Edit tour

Linux Analysis Report
sh4.elf

Overview

General Information

Sample name:	sh4.elf
Analysis ID:	1588738
MD5:	1c58def720c57a0061a2b0135b64b47d
SHA1:	b02ad906ede8ecbf6c73e7fb491dd78bcb1cfd3d
SHA256:	b08f4de964d1964a50347333c41f9331eaee225e62ffe6fae101f92aa688fc84
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588738
Start date and time:	2025-01-11 04:51:41 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	sh4.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/sh4.elf
PID:	5496
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	wormbot
Standard Error:

Process Tree

system is lnxubuntu20

sh4.elf (PID: 5496, Parent: 5419, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/sh4.elf

sh4.elf New Fork (PID: 5498, Parent: 5496)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
sh4.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xb680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb70c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb75c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb798:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb810:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
5496.1.00007f7558400000.00007f755840d000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xb680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb70c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb75c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb798:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb7fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb810:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: sh4.elf PID: 5496	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x64bd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64d1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64e5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64f9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x650d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6521:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6535:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6549:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x655d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6571:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6585:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6599:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65ad:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65c1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65d5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65e9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65fd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6611:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6625:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6639:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x664d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: sh4.elf	Virustotal: Detection: 30%			Perma Link
Source: sh4.elf	ReversingLabs: Detection: 23%

Source: global traffic

TCP traffic: 192.168.2.14:49800 -> 85.239.34.134:999

Source: /tmp/sh4.elf (PID: 5496)

Socket: 127.0.0.1:7567

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134

System Summary

Malicious sample detected (through community Yara rule)

Source: sh4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5496.1.00007f7558400000.00007f755840d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: sh4.elf PID: 5496, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: sh4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5496.1.00007f7558400000.00007f755840d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: sh4.elf PID: 5496, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Source: /tmp/sh4.elf (PID: 5496)

Queries kernel information via 'uname':

Jump to behavior

Source: sh4.elf, 5496.1.00007ffd39b8f000.00007ffd39bb0000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: sh4.elf, 5496.1.0000557262df4000.0000557262e57000.rw-.sdmp	Binary or memory string: brU5!/etc/qemu-binfmt/sh4
Source: sh4.elf, 5496.1.0000557262df4000.0000557262e57000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: sh4.elf, 5496.1.00007ffd39b8f000.00007ffd39bb0000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sh4.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
sh4.elf	30%	Virustotal		Browse
sh4.elf	24%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
85.239.34.134	unknown	Russian Federation		134121	RAINBOW-HKRainbownetworklimitedHK	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
85.239.34.134	ppc.elf	Get hash	malicious	Unknown	Browse
	arm6.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	m68k.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	harm.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	spc.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	arm.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
RAINBOW-HKRainbownetworklimitedHK	ppc.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	arm6.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	arm5.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	m68k.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	mpsl.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	harm.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	mips.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	spc.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	x86.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	arm.elf	Get hash	malicious	Unknown	Browse	85.239.34.134

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.813147372098858
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	sh4.elf
File size:	51'464 bytes
MD5:	1c58def720c57a0061a2b0135b64b47d
SHA1:	b02ad906ede8ecbf6c73e7fb491dd78bcb1cfd3d
SHA256:	b08f4de964d1964a50347333c41f9331eaee225e62ffe6fae101f92aa688fc84
SHA512:	af8aa4d9eab852af4ff5fe4ecb31845b62f9e4d0eb0293fe9edd26e52540218761c9fcf8654f7418f1b51daa972c0a0e51aa7f20d424eb4bb8c532499ba34f2c
SSDEEP:	768:Xr+FeRb4+SsopI3eFRR0ZdZ+V1ox0KNCJ0DjwsUKyw:7+Uzop70Zg1oxfCJ0DsKL
TLSH:	6D336C67E4252F63C0065A796434DF3C0F2321E192567DB26E268AF81C87D5EF848FE9
File Content Preview:	.ELF.....................@.4...........4. ...(...............@...@.X...X...............X...X.@.X.@.(...43....................@...@.................Q.td............................././"O.n........#.@........#.*@l....o&O.n...l.............................

