Edit tour

Linux Analysis Report
X86_64.elf

Overview

General Information

Sample name:	X86_64.elf
Analysis ID:	1588931
MD5:	1135868ad5966792fdcca09a699dce3f
SHA1:	96419f04bffaddbb1344f586b279af8e28000b6f
SHA256:	e8bcf1d9ca8111c004626d24e67fc8a1db2d9899bc4148320d5e3fca1736b442
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Machine Learning detection for sample

Opens /proc/net/* files useful for finding connected devices and routers

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Sample contains only a LOAD segment without any section mappings

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588931
Start date and time:	2025-01-11 07:18:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	X86_64.elf
Detection:	MAL
Classification:	mal72.spre.linELF@0/0@2/0

Runtime Messages

Command:	/tmp/X86_64.elf
PID:	5435
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Cia Qbot Has Infected This Device ;)
Standard Error:

Process Tree

system is lnxubuntu20

X86_64.elf (PID: 5435, Parent: 5358, MD5: 1135868ad5966792fdcca09a699dce3f) Arguments: /tmp/X86_64.elf

X86_64.elf New Fork (PID: 5436, Parent: 5435)

X86_64.elf New Fork (PID: 5437, Parent: 5435)

X86_64.elf New Fork (PID: 5438, Parent: 5437)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a6a2adb9	unknown	unknown	0xa0b:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x7ca4:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_f3d83a74	unknown	unknown	0x932:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x8493:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_e0673a90	unknown	unknown	0x1681:$a: 45 E8 0F B6 00 84 C0 74 17 48 8B 75 E8 48 FF C6 48 8B 7D F0 48
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a0a4de11	unknown	unknown	0x2182:$a: 42 0D 83 C8 10 88 42 0D 48 8B 55 D8 0F B6 42 0D 83 C8 08 88
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x59ae:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x5bb4:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_09c3070e	unknown	unknown	0x188f:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1942:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1b75:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_46eec778	unknown	unknown	0x27c:$a: C0 01 45 F8 48 83 45 E8 02 83 6D C8 02 83 7D C8 01 7F E4 83 7D 0x35a:$a: C0 01 45 F8 48 83 45 E8 02 83 6D C8 02 83 7D C8 01 7F E4 83 7D
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xab4e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0xcc32:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_656bf077	unknown	unknown	0x1643:$a: 74 28 48 8B 45 E8 0F B6 00 84 C0 74 14 48 8B 75 E8 48 FF C6 48 8B
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x8053:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_dd0d6173	unknown	unknown	0x1f2c:$a: 55 F8 8B 45 F0 89 42 0C 48 8B 55 F8 8B 45 F4 89 42 10 C9 C3 55 48
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_779e142f	unknown	unknown	0x85a:$a: EC 8B 45 E8 83 E0 02 85 C0 74 07 C7 45 D8 30 00 00 00 8B 45 E8 83
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_cf84c9f2	unknown	unknown	0x1516:$a: 55 48 89 E5 48 83 EC 30 48 89 7D E8 89 75 E4 89 55 E0 C7 45 F8 01 00
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0xad0a:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x831e:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_862c4e0e	unknown	unknown	0x2f7:$a: 02 89 45 F8 8B 45 F8 C1 E8 10 85 C0 75 E6 8B 45 F8 F7 D0 0F 0x3d5:$a: 02 89 45 F8 8B 45 F8 C1 E8 10 85 C0 75 E6 8B 45 F8 F7 D0 0F
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_32eb0c81	unknown	unknown	0x8a7:$a: D4 48 FF 45 F0 48 8B 45 F0 0F B6 00 84 C0 75 DB EB 12 48 8B
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0xaf03:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Mirai_3fe3c668	unknown	unknown	0x514a:$a: 00 84 C0 0F 95 C0 48 FF 45 E8 84 C0 75 E9 8B 45 FC C9 C3 55 48
5435.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Mirai_637f2c04	unknown	unknown	0x51a7:$a: 10 48 8B 45 E0 0F B6 00 38 C2 0F 95 C0 48 FF 45 E8 48 FF 45 E0 0x521d:$a: 10 48 8B 45 E0 0F B6 00 38 C2 0F 95 C0 48 FF 45 E8 48 FF 45 E0
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a6a2adb9	unknown	unknown	0xa0b:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x7ca4:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_f3d83a74	unknown	unknown	0x932:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x8493:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_e0673a90	unknown	unknown	0x1681:$a: 45 E8 0F B6 00 84 C0 74 17 48 8B 75 E8 48 FF C6 48 8B 7D F0 48
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a0a4de11	unknown	unknown	0x2182:$a: 42 0D 83 C8 10 88 42 0D 48 8B 55 D8 0F B6 42 0D 83 C8 08 88
