0x3	WA	4
.got	PROGBITS	0x1000e48c	0xd48c	0x10	0x4	0x7	WAX	4
.sdata	PROGBITS	0x1000e49c	0xd49c	0x60	0x0	0x3	WA	4
.sbss	NOBITS	0x1000e4fc	0xd4fc	0x74	0x0	0x3	WA	4
.bss	NOBITS	0x1000e570	0xd4fc	0x2954	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xd4fc	0x65	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000000	0x10000000	0xd104	0xd104	6.2232	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xd104	0x1000e104	0x1000e104	0x3f8	0x2dc0	4.9742	0x7	RWE	0x1000	.eh_frame .tbss .ctors .dtors .jcr .data .got .sdata .sbss .bss
TLS	0xd158	0x1000e158	0x1000e158	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 04:52:07.247275114 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:07.252233028 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:07.252307892 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:07.252490997 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:07.257232904 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:07.257282019 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:07.262150049 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:09.021068096 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:09.021600962 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:09.026434898 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:10.031507969 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:10.036606073 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:10.036674976 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:10.036703110 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:10.041547060 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:10.041601896 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:10.046374083 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:11.802464008 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:11.802830935 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:11.807931900 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:12.804836988 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:12.809788942 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:12.809853077 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:12.809875011 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:12.814687967 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:12.814735889 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:12.819570065 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:14.585721970 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:14.586015940 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:14.591033936 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:15.588970900 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:15.594017982 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:15.594110012 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:15.594173908 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:15.598932028 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:15.599021912 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:15.603837967 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:17.346775055 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:17.347090006 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:17.352364063 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:18.349437952 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:18.354547024 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:18.354656935 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:18.354700089 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:18.359509945 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:18.359570026 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:18.364384890 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:20.111294031 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:20.111762047 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:20.116873980 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:21.114216089 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:21.119276047 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:21.119410038 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:21.119450092 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:21.124313116 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:21.124423027 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:21.129216909 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:22.865221977 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:22.865612030 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:22.870423079 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:23.868109941 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:23.873192072 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:23.873341084 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:23.873341084 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:23.878225088 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:23.878283024 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:23.883372068 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:25.630397081 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:25.630899906 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:25.635802031 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:26.633521080 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:26.639035940 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:26.639138937 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:26.639188051 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:26.645087957 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:26.645152092 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:26.650757074 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:28.412262917 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:28.412493944 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:28.417375088 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:29.414639950 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:29.419812918 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:29.419892073 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:29.419914007 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:29.424747944 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:29.424820900 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:29.429686069 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:31.193680048 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:31.193964958 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:31.199306965 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:32.196806908 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:32.201910019 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:32.202023029 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:32.202075005 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:32.206944942 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:32.207026958 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:32.211880922 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:33.941836119 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:33.942426920 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:33.947376013 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:34.945194006 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:34.951168060 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:34.951278925 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:34.951339006 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:34.956156015 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:34.956259966 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:34.963795900 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:36.705615044 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:36.706193924 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:36.711133957 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:37.708830118 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:37.713988066 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:37.714080095 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:37.714133024 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:37.718919992 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:37.718981981 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:37.723793030 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:39.474303961 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:39.474741936 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:39.474797010 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:39.480532885 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:40.477813005 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:40.482925892 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:40.483036995 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:40.483081102 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:40.487947941 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:40.488064051 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:40.492945910 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:42.239780903 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:42.240041971 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:42.245976925 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:43.242635965 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:43.256593943 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:43.256726980 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:43.256901979 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:43.261836052 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:43.261920929 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:43.266823053 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:45.038701057 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:45.039180994 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:45.044017076 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:46.041815042 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:46.046849012 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:46.046952963 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:46.047022104 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:46.051840067 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:46.052309990 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:46.057128906 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:47.818799019 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:47.819339991 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:47.825496912 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:48.821438074 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:48.826695919 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:48.826793909 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:48.826793909 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:48.831702948 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:48.831774950 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:48.836754084 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:50.580432892 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:50.580817938 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:50.586395979 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:51.583300114 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:51.911591053 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:51.911848068 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:51.912025928 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:51.916815996 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:51.916902065 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:51.921766043 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:53.658966064 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:53.659539938 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:53.664588928 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:54.662281990 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:54.667382002 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:54.667474031 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:54.667511940 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:54.672394037 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:54.672461987 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:54.677299023 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:56.428244114 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:56.428611994 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:56.433547020 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:57.431417942 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:57.436465979 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:57.436594963 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:57.436642885 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:57.441490889 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:57.441606998 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:57.446458101 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:59.225119114 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:52:59.225475073 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:52:59.230329990 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:00.227761030 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:00.234518051 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:00.234621048 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:00.234668016 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:00.241060972 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:00.241132021 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:00.245973110 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:02.230304956 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:02.230541945 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:02.235492945 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:03.233222008 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:03.238236904 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:03.238359928 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:03.238396883 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:03.243252993 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:03.243390083 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:03.248297930 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:04.986908913 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:04.987252951 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:04.992127895 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:05.990380049 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:05.997663975 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:05.997776031 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:05.997816086 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:06.004179955 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:06.004278898 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:06.009640932 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:07.787516117 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:07.788119078 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:07.793011904 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:08.791835070 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:08.796889067 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:08.796969891 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:08.797136068 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:08.801987886 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:08.802057028 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:08.808101892 