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001c0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	4
Section Header Offset:	50904
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x4000b4	0xb4	0x30	0x0	0x6	AX	4
.text	PROGBITS	0x400100	0x100	0xb480	0x0	0x6	AX	32
.fini	PROGBITS	0x40b580	0xb580	0x24	0x0	0x6	AX	4
.rodata	PROGBITS	0x40b5a4	0xb5a4	0xcb4	0x0	0x2	A	4
.eh_frame	PROGBITS	0x40d258	0xc258	0x7c	0x0	0x3	WA	4
.tbss	NOBITS	0x40d2d4	0xc2d4	0x8	0x0	0x403	WAT	4
.ctors	PROGBITS	0x40d2d4	0xc2d4	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x40d2dc	0xc2dc	0x8	0x0	0x3	WA	4
.jcr	PROGBITS	0x40d2e4	0xc2e4	0x4	0x0	0x3	WA	4
.data	PROGBITS	0x40d2e8	0xc2e8	0x384	0x0	0x3	WA	4
.got	PROGBITS	0x40d66c	0xc66c	0x14	0x4	0x3	WA	4
.bss	NOBITS	0x40d680	0xc680	0x2f0c	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xc680	0x58	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xc258	0xc258	6.8557	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xc258	0x40d258	0x40d258	0x428	0x3334	4.9395	0x6	RW	0x1000	.eh_frame .tbss .ctors .dtors .jcr .data .got .bss
TLS	0xc2d4	0x40d2d4	0x40d2d4	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 04:52:29.978451014 CET	49800	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:29.983470917 CET	999	49800	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:29.983531952 CET	49800	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:30.004822016 CET	49800	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:30.009689093 CET	999	49800	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:30.009743929 CET	49800	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:30.014596939 CET	999	49800	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:31.737190962 CET	999	49800	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:31.737684965 CET	49800	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:31.742639065 CET	999	49800	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:32.740674973 CET	49802	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:32.745708942 CET	999	49802	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:32.745918036 CET	49802	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:32.746133089 CET	49802	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:32.750915051 CET	999	49802	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:32.751087904 CET	49802	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:32.757065058 CET	999	49802	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:34.487221003 CET	999	49802	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:34.487732887 CET	49802	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:34.492716074 CET	999	49802	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:35.489556074 CET	49804	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:35.494553089 CET	999	49804	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:35.494653940 CET	49804	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:35.494684935 CET	49804	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:35.499515057 CET	999	49804	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:35.499566078 CET	49804	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:35.504417896 CET	999	49804	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:37.252521992 CET	999	49804	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:37.252935886 CET	49804	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:37.257776022 CET	999	49804	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:38.255049944 CET	49806	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:38.260334015 CET	999	49806	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:38.260525942 CET	49806	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:38.262871027 CET	49806	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:38.267745972 CET	999	49806	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:38.267801046 CET	49806	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:38.272659063 CET	999	49806	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:40.021965027 CET	999	49806	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:40.022203922 CET	49806	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:40.027127981 CET	999	49806	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:41.024317026 CET	49808	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:41.029241085 CET	999	49808	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:41.029301882 CET	49808	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:41.029324055 CET	49808	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:41.034132004 CET	999	49808	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:41.034276962 CET	49808	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:41.039077044 CET	999	49808	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:42.768748045 CET	999	49808	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:42.769376993 CET	49808	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:42.775152922 CET	999	49808	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:43.772110939 CET	49810	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:43.777235985 CET	999	49810	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:43.777379036 CET	49810	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:43.777415991 CET	49810	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:43.782293081 CET	999	49810	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:43.782424927 CET	49810	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:43.787348032 CET	999	49810	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:45.535815001 CET	999	49810	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:45.536228895 CET	49810	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:45.541063070 CET	999	49810	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:46.539242029 CET	49812	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:46.545444965 CET	999	49812	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:46.545526981 CET	49812	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:46.545574903 CET	49812	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:46.550390005 CET	999	49812	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:46.550467014 CET	49812	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:46.555278063 CET	999	49812	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:48.321966887 CET	999	49812	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:48.322391033 CET	49812	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:48.328705072 CET	999	49812	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:49.324183941 CET	49814	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:49.329936981 CET	999	49814	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:49.330029964 CET	49814	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:49.330046892 CET	49814	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:49.335565090 CET	999	49814	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:49.335614920 CET	49814	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:49.341176033 CET	999	49814	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:51.910877943 CET	999	49814	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:51.910948992 CET	999	49814	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:51.911057949 CET	49814	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:51.911087036 CET	999	49814	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:51.911144018 CET	49814	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:51.911144018 