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x59ae:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x5bb4:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_09c3070e	unknown	unknown	0x188f:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1942:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1b75:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_46eec778	unknown	unknown	0x27c:$a: C0 01 45 F8 48 83 45 E8 02 83 6D C8 02 83 7D C8 01 7F E4 83 7D 0x35a:$a: C0 01 45 F8 48 83 45 E8 02 83 6D C8 02 83 7D C8 01 7F E4 83 7D
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xab4e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0xcc32:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_656bf077	unknown	unknown	0x1643:$a: 74 28 48 8B 45 E8 0F B6 00 84 C0 74 14 48 8B 75 E8 48 FF C6 48 8B
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x8053:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_dd0d6173	unknown	unknown	0x1f2c:$a: 55 F8 8B 45 F0 89 42 0C 48 8B 55 F8 8B 45 F4 89 42 10 C9 C3 55 48
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_779e142f	unknown	unknown	0x85a:$a: EC 8B 45 E8 83 E0 02 85 C0 74 07 C7 45 D8 30 00 00 00 8B 45 E8 83
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_cf84c9f2	unknown	unknown	0x1516:$a: 55 48 89 E5 48 83 EC 30 48 89 7D E8 89 75 E4 89 55 E0 C7 45 F8 01 00
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0xad0a:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x831e:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_862c4e0e	unknown	unknown	0x2f7:$a: 02 89 45 F8 8B 45 F8 C1 E8 10 85 C0 75 E6 8B 45 F8 F7 D0 0F 0x3d5:$a: 02 89 45 F8 8B 45 F8 C1 E8 10 85 C0 75 E6 8B 45 F8 F7 D0 0F
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_32eb0c81	unknown	unknown	0x8a7:$a: D4 48 FF 45 F0 48 8B 45 F0 0F B6 00 84 C0 75 DB EB 12 48 8B
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0xaf03:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Mirai_3fe3c668	unknown	unknown	0x514a:$a: 00 84 C0 0F 95 C0 48 FF 45 E8 84 C0 75 E9 8B 45 FC C9 C3 55 48
5436.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Mirai_637f2c04	unknown	unknown	0x51a7:$a: 10 48 8B 45 E0 0F B6 00 38 C2 0F 95 C0 48 FF 45 E8 48 FF 45 E0 0x521d:$a: 10 48 8B 45 E0 0F B6 00 38 C2 0F 95 C0 48 FF 45 E8 48 FF 45 E0
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a6a2adb9	unknown	unknown	0xa0b:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x7ca4:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_f3d83a74	unknown	unknown	0x932:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x8493:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_e0673a90	unknown	unknown	0x1681:$a: 45 E8 0F B6 00 84 C0 74 17 48 8B 75 E8 48 FF C6 48 8B 7D F0 48
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a0a4de11	unknown	unknown	0x2182:$a: 42 0D 83 C8 10 88 42 0D 48 8B 55 D8 0F B6 42 0D 83 C8 08 88
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x59ae:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x5bb4:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_09c3070e	unknown	unknown	0x188f:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1942:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1b75:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_46eec778	unknown	unknown	0x27c:$a: C0 01 45 F8 48 83 45 E8 02 83 6D C8 02 83 7D C8 01 7F E4 83 7D 0x35a:$a: C0 01 45 F8 48 83 45 E8 02 83 6D C8 02 83 7D C8 01 7F E4 83 7D
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0xab4e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0xcc32:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_656bf077	unknown	unknown	0x1643:$a: 74 28 48 8B 45 E8 0F B6 00 84 C0 74 14 48 8B 75 E8 48 FF C6 48 8B
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x8053:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_dd0d6173	unknown	unknown	0x1f2c:$a: 55 F8 8B 45 F0 89 42 0C 48 8B 55 F8 8B 45 F4 89 42 10 C9 C3 55 48
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_779e142f	unknown	unknown	0x85a:$a: EC 8B 45 E8 83 E0 02 85 C0 74 07 C7 45 D8 30 00 00 00 8B 45 E8 83
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_cf84c9f2	unknown	unknown	0x1516:$a: 55 48 89 E5 48 83 EC 30 48 89 7D E8 89 75 E4 89 55 E0 C7 45 F8 01 00
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0xad0a:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x831e:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_862c4e0e	unknown	unknown	0x2f7:$a: 02 89 45 F8 8B 45 F8 C1 E8 10 85 C0 75 E6 8B 45 F8 F7 D0 0F 0x3d5:$a: 02 89 45 F8 8B 45 F8 C1 E8 10 85 C0 75 E6 8B 45 F8 F7 D0 0F
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_32eb0c81	unknown	unknown	0x8a7:$a: D4 48 FF 45 F0 48 8B 45 F0 0F B6 00 84 C0 75 DB EB 12 48 8B
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0xaf03:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Mirai_3fe3c668	unknown	unknown	0x514a:$a: 00 84 C0 0F 95 C0 48 FF 45 E8 84 C0 75 E9 8B 45 FC C9 C3 55 48
5437.1.0000000000400000.0000000000411000.r-x.sdmp	Linux_Trojan_Mirai_637f2c04	unknown	unknown	0x51a7:$a: 10 48 8B 45 E0 0F B6 00 38 C2 0F 95 C0 48 FF 45 E8 48 FF 45 E0 0x521d:$a: 10 48 8B 45 E0 0F B6 00 38 C2 0F 95 C0 48 FF 45 E8 48 FF 45 E0
Click to see the 64 entries