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:10.550297976 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:10.550776005 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:10.555646896 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:11.553873062 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:11.558834076 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:11.558969021 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:11.559029102 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:11.563847065 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:11.563927889 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:11.568834066 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:13.314635992 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:13.314958096 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:13.319766998 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:14.317934036 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:14.322916985 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:14.323020935 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:14.323062897 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:14.327887058 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:14.327971935 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:14.332886934 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:16.118611097 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:16.119070053 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:16.124078035 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:17.122232914 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:17.127176046 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:17.127286911 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:17.127351999 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:17.132112026 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:17.132250071 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:17.137080908 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:18.877314091 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:18.877877951 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:18.882831097 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:19.881072998 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:19.886221886 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:19.886293888 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:19.886343002 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:19.891289949 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:19.891349077 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:19.896400928 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:21.664747000 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:21.665326118 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:21.670248032 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:22.670339108 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:22.675544024 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:22.675817013 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:22.676054001 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:22.680902958 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:22.681016922 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:22.685846090 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:24.442122936 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:24.442380905 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:24.447233915 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:25.445856094 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:25.451984882 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:25.452100992 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:25.452148914 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:25.457020998 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:25.457151890 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:25.462025881 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:27.228948116 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:27.229302883 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:27.234234095 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:28.232661963 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:28.237653971 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:28.237768888 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:28.237768888 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:28.242666006 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:28.242734909 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:28.247632027 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:30.006882906 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:30.007359028 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:30.012305021 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:31.009689093 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:31.014589071 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:31.014709949 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:31.014709949 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:31.019519091 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:31.019596100 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:31.024401903 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:32.804810047 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:32.805195093 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:32.810225010 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:33.808185101 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:33.813189983 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:33.813294888 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:33.813337088 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:33.818160057 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:33.818228960 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:33.823076963 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:35.567356110 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:35.567681074 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:35.572566032 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:36.569814920 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:36.574708939 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:36.574796915 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:36.574810028 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:36.579540968 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:36.579621077 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:36.584341049 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:38.334681034 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:38.335057020 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:38.339900970 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:39.337256908 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:39.342201948 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:39.342286110 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:39.342322111 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:39.347129107 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:39.347206116 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:39.352005959 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:41.098546982 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:41.098975897 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:41.103828907 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:42.101193905 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:42.106134892 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:42.106298923 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:42.106321096 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:42.111145973 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:42.111221075 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:42.116012096 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:43.863229036 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:43.863543034 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:43.868415117 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:44.865689039 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:44.870884895 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:44.870990992 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:44.871028900 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:44.875900984 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:44.875977039 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:44.880829096 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:46.614742041 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:46.615360022 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:46.622068882 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:47.617424965 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:47.622519016 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:47.622586012 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:47.622605085 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:47.627453089 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:47.627506971 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:47.632462978 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:49.378329039 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:49.378504038 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:49.383462906 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:50.381067991 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:50.386254072 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:50.386332989 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:50.386352062 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:50.391303062 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:50.391355038 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:50.396528006 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:52.146574020 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:52.146930933 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:52.151894093 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:53.150162935 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:53.155208111 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:53.155354977 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:53.155390024 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:53.160203934 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:53.160314083 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:53.165234089 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:54.930891037 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:54.931231976 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:54.936105013 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:55.933859110 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:55.939003944 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:55.939095020 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:55.939119101 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:55.944061041 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:55.944169044 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:55.948997021 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:57.739542007 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:57.740147114 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:57.745022058 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:58.743180037 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:58.748461008 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:58.748620987 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:58.748661041 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:58.753525019 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:53:58.753601074 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:53:58.758497000 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:00.523017883 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:00.523505926 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:00.528546095 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:01.526032925 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:01.531117916 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:01.531286955 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:01.531287909 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:01.536235094 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:01.536906004 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:01.541748047 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:03.303550959 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:03.303836107 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:03.308717012 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:04.306818008 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:04.311806917 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:04.311975956 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:04.311975956 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:04.316864014 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:04.316992998 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:04.321845055 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:06.065566063 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:06.066191912 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:06.071135044 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:07.069605112 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:07.074734926 CET	999	46014	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:07.074829102 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:07.074873924 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:07.079643011 CET	999	46014	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:07.079713106 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:07.084592104 CET	999	46014	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:08.852899075 CET	999	46014	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:08.853287935 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:08.858207941 CET	999	46014	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:09.855560064 CET	46016	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:09.860596895 CET	999	46016	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:09.860692978 CET	46016	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:09.860718012 CET	46016	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:09.865583897 CET	999	46016	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:09.865643024 CET	46016	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:09.870436907 CET	999	46016	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:11.634037018 CET	999	46016	85.239.34.134	192.168.2.13
Jan 11, 2025 04:54:11.634351015 CET	46016	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:54:11.639211893 CET	999	46016	85.239.34.134	192.168.2.13

System Behavior

Analysis Process: ppc.elf PID: 5432, Parent PID: 5353

General

Start time (UTC):	03:52:06
Start date (UTC):	11/01/2025
Path:	/tmp/ppc.elf
Arguments:	/tmp/ppc.elf
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: ppc.elf PID: 5434, Parent PID: 5432

General

Start time (UTC):	03:52:06
Start date (UTC):	11/01/2025
Path:	/tmp/ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ppc.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: ppc.elf PID: 5432, Parent PID: 5353

General

Chronological Activities

Analysis Process: ppc.elf PID: 5434, Parent PID: 5432

General

Chronological Activities

Linux Analysis Report
ppc.elf