CET	49814	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:51.916003942 CET	999	49814	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:52.913111925 CET	49816	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:52.918178082 CET	999	49816	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:52.918320894 CET	49816	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:52.918387890 CET	49816	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:52.923249006 CET	999	49816	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:52.923345089 CET	49816	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:52.928241968 CET	999	49816	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:54.673693895 CET	999	49816	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:54.673957109 CET	49816	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:54.678848028 CET	999	49816	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:55.675822973 CET	49818	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:55.680838108 CET	999	49818	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:55.680986881 CET	49818	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:55.681008101 CET	49818	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:55.685882092 CET	999	49818	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:55.685986996 CET	49818	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:55.690912962 CET	999	49818	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:57.485450983 CET	999	49818	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:57.485788107 CET	49818	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:57.490741014 CET	999	49818	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:58.488358974 CET	49820	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:58.494184971 CET	999	49820	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:58.494364977 CET	49820	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:58.494411945 CET	49820	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:58.500592947 CET	999	49820	85.239.34.134	192.168.2.14
Jan 11, 2025 04:52:58.500782013 CET	49820	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:52:58.506019115 CET	999	49820	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:00.278696060 CET	999	49820	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:00.278866053 CET	49820	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:00.283684015 CET	999	49820	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:01.281052113 CET	49822	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:01.286005020 CET	999	49822	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:01.286183119 CET	49822	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:01.286228895 CET	49822	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:01.290947914 CET	999	49822	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:01.291035891 CET	49822	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:01.295794964 CET	999	49822	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:03.180382013 CET	999	49822	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:03.180700064 CET	49822	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:03.185651064 CET	999	49822	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:04.182806969 CET	49824	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:04.187726974 CET	999	49824	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:04.187912941 CET	49824	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:04.187949896 CET	49824	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:04.192797899 CET	999	49824	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:04.192898989 CET	49824	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:04.197633982 CET	999	49824	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:05.942095041 CET	999	49824	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:05.942552090 CET	49824	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:05.948573112 CET	999	49824	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:06.945415974 CET	49826	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:06.950649023 CET	999	49826	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:06.950752974 CET	49826	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:06.950794935 CET	49826	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:06.955732107 CET	999	49826	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:06.955804110 CET	49826	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:06.960650921 CET	999	49826	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:08.707789898 CET	999	49826	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:08.708034039 CET	49826	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:08.713018894 CET	999	49826	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:09.709672928 CET	49828	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:09.714682102 CET	999	49828	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:09.714802027 CET	49828	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:09.714829922 CET	49828	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:09.719599009 CET	999	49828	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:09.719669104 CET	49828	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:09.724488020 CET	999	49828	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:11.473589897 CET	999	49828	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:11.473782063 CET	49828	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:11.478771925 CET	999	49828	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:12.476105928 CET	49830	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:12.481183052 CET	999	49830	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:12.481272936 CET	49830	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:12.481319904 CET	49830	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:12.486148119 CET	999	49830	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:12.486217976 CET	49830	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:12.491000891 CET	999	49830	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:14.256980896 CET	999	49830	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:14.257296085 CET	49830	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:14.262330055 CET	999	49830	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:15.260313034 CET	49832	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:15.265458107 CET	999	49832	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:15.265607119 CET	49832	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:15.265727043 CET	49832	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:15.270540953 CET	999	49832	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:15.270642042 CET	49832	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:15.275559902 CET	999	49832	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:17.018457890 CET	999	49832	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:17.018950939 CET	49832	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:17.023966074 CET	999	49832	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:18.021457911 CET	49834	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:18.027458906 CET	999	49834	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:18.027586937 CET	49834	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:18.027628899 CET	49834	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:18.033278942 CET	999	49834	