Suricata Signatures

ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T07:19:07.373171+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42484	216.9.227.143	9198	TCP
2025-01-11T07:19:09.132970+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42486	216.9.227.143	9198	TCP
2025-01-11T07:19:10.921316+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42488	216.9.227.143	9198	TCP
2025-01-11T07:19:12.661671+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42490	216.9.227.143	9198	TCP
2025-01-11T07:19:14.436621+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42492	216.9.227.143	9198	TCP
2025-01-11T07:19:16.176291+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42494	216.9.227.143	9198	TCP
2025-01-11T07:19:17.969316+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42496	216.9.227.143	9198	TCP
2025-01-11T07:19:19.750280+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42498	216.9.227.143	9198	TCP
2025-01-11T07:19:21.516830+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42500	216.9.227.143	9198	TCP
2025-01-11T07:19:23.251640+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42502	216.9.227.143	9198	TCP
2025-01-11T07:19:25.031247+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42504	216.9.227.143	9198	TCP
2025-01-11T07:19:26.789739+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42506	216.9.227.143	9198	TCP
2025-01-11T07:19:28.558634+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42508	216.9.227.143	9198	TCP
2025-01-11T07:19:30.345974+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42510	216.9.227.143	9198	TCP
2025-01-11T07:19:32.124721+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42512	216.9.227.143	9198	TCP
2025-01-11T07:19:33.902845+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42514	216.9.227.143	9198	TCP
2025-01-11T07:19:35.666705+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42516	216.9.227.143	9198	TCP
2025-01-11T07:19:37.454692+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42518	216.9.227.143	9198	TCP
2025-01-11T07:19:39.206153+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42520	216.9.227.143	9198	TCP
2025-01-11T07:19:41.001765+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42522	216.9.227.143	9198	TCP
2025-01-11T07:19:42.779179+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42524	216.9.227.143	9198	TCP
2025-01-11T07:19:44.544738+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42526	216.9.227.143	9198	TCP
2025-01-11T07:19:46.326605+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42528	216.9.227.143	9198	TCP
2025-01-11T07:19:48.108232+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42530	216.9.227.143	9198	TCP
2025-01-11T07:19:49.908523+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42532	216.9.227.143	9198	TCP
2025-01-11T07:19:51.653864+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42534	216.9.227.143	9198	TCP
2025-01-11T07:19:53.416498+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42536	216.9.227.143	9198	TCP
2025-01-11T07:19:55.389171+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42538	216.9.227.143	9198	TCP
2025-01-11T07:19:57.128140+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42540	216.9.227.143	9198	TCP
2025-01-11T07:19:58.882586+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42542	216.9.227.143	9198	TCP
2025-01-11T07:20:00.654167+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42544	216.9.227.143	9198	TCP
2025-01-11T07:20:02.396348+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42546	216.9.227.143	9198	TCP
2025-01-11T07:20:04.189577+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42548	216.9.227.143	9198	TCP
2025-01-11T07:20:05.967920+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42550	216.9.227.143	9198	TCP
2025-01-11T07:20:07.929445+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42552	216.9.227.143	9198	TCP
2025-01-11T07:20:09.663225+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42554	216.9.227.143	9198	TCP
2025-01-11T07:20:11.417937+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42556	216.9.227.143	9198	TCP
2025-01-11T07:20:13.203788+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42558	216.9.227.143	9198	TCP
2025-01-11T07:20:14.978025+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42560	216.9.227.143	9198	TCP
2025-01-11T07:20:16.709056+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42562	216.9.227.143	9198	TCP
2025-01-11T07:20:18.483085+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42564	216.9.227.143	9198	TCP
2025-01-11T07:20:20.262934+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42566	216.9.227.143	9198	TCP
2025-01-11T07:20:22.048723+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42568	216.9.227.143	9198	TCP
2025-01-11T07:20:23.827391+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42570	216.9.227.143	9198	TCP
2025-01-11T07:20:25.608350+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42572	216.9.227.143	9198	TCP
2025-01-11T07:20:27.393229+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42574	216.9.227.143	9198	TCP
2025-01-11T07:20:29.132674+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42576	216.9.227.143	9198	TCP
2025-01-11T07:20:30.907345+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42578	216.9.227.143	9198	TCP
2025-01-11T07:20:32.674909+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42580	216.9.227.143	9198	TCP
2025-01-11T07:20:34.453270+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42582	216.9.227.143	9198	TCP
2025-01-11T07:20:36.230605+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42584	216.9.227.143	9198	TCP
2025-01-11T07:20:38.015669+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42586	216.9.227.143	9198	TCP
2025-01-11T07:20:39.814537+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42588	216.9.227.143	9198	TCP
2025-01-11T07:20:41.575192+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42590	216.9.227.143	9198	TCP
2025-01-11T07:20:43.357497+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42592	216.9.227.143	9198	TCP
2025-01-11T07:20:45.107976+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42594	216.9.227.143	9198	TCP
2025-01-11T07:20:46.901539+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42596	216.9.227.143	9198	TCP
2025-01-11T07:20:48.646029+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42598	216.9.227.143	9198	TCP
2025-01-11T07:20:50.402181+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42600	216.9.227.143	9198	TCP
2025-01-11T07:20:52.147360+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42602	216.9.227.143	9198	TCP
2025-01-11T07:20:53.933773+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42604	216.9.227.143	9198	TCP
2025-01-11T07:20:55.660395+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42606	216.9.227.143	9198	TCP
2025-01-11T07:20:57.454611+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42608	216.9.227.143	9198	TCP
2025-01-11T07:20:59.215047+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42610	216.9.227.143	9198	TCP
2025-01-11T07:21:00.980533+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42612	216.9.227.143	9198	TCP
2025-01-11T07:21:02.726432+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42614	216.9.227.143	9198	TCP
2025-01-11T07:21:04.517325+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42616	216.9.227.143	9198	TCP
2025-01-11T07:21:06.258343+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42618	216.9.227.143	9198	TCP
2025-01-11T07:21:08.028431+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42620	216.9.227.143	9198	TCP
2025-01-11T07:21:09.753237+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42622	216.9.227.143	9198	TCP
2025-01-11T07:21:11.511459+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42624	216.9.227.143	9198	TCP
2025-01-11T07:21:13.257147+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42626	216.9.227.143	9198	TCP
2025-01-11T07:21:14.990469+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42628	216.9.227.143	9198	TCP
2025-01-11T07:21:16.745660+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42630	216.9.227.143	9198	TCP
2025-01-11T07:21:18.530177+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42632	216.9.227.143	9198	TCP
2025-01-11T07:21:20.296228+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42634	216.9.227.143	9198	TCP
2025-01-11T07:21:22.037534+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42636	216.9.227.143	9198	TCP
2025-01-11T07:21:52.048582+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42638	216.9.227.143	9198	TCP
2025-01-11T07:21:53.789813+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42640	216.9.227.143	9198	TCP
2025-01-11T07:21:55.522873+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42642	216.9.227.143	9198	TCP
2025-01-11T07:21:57.311798+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42644	216.9.227.143	9198	TCP
2025-01-11T07:21:59.076064+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42646	216.9.227.143	9198	TCP
2025-01-11T07:22:00.821700+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42648	216.9.227.143	9198	TCP
2025-01-11T07:22:02.627624+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42650	216.9.227.143	9198	TCP
2025-01-11T07:22:04.387747+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42652	216.9.227.143	9198	TCP
2025-01-11T07:22:06.137853+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42654	216.9.227.143	9198	TCP
2025-01-11T07:22:07.866905+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42656	216.9.227.143	9198	TCP
2025-01-11T07:22:09.755332+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42658	216.9.227.143	9198	TCP
2025-01-11T07:22:11.507895+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42660	216.9.227.143	9198	TCP
2025-01-11T07:22:13.238666+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42662	216.9.227.143	9198	TCP
2025-01-11T07:22:14.975795+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42664	216.9.227.143	9198	TCP
2025-01-11T07:22:16.766279+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42666	216.9.227.143	9198	TCP
2025-01-11T07:22:18.511559+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42668	216.9.227.143	9198	TCP
2025-01-11T07:22:20.299659+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42670	216.9.227.143	9198	TCP
2025-01-11T07:22:22.061851+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42672	216.9.227.143	9198	TCP
2025-01-11T07:22:23.786720+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42674	216.9.227.143	9198	TCP
2025-01-11T07:22:25.523185+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42676	216.9.227.143	9198	TCP
2025-01-11T07:22:27.317457+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42678	216.9.227.143	9198	TCP
2025-01-11T07:22:29.077636+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42680	216.9.227.143	9198	TCP
2025-01-11T07:22:30.840660+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42682	216.9.227.143	9198	TCP
2025-01-11T07:22:32.626714+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42684	216.9.227.143	9198	TCP
2025-01-11T07:22:34.388247+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42686	216.9.227.143	9198	TCP
2025-01-11T07:22:36.175458+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42688	216.9.227.143	9198	TCP
2025-01-11T07:22:37.936887+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42690	216.9.227.143	9198	TCP
2025-01-11T07:22:39.720297+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42692	216.9.227.143	9198	TCP
2025-01-11T07:22:41.459873+0100	2839490	1	Malware Command and Control Activity Detected	192.168.2.13	42694	216.9.227.143	9198	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: X86_64.elf	Virustotal: Detection: 18%			Perma Link
Source: X86_64.elf	ReversingLabs: Detection: 18%

Machine Learning detection for sample

Source: X86_64.elf

Joe Sandbox ML: detected

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/X86_64.elf (PID: 5435)

Opens: /proc/net/route

Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42490 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42524 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42486 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42488 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42496 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42508 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42518 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42484 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42500 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42522 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42492 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42528 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42514 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42532 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42498 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42520 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42568 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42512 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42560 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42570 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42584 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42540 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42506 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42604 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42552 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42606 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42614 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42612 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42678 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42562 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42510 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42686 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42534 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42596 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42536 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42610 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42578 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42494 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42650 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42566 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42664 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42692 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42624 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42576 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42632 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42628 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42694 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42544 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42690 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42516 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42592 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42662 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42640 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42620 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42550 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42538 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42554 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42526 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42630 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42572 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42646 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42616 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42542 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42590 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42676 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42546 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42652 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42682 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42564 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42556 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42598 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42502 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42574 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42642 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42670 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42644 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42688 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42530 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42648 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42618 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42504 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42660 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42582 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42656 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42626 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42586 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42680 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42684 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42634 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42594 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42558 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42588 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42672 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42602 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42658 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42638 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42580 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42668 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42600 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42548 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42608 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42636 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42674 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42654 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42666 -> 216.9.227.143:9198
Source: Network traffic	Suricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.13:42622 -> 216.9.227.143:9198

Source: global traffic

TCP traffic: 192.168.2.13:42484 -> 216.9.227.143:9198

Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143
Source: unknown	TCP traffic detected without corresponding DNS query: 216.9.227.143

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Malicious sample detected (through community Yara rule)

Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3fe3c668 Author: unknown
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_637f2c04 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3fe3c668 Author: unknown
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_637f2c04 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3fe3c668 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_637f2c04 Author: unknown

Source: LOAD without section mappings

Program segment: 0x400000

Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 6834f65d54bbfb926f986fe2dd72cd30bf9804ed65fcc71c2c848e72350f386a, id = e0673a90-165e-4347-a965-e8d14fdf684b, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ea8ed60190198d5887bb7093975d648a9fd78234827d648a8258008c965b1c1, id = 656bf077-ca0c-4d28-9daa-eb6baafaf467, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 7c50ed29e2dd75a6a85afc43f8452794cb787ecd2061f4bf415d7038c14c523f, id = 32eb0c81-25af-4670-ab77-07ea7ce1874a, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3fe3c668 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 2a79caea707eb0ecd740106ea4bed2918e7592c1e5ad6050f6f0992cf31ba5ec, id = 3fe3c668-89f4-4601-a167-f41bbd984ae5, last_modified = 2021-09-16
Source: 5435.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_637f2c04 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 7af3d573af8b7f8252590a53adda52ecf53bdaf9a86b52ef50702f048e08ba8c, id = 637f2c04-98e4-45aa-b60a-14a96c6cebb7, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 6834f65d54bbfb926f986fe2dd72cd30bf9804ed65fcc71c2c848e72350f386a, id = e0673a90-165e-4347-a965-e8d14fdf684b, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ea8ed60190198d5887bb7093975d648a9fd78234827d648a8258008c965b1c1, id = 656bf077-ca0c-4d28-9daa-eb6baafaf467, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 7c50ed29e2dd75a6a85afc43f8452794cb787ecd2061f4bf415d7038c14c523f, id = 32eb0c81-25af-4670-ab77-07ea7ce1874a, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3fe3c668 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 2a79caea707eb0ecd740106ea4bed2918e7592c1e5ad6050f6f0992cf31ba5ec, id = 3fe3c668-89f4-4601-a167-f41bbd984ae5, last_modified = 2021-09-16
Source: 5436.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_637f2c04 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 7af3d573af8b7f8252590a53adda52ecf53bdaf9a86b52ef50702f048e08ba8c, id = 637f2c04-98e4-45aa-b60a-14a96c6cebb7, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 6834f65d54bbfb926f986fe2dd72cd30bf9804ed65fcc71c2c848e72350f386a, id = e0673a90-165e-4347-a965-e8d14fdf684b, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ea8ed60190198d5887bb7093975d648a9fd78234827d648a8258008c965b1c1, id = 656bf077-ca0c-4d28-9daa-eb6baafaf467, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 7c50ed29e2dd75a6a85afc43f8452794cb787ecd2061f4bf415d7038c14c523f, id = 32eb0c81-25af-4670-ab77-07ea7ce1874a, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3fe3c668 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 2a79caea707eb0ecd740106ea4bed2918e7592c1e5ad6050f6f0992cf31ba5ec, id = 3fe3c668-89f4-4601-a167-f41bbd984ae5, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_637f2c04 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 7af3d573af8b7f8252590a53adda52ecf53bdaf9a86b52ef50702f048e08ba8c, id = 637f2c04-98e4-45aa-b60a-14a96c6cebb7, last_modified = 2021-09-16

Source: classification engine

Classification label: mal72.spre.linELF@0/0@2/0

Source: X86_64.elf

Submission file: segment LOAD with 7.9583 entropy (max. 8.0)