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:18.033375025 CET	49834	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:18.038980007 CET	999	49834	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:19.822293997 CET	999	49834	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:19.822666883 CET	49834	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:19.828200102 CET	999	49834	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:20.825221062 CET	49836	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:20.831068993 CET	999	49836	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:20.831228018 CET	49836	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:20.831264973 CET	49836	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:20.836040974 CET	999	49836	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:20.836133957 CET	49836	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:20.841523886 CET	999	49836	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:22.580971003 CET	999	49836	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:22.581538916 CET	49836	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:22.586432934 CET	999	49836	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:23.584525108 CET	49838	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:23.589561939 CET	999	49838	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:23.589652061 CET	49838	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:23.589668036 CET	49838	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:23.594525099 CET	999	49838	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:23.594629049 CET	49838	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:23.599450111 CET	999	49838	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:25.331937075 CET	999	49838	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:25.332134008 CET	49838	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:25.337029934 CET	999	49838	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:26.333914042 CET	49840	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:26.338881016 CET	999	49840	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:26.338987112 CET	49840	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:26.339039087 CET	49840	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:26.343780041 CET	999	49840	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:26.343837976 CET	49840	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:26.348608971 CET	999	49840	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:28.096731901 CET	999	49840	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:28.097018003 CET	49840	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:28.101886034 CET	999	49840	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:29.099222898 CET	49842	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:29.104289055 CET	999	49842	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:29.104435921 CET	49842	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:29.104496956 CET	49842	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:29.109340906 CET	999	49842	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:29.109419107 CET	49842	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:29.114195108 CET	999	49842	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:30.867878914 CET	999	49842	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:30.868258953 CET	49842	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:30.873004913 CET	999	49842	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:31.870095015 CET	49844	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:31.875456095 CET	999	49844	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:31.875559092 CET	49844	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:31.875622988 CET	49844	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:31.880548000 CET	999	49844	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:31.880635977 CET	49844	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:31.885484934 CET	999	49844	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:33.611856937 CET	999	49844	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:33.612126112 CET	49844	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:33.617069960 CET	999	49844	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:34.616221905 CET	49846	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:34.621331930 CET	999	49846	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:34.621437073 CET	49846	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:34.621478081 CET	49846	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:34.626329899 CET	999	49846	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:34.626394033 CET	49846	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:34.631407976 CET	999	49846	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:36.381876945 CET	999	49846	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:36.382289886 CET	49846	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:36.387145996 CET	999	49846	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:37.384253025 CET	49848	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:37.389061928 CET	999	49848	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:37.389148951 CET	49848	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:37.389185905 CET	49848	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:37.393991947 CET	999	49848	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:37.394145012 CET	49848	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:37.398950100 CET	999	49848	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:39.145436049 CET	999	49848	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:39.145682096 CET	49848	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:39.150439024 CET	999	49848	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:40.147186041 CET	49850	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:40.152008057 CET	999	49850	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:40.152131081 CET	49850	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:40.152153969 CET	49850	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:40.156933069 CET	999	49850	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:40.156997919 CET	49850	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:40.161811113 CET	999	49850	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:41.895731926 CET	999	49850	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:41.896126986 CET	49850	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:41.900969982 CET	999	49850	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:42.897468090 CET	49852	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:42.902378082 CET	999	49852	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:42.902456045 CET	49852	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:42.902489901 CET	49852	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:42.907290936 CET	999	49852	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:42.907345057 CET	49852	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:42.912221909 CET	999	49852	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:44.663642883 CET	999	49852	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:44.663937092 CET	49852	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:44.669162989 CET	999	49852	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:45.667220116 CET	49854	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:45.677131891 CET	999	49854	