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Obfuscated Files or Information	OS Credential Dumping	1 Remote System Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
X86_64.elf	19%	Virustotal		Browse
X86_64.elf	18%	ReversingLabs	Linux.Backdoor.Gafgyt
X86_64.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.25	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
216.9.227.143	unknown	Reserved		7018	ATT-INTERNET4US	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
216.9.227.143	SPARC.elf	Get hash	malicious	Unknown	Browse
	X86_64.elf	Get hash	malicious	Unknown	Browse
	I686.elf	Get hash	malicious	Unknown	Browse
	M68K.elf	Get hash	malicious	Unknown	Browse
	I586.elf	Get hash	malicious	Unknown	Browse
	SH4.elf	Get hash	malicious	Unknown	Browse
	SPARC.elf	Get hash	malicious	Unknown	Browse
	SH4.elf	Get hash	malicious	Mirai	Browse
	POWERPC.elf	Get hash	malicious	Mirai	Browse
	SPARC.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	ARMV6L.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	5.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	POWERPC.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	MIPS.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	ssl.elf	Get hash	malicious	Gafgyt	Browse	162.213.35.24
	ssb.elf	Get hash	malicious	Gafgyt	Browse	162.213.35.25
	ssg.elf	Get hash	malicious	Gafgyt	Browse	162.213.35.25
	qbfwdbg.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	ssh.elf	Get hash	malicious	Gafgyt	Browse	162.213.35.25
	UnHAnaAW.m68k.elf	Get hash	malicious	Mirai	Browse	162.213.35.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ATT-INTERNET4US	SPARC.elf	Get hash	malicious	Unknown	Browse	216.9.227.143
	6.elf	Get hash	malicious	Unknown	Browse	75.26.124.8
	4.elf	Get hash	malicious	Unknown	Browse	99.148.97.71
	3.elf	Get hash	malicious	Unknown	Browse	107.255.69.83
	4.elf	Get hash	malicious	Unknown	Browse	172.185.86.37
	6.elf	Get hash	malicious	Unknown	Browse	76.224.102.15
	frosty.arm.elf	Get hash	malicious	Mirai	Browse	74.185.28.64
	frosty.spc.elf	Get hash	malicious	Mirai	Browse	172.125.131.84
	frosty.x86.elf	Get hash	malicious	Mirai	Browse	170.187.70.64
	frosty.sh4.elf	Get hash	malicious	Mirai	Browse	45.20.50.226

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.9558665437258
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	X86_64.elf
File size:	35'840 bytes
MD5:	1135868ad5966792fdcca09a699dce3f
SHA1:	96419f04bffaddbb1344f586b279af8e28000b6f
SHA256:	e8bcf1d9ca8111c004626d24e67fc8a1db2d9899bc4148320d5e3fca1736b442
SHA512:	adcd2531af9f3083136b50f95d44c02acdc3965cfef15588a8328ee672311bb276980c6179798dc6b84b527846f96914f160cdd6012c7a0ff4d39cc2b2b124e8
SSDEEP:	768:QDqXoNqWuptMmK5M8ULkpNN+esCL4Kd5OQZUOLRmuol1vYEd49Ssv9sPo:v2QTBL6+YLx8Qo3AZFuo
TLSH:	EDF2D0EFE35AE5FCD43D5DB0926C55C0E93DB80BE20907A7098431BAD970A884E34B62
File Content Preview:	.ELF..............>......y@.....@...................@.8...@.......................@.......@...............................................@.......@.............p...............Q.td....................................................V...YTS................

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x407910
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	64
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0x400000	0x400000	0x8ab9	0x8ab9	7.9583	0x5	R E	0x100000
LOAD	0x0	0x409000	0x409000	0x0	0x10e970	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-11T07:19:07.373171+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42484	216.9.227.143	9198	TCP
2025-01-11T07:19:09.132970+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42486	216.9.227.143	9198	TCP
2025-01-11T07:19:10.921316+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42488	216.9.227.143	9198	TCP
2025-01-11T07:19:12.661671+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42490	216.9.227.143	9198	TCP
2025-01-11T07:19:14.436621+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42492	216.9.227.143	9198	TCP
2025-01-11T07:19:16.176291+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42494	216.9.227.143	9198	TCP
2025-01-11T07:19:17.969316+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42496	216.9.227.143	9198	TCP
2025-01-11T07:19:19.750280+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42498	216.9.227.143	9198	TCP
2025-01-11T07:19:21.516830+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42500	216.9.227.143	9198	TCP
2025-01-11T07:19:23.251640+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42502	216.9.227.143	9198	TCP
2025-01-11T07:19:25.031247+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42504	216.9.227.143	9198	TCP
2025-01-11T07:19:26.789739+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42506	216.9.227.143	9198	TCP
2025-01-11T07:19:28.558634+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42508	216.9.227.143	9198	TCP
2025-01-11T07:19:30.345974+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42510	216.9.227.143	9198	TCP
2025-01-11T07:19:32.124721+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42512	216.9.227.143	9198	TCP
2025-01-11T07:19:33.902845+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42514	216.9.227.143	9198	TCP
2025-01-11T07:19:35.666705+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42516	216.9.227.143	9198	TCP
2025-01-11T07:19:37.454692+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42518	216.9.227.143	9198	TCP
2025-01-11T07:19:39.206153+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42520	216.9.227.143	9198	TCP
2025-01-11T07:19:41.001765+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42522	216.9.227.143	9198	TCP
2025-01-11T07:19:42.779179+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42524	216.9.227.143	9198	TCP
2025-01-11T07:19:44.544738+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42526	216.9.227.143	9198	TCP
2025-01-11T07:19:46.326605+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42528	216.9.227.143	9198	TCP
2025-01-11T07:19:48.108232+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42530	216.9.227.143	9198	TCP
2025-01-11T07:19:49.908523+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42532	216.9.227.143	9198	TCP
2025-01-11T07:19:51.653864+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42534	216.9.227.143	9198	TCP
2025-01-11T07:19:53.416498+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42536	216.9.227.143	9198	TCP
2025-01-11T07:19:55.389171+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42538	216.9.227.143	9198	TCP
2025-01-11T07:19:57.128140+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42540	216.9.227.143	9198	TCP
2025-01-11T07:19:58.882586+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42542	216.9.227.143	9198	TCP
2025-01-11T07:20:00.654167+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42544	216.9.227.143	9198	TCP
2025-01-11T07:20:02.396348+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42546	216.9.227.143	9198	TCP
2025-01-11T07:20:04.189577+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42548	216.9.227.143	9198	TCP
2025-01-11T07:20:05.967920+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42550	216.9.227.143	9198	TCP
2025-01-11T07:20:07.929445+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42552	216.9.227.143	9198	TCP
2025-01-11T07:20:09.663225+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42554	216.9.227.143	9198	TCP
2025-01-11T07:20:11.417937+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42556	216.9.227.143	9198	TCP
2025-01-11T07:20:13.203788+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42558	216.9.227.143	9198	TCP
2025-01-11T07:20:14.978025+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42560	216.9.227.143	9198	TCP
2025-01-11T07:20:16.709056+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42562	216.9.227.143	9198	TCP
2025-01-11T07:20:18.483085+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42564	216.9.227.143	9198	TCP
2025-01-11T07:20:20.262934+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42566	216.9.227.143	9198	TCP
2025-01-11T07:20:22.048723+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42568	216.9.227.143	9198	TCP
2025-01-11T07:20:23.827391+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42570	216.9.227.143	9198	TCP
2025-01-11T07:20:25.608350+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42572	216.9.227.143	9198	TCP
2025-01-11T07:20:27.393229+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42574	216.9.227.143	9198	TCP
2025-01-11T07:20:29.132674+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42576	216.9.227.143	9198	TCP
2025-01-11T07:20:30.907345+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42578	216.9.227.143	9198	TCP
2025-01-11T07:20:32.674909+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42580	216.9.227.143	9198	TCP
2025-01-11T07:20:34.453270+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42582	216.9.227.143	9198	TCP
2025-01-11T07:20:36.230605+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42584	216.9.227.143	9198	TCP
2025-01-11T07:20:38.015669+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42586	216.9.227.143	9198	TCP
2025-01-11T07:20:39.814537+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42588	216.9.227.143	9198	TCP
2025-01-11T07:20:41.575192+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42590	216.9.227.143	9198	TCP
2025-01-11T07:20:43.357497+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42592	216.9.227.143	9198	TCP
2025-01-11T07:20:45.107976+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42594	216.9.227.143	9198	TCP
2025-01-11T07:20:46.901539+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42596	216.9.227.143	9198	TCP
2025-01-11T07:20:48.646029+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42598	216.9.227.143	9198	TCP
2025-01-11T07:20:50.402181+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42600	216.9.227.143	9198	TCP
2025-01-11T07:20:52.147360+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42602	216.9.227.143	9198	TCP
2025-01-11T07:20:53.933773+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42604	216.9.227.143	9198	TCP
2025-01-11T07:20:55.660395+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42606	216.9.227.143	9198	TCP
2025-01-11T07:20:57.454611+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42608	216.9.227.143	9198	TCP
2025-01-11T07:20:59.215047+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42610	216.9.227.143	9198	TCP
2025-01-11T07:21:00.980533+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42612	216.9.227.143	9198	TCP
2025-01-11T07:21:02.726432+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42614	216.9.227.143	9198	TCP
2025-01-11T07:21:04.517325+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42616	216.9.227.143	9198	TCP
2025-01-11T07:21:06.258343+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42618	216.9.227.143	9198	TCP
2025-01-11T07:21:08.028431+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42620	216.9.227.143	9198	TCP
2025-01-11T07:21:09.753237+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42622	216.9.227.143	9198	TCP
2025-01-11T07:21:11.511459+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42624	216.9.227.143	9198	TCP
2025-01-11T07:21:13.257147+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42626	216.9.227.143	9198	TCP
2025-01-11T07:21:14.990469+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42628	216.9.227.143	9198	TCP
2025-01-11T07:21:16.745660+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42630	216.9.227.143	9198	TCP
2025-01-11T07:21:18.530177+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42632	216.9.227.143	9198	TCP
2025-01-11T07:21:20.296228+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42634	216.9.227.143	9198	TCP
2025-01-11T07:21:22.037534+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42636	216.9.227.143	9198	TCP
2025-01-11T07:21:52.048582+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42638	216.9.227.143	9198	TCP
2025-01-11T07:21:53.789813+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42640	216.9.227.143	9198	TCP
2025-01-11T07:21:55.522873+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42642	216.9.227.143	9198	TCP
2025-01-11T07:21:57.311798+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42644	216.9.227.143	9198	TCP
2025-01-11T07:21:59.076064+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42646	216.9.227.143	9198	TCP
2025-01-11T07:22:00.821700+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42648	216.9.227.143	9198	TCP
2025-01-11T07:22:02.627624+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42650	216.9.227.143	9198	TCP
2025-01-11T07:22:04.387747+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42652	216.9.227.143	9198	TCP
2025-01-11T07:22:06.137853+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42654	216.9.227.143	9198	TCP
2025-01-11T07:22:07.866905+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42656	216.9.227.143	9198	TCP
2025-01-11T07:22:09.755332+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42658	216.9.227.143	9198	TCP
2025-01-11T07:22:11.507895+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42660	216.9.227.143	9198	TCP
2025-01-11T07:22:13.238666+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42662	216.9.227.143	9198	TCP
2025-01-11T07:22:14.975795+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42664	216.9.227.143	9198	TCP
2025-01-11T07:22:16.766279+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42666	216.9.227.143	9198	TCP
2025-01-11T07:22:18.511559+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42668	216.9.227.143	9198	TCP
2025-01-11T07:22:20.299659+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42670	216.9.227.143	9198	TCP
2025-01-11T07:22:22.061851+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42672	216.9.227.143	9198	TCP
2025-01-11T07:22:23.786720+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42674	216.9.227.143	9198	TCP
2025-01-11T07:22:25.523185+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42676	216.9.227.143	9198	TCP
2025-01-11T07:22:27.317457+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42678	216.9.227.143	9198	TCP
2025-01-11T07:22:29.077636+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42680	216.9.227.143	9198	TCP
2025-01-11T07:22:30.840660+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42682	216.9.227.143	9198	TCP
2025-01-11T07:22:32.626714+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42684	216.9.227.143	9198	TCP
2025-01-11T07:22:34.388247+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42686	216.9.227.143	9198	TCP
2025-01-11T07:22:36.175458+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42688	216.9.227.143	9198	TCP
2025-01-11T07:22:37.936887+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42690	216.9.227.143	9198	TCP
2025-01-11T07:22:39.720297+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42692	216.9.227.143	9198	TCP