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:45.677221060 CET	49854	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:45.677284956 CET	49854	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:45.682111979 CET	999	49854	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:45.682166100 CET	49854	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:45.687041044 CET	999	49854	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:47.440984011 CET	999	49854	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:47.441395044 CET	49854	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:47.446314096 CET	999	49854	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:48.444246054 CET	49856	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:48.449418068 CET	999	49856	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:48.449546099 CET	49856	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:48.449666977 CET	49856	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:48.454569101 CET	999	49856	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:48.454632998 CET	49856	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:48.459532976 CET	999	49856	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:50.192720890 CET	999	49856	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:50.192941904 CET	49856	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:50.197814941 CET	999	49856	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:51.195137978 CET	49858	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:51.200237989 CET	999	49858	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:51.200315952 CET	49858	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:51.200370073 CET	49858	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:51.205216885 CET	999	49858	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:51.205260992 CET	49858	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:51.210222960 CET	999	49858	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:52.955710888 CET	999	49858	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:52.956001997 CET	49858	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:52.960890055 CET	999	49858	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:53.958077908 CET	49860	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:53.963030100 CET	999	49860	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:53.963157892 CET	49860	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:53.963177919 CET	49860	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:53.967946053 CET	999	49860	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:53.968018055 CET	49860	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:53.972790956 CET	999	49860	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:55.743396997 CET	999	49860	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:55.743947983 CET	49860	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:55.748886108 CET	999	49860	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:56.746496916 CET	49862	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:56.751514912 CET	999	49862	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:56.751578093 CET	49862	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:56.751595020 CET	49862	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:56.756372929 CET	999	49862	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:56.756427050 CET	49862	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:56.761204004 CET	999	49862	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:58.489775896 CET	999	49862	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:58.489976883 CET	49862	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:58.494947910 CET	999	49862	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:59.492779970 CET	49864	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:59.497857094 CET	999	49864	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:59.497952938 CET	49864	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:59.497988939 CET	49864	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:59.503458023 CET	999	49864	85.239.34.134	192.168.2.14
Jan 11, 2025 04:53:59.503510952 CET	49864	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:53:59.508291960 CET	999	49864	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:01.275310040 CET	999	49864	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:01.275568008 CET	49864	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:01.281044960 CET	999	49864	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:02.277503014 CET	49866	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:02.282387018 CET	999	49866	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:02.282465935 CET	49866	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:02.282466888 CET	49866	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:02.287337065 CET	999	49866	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:02.287450075 CET	49866	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:02.292294025 CET	999	49866	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:04.066035032 CET	999	49866	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:04.066209078 CET	49866	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:04.071052074 CET	999	49866	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:05.067785978 CET	49868	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:05.072844982 CET	999	49868	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:05.073055983 CET	49868	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:05.073100090 CET	49868	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:05.077955008 CET	999	49868	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:05.078038931 CET	49868	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:05.082916975 CET	999	49868	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:06.816019058 CET	999	49868	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:06.816457033 CET	49868	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:06.821418047 CET	999	49868	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:07.817882061 CET	49870	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:07.822788000 CET	999	49870	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:07.822849035 CET	49870	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:07.822874069 CET	49870	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:07.827630997 CET	999	49870	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:07.827713966 CET	49870	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:07.832585096 CET	999	49870	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:09.585494041 CET	999	49870	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:09.585746050 CET	49870	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:09.590589046 CET	999	49870	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:10.587258101 CET	49872	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:10.592241049 CET	999	49872	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:10.592310905 CET	49872	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:10.592343092 CET	49872	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:10.597120047 CET	999	49872	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:10.597172022 CET	49872	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:10.602008104 CET	999	49872	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:12.347918987 CET	999	49872	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:12.348285913 CET	49872	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:12.353085041 CET	999	49872	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:13.350409031 CET	49874	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:13.355391979 CET	999	49874	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:13.355483055 CET	49874	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:13.355509996 CET	49874	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:13.360404968 CET	999	49874	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:13.360461950 CET	49874	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:13.365578890 CET	999	49874	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:15.112776041 CET	999	49874	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:15.113017082 CET	49874	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:15.117847919 CET	999	49874	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:16.114744902 CET	49876	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:16.119637966 CET	999	49876	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:16.119690895 CET	49876	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:16.119709015 CET	49876	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:16.124511957 CET	999	49876	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:16.124563932 CET	49876	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:16.129337072 CET	999	49876	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:17.882417917 CET	999	49876	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:17.882795095 CET	49876	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:17.887664080 CET	999	49876	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:18.885329962 CET	49878	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:18.896615028 CET	999	49878	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:18.896742105 CET	49878	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:18.896775961 CET	49878	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:18.901544094 CET	999	49878	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:18.901612997 CET	49878	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:18.906408072 CET	999	49878	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:20.664191008 CET	999	49878	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:20.664448023 CET	49878	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:20.669327974 CET	999	49878	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:21.666254044 CET	49880	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:21.671132088 CET	999	49880	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:21.671271086 CET	49880	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:21.671271086 CET	49880	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:21.676129103 CET	999	49880	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:21.676359892 CET	49880	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:21.681191921 CET	999	49880	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:23.445147991 CET	999	49880	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:23.445322990 CET	49880	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:23.450242996 CET	999	49880	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:24.447335005 CET	49882	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:24.452225924 CET	999	49882	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:24.452404022 CET	49882	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:24.452694893 CET	49882	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:24.457468987 CET	999	49882	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:24.457570076 CET	49882	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:24.462361097 CET	999	49882	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:26.226746082 CET	999	49882	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:26.227152109 CET	49882	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:26.232161999 CET	999	49882	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:27.229123116 CET	49884	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:27.234091043 CET	999	49884	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:27.234185934 CET	49884	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:27.234231949 CET	49884	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:27.239005089 CET	999	49884	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:27.239068985 CET	49884	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:27.243927002 CET	999	49884	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:28.992008924 CET	999	49884	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:28.992409945 CET	49884	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:28.997925043 CET	999	49884	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:29.993968964 CET	49886	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:29.999275923 CET	999	49886	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:29.999406099 CET	49886	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:29.999406099 CET	49886	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:30.004278898 CET	999	49886	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:30.004357100 CET	49886	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:30.009213924 CET	999	49886	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:31.757313967 CET	999	49886	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:31.757544041 CET	49886	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:31.762407064 CET	999	49886	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:32.759610891 CET	49888	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:32.764484882 CET	999	49888	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:32.764612913 CET	49888	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:32.764612913 CET	49888	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:32.769450903 CET	999	49888	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:32.769557953 CET	49888	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:32.774393082 CET	999	49888	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:34.538873911 CET	999	49888	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:34.539215088 CET	49888	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:34.544044971 CET	999	49888	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:35.541090965 CET	49890	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:35.545994997 CET	999	49890	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:35.546067953 CET	49890	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:35.546103954 CET	49890	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:35.550894022 CET	999	49890	85.239.34.134	192.168.2.14
Jan 11, 2025 04:54:35.550962925 CET	49890	999	192.168.2.14	85.239.34.134
Jan 11, 2025 04:54:35.555756092 CET	999	49890	85.239.34.134	192.168.2.14

System Behavior

Analysis Process: sh4.elf PID: 5496, Parent PID: 5419

General

Start time (UTC):	03:52:29
Start date (UTC):	11/01/2025
Path:	/tmp/sh4.elf
Arguments:	/tmp/sh4.elf
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: sh4.elf PID: 5498, Parent PID: 5496

General

Start time (UTC):	03:52:29
Start date (UTC):	11/01/2025
Path:	/tmp/sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report sh4.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: sh4.elf PID: 5496, Parent PID: 5419

General

Chronological Activities

Analysis Process: sh4.elf PID: 5498, Parent PID: 5496

General

Chronological Activities

Linux Analysis Report
sh4.elf