2025-01-11T07:22:41.459873+0100	2839490	ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)	1	192.168.2.13	42694	216.9.227.143	9198	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 07:19:07.367263079 CET	42484	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:07.373061895 CET	9198	42484	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:07.373171091 CET	42484	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:07.373171091 CET	42484	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:07.378909111 CET	9198	42484	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:09.126847982 CET	9198	42484	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:09.127183914 CET	42484	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:09.127759933 CET	42486	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:09.132152081 CET	9198	42484	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:09.132834911 CET	9198	42486	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:09.132970095 CET	42486	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:09.132970095 CET	42486	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:09.137870073 CET	9198	42486	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:10.915523052 CET	9198	42486	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:10.915685892 CET	42486	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:10.916354895 CET	42488	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:10.920572996 CET	9198	42486	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:10.921241045 CET	9198	42488	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:10.921294928 CET	42488	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:10.921315908 CET	42488	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:10.926129103 CET	9198	42488	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:12.655456066 CET	9198	42488	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:12.655637980 CET	42488	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:12.656677961 CET	42490	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:12.660449028 CET	9198	42488	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:12.661581039 CET	9198	42490	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:12.661670923 CET	42490	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:12.661670923 CET	42490	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:12.666501999 CET	9198	42490	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:14.430809975 CET	9198	42490	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:14.431108952 CET	42490	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:14.431730032 CET	42492	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:14.435960054 CET	9198	42490	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:14.436541080 CET	9198	42492	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:14.436604977 CET	42492	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:14.436620951 CET	42492	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:14.441432953 CET	9198	42492	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:16.168860912 CET	9198	42492	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:16.169298887 CET	42492	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:16.171367884 CET	42494	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:16.174233913 CET	9198	42492	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:16.176189899 CET	9198	42494	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:16.176275015 CET	42494	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:16.176290989 CET	42494	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:16.182024956 CET	9198	42494	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:17.962251902 CET	9198	42494	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:17.962732077 CET	42494	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:17.964229107 CET	42496	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:17.967636108 CET	9198	42494	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:17.969232082 CET	9198	42496	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:17.969302893 CET	42496	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:17.969316006 CET	42496	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:17.974128962 CET	9198	42496	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:19.743350983 CET	9198	42496	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:19.743767977 CET	42496	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:19.745022058 CET	42498	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:19.748840094 CET	9198	42496	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:19.750164986 CET	9198	42498	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:19.750245094 CET	42498	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:19.750279903 CET	42498	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:19.755131960 CET	9198	42498	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:21.509826899 CET	9198	42498	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:21.509975910 CET	42498	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:21.511809111 CET	42500	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:21.514800072 CET	9198	42498	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:21.516660929 CET	9198	42500	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:21.516773939 CET	42500	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:21.516829967 CET	42500	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:21.521629095 CET	9198	42500	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:23.245394945 CET	9198	42500	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:23.245712996 CET	42500	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:23.246689081 CET	42502	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:23.250569105 CET	9198	42500	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:23.251524925 CET	9198	42502	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:23.251602888 CET	42502	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:23.251640081 CET	42502	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:23.256498098 CET	9198	42502	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:25.024871111 CET	9198	42502	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:25.025032997 CET	42502	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:25.026067019 CET	42504	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:25.029912949 CET	9198	42502	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:25.031173944 CET	9198	42504	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:25.031246901 CET	42504	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:25.031246901 CET	42504	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:25.036010981 CET	9198	42504	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:26.783649921 CET	9198	42504	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:26.783808947 CET	42504	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:26.784765959 CET	42506	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:26.788809061 CET	9198	42504	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:26.789642096 CET	9198	42506	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:26.789738894 CET	42506	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:26.789738894 CET	42506	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:26.794516087 CET	9198	42506	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:28.552253962 CET	9198	42506	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:28.552552938 CET	42506	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:28.553591013 CET	42508	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:28.557413101 CET	9198	42506	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:28.558487892 CET	9198	42508	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:28.558585882 CET	42508	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:28.558634043 CET	42508	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:28.563498020 CET	9198	42508	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:30.339977026 CET	9198	42508	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:30.340140104 CET	42508	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:30.341056108 CET	42510	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:30.345000982 CET	9198	42508	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:30.345885992 CET	9198	42510	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:30.345973969 CET	42510	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:30.345973969 CET	42510	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:30.350795031 CET	9198	42510	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:32.117508888 CET	9198	42510	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:32.117872000 CET	42510	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:32.118789911 CET	42512	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:32.123627901 CET	9198	42510	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:32.124597073 CET	9198	42512	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:32.124696016 CET	42512	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:32.124721050 CET	42512	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:32.131107092 CET	9198	42512	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:33.896297932 CET	9198	42512	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:33.896722078 CET	42512	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:33.897834063 CET	42514	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:33.901567936 CET	9198	42512	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:33.902731895 CET	9198	42514	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:33.902815104 CET	42514	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:33.902844906 CET	42514	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:33.907701015 CET	9198	42514	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:35.659754992 CET	9198	42514	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:35.659990072 CET	42514	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:35.661720037 CET	42516	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:35.664813042 CET	9198	42514	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:35.666589022 CET	9198	42516	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:35.666680098 CET	42516	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:35.666704893 CET	42516	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:35.671605110 CET	9198	42516	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:37.447395086 CET	9198	42516	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:37.447660923 CET	42516	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:37.447702885 CET	42516	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:37.449064016 CET	42518	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:37.452502012 CET	9198	42516	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:37.454591036 CET	9198	42518	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:37.454663992 CET	42518	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:37.454691887 CET	42518	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:37.459598064 CET	9198	42518	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:39.200021982 CET	9198	42518	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:39.200200081 CET	42518	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:39.201225996 CET	42520	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:39.205138922 CET	9198	42518	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:39.206094980 CET	9198	42520	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:39.206151962 CET	42520	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:39.206152916 CET	42520	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:39.211039066 CET	9198	42520	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:40.994594097 CET	9198	42520	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:40.995002031 CET	42520	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:40.996138096 CET	42522	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:40.999825954 CET	9198	42520	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:41.001527071 CET	9198	42522	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:41.001765013 CET	42522	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:41.001765013 CET	42522	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:41.006606102 CET	9198	42522	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:42.772481918 CET	9198	42522	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:42.772862911 CET	42522	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:42.774167061 CET	42524	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:42.777743101 CET	9198	42522	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:42.779077053 CET	9198	42524	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:42.779159069 CET	42524	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:42.779179096 CET	42524	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:42.784040928 CET	9198	42524	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:44.538604975 CET	9198	42524	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:44.538846016 CET	42524	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:44.539704084 CET	42526	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:44.543740988 CET	9198	42524	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:44.544579029 CET	9198	42526	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:44.544708014 CET	42526	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:44.544738054 CET	42526	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:44.549544096 CET	9198	42526	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:46.320270061 CET	9198	42526	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:46.320527077 CET	42526	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:46.321280003 CET	42528	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:46.325444937 CET	9198	42526	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:46.326154947 CET	9198	42528	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:46.326230049 CET	42528	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:46.326605082 CET	42528	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:46.331361055 CET	9198	42528	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:48.102318048 CET	9198	42528	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:48.102550983 CET	42528	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:48.103168964 CET	42530	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:48.107438087 CET	9198	42528	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:48.107956886 CET	9198	42530	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:48.108232021 CET	42530	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:48.108232021 CET	42530	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:48.113132000 CET	9198	42530	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:49.902148008 CET	9198	42530	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:49.902363062 CET	42530	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:49.903430939 CET	42532	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:49.907284021 CET	9198	42530	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:49.908412933 CET	9198	42532	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:49.908508062 CET	42532	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:49.908523083 CET	42532	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:49.913423061 CET	9198	42532	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:51.648246050 CET	9198	42532	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:51.648462057 CET	42532	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:51.648999929 CET	42534	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:51.653300047 CET	9198	42532	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:51.653776884 CET	9198	42534	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:51.653845072 CET	42534	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:51.653863907 CET	42534	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:51.658620119 CET	9198	42534	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:53.410789967 CET	9198	42534	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:53.411020041 CET	42534	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:53.411544085 CET	42536	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:53.415869951 CET	9198	42534	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:53.416416883 CET	9198	42536	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:53.416497946 CET	42536	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:53.416497946 CET	42536	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:53.421380043 CET	9198	42536	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:55.383054018 CET	9198	42536	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:55.383229017 CET	42536	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:55.384200096 CET	42538	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:55.387176991 CET	9198	42536	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:55.387247086 CET	42536	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:55.388288975 CET	9198	42536	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:55.389041901 CET	9198	42538	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:55.389137983 CET	42538	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:55.389170885 CET	42538	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:55.393966913 CET	9198	42538	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:57.121896982 CET	9198	42538	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:57.122169971 CET	42538	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:57.123214006 CET	42540	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:57.126923084 CET	9198	42538	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:57.128037930 CET	9198	42540	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:57.128103018 CET	42540	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:57.128139973 CET	42540	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:57.132872105 CET	9198	42540	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:58.876914024 CET	9198	42540	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:58.877115011 CET	42540	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:58.877587080 CET	42542	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:58.882050991 CET	9198	42540	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:58.882420063 CET	9198	42542	216.9.227.143	192.168.2.13
Jan 11, 2025 07:19:58.882520914 CET	42542	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:58.882586002 CET	42542	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:19:58.887517929 CET	9198	42542	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:00.647469044 CET	9198	42542	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:00.647641897 CET	42542	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:00.648472071 CET	42544	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:00.653134108 CET	9198	42542	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:00.654098988 CET	9198	42544	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:00.654166937 CET	42544	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:00.654166937 CET	42544	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:00.660100937 CET	9198	42544	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:02.390640974 CET	9198	42544	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:02.390831947 CET	42544	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:02.391438961 CET	42546	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:02.395656109 CET	9198	42544	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:02.396236897 CET	9198	42546	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:02.396348000 CET	42546	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:02.396348000 CET	42546	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:02.401087046 CET	9198	42546	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:04.179997921 CET	9198	42546	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:04.180346012 CET	42546	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:04.184614897 CET	42548	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:04.185163021 CET	9198	42546	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:04.189445019 CET	9198	42548	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:04.189533949 CET	42548	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:04.189577103 CET	42548	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:04.194356918 CET	9198	42548	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:05.961743116 CET	9198	42548	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:05.962032080 CET	42548	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:05.962981939 CET	42550	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:05.966787100 CET	9198	42548	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:05.967813015 CET	9198	42550	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:05.967880011 CET	42550	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:05.967920065 CET	42550	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:05.972698927 CET	9198	42550	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:07.923795938 CET	9198	42550	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:07.923955917 CET	42550	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:07.924508095 CET	42552	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:07.928822041 CET	9198	42550	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:07.929338932 CET	9198	42552	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:07.929445028 CET	42552	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:07.929445028 CET	42552	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:07.934277058 CET	9198	42552	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:09.655725002 CET	9198	42552	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:09.656008005 CET	42552	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:09.657107115 CET	42554	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:09.660851002 CET	9198	42552	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:09.662653923 CET	9198	42554	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:09.662770987 CET	42554	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:09.663224936 CET	42554	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:09.668062925 CET	9198	42554	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:11.412441969 CET	9198	42554	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:11.412607908 CET	42554	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:11.413077116 CET	42556	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:11.417392015 CET	9198	42554	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:11.417862892 CET	9198	42556	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:11.417923927 CET	42556	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:11.417937040 CET	42556	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:11.422760963 CET	9198	42556	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:13.197633028 CET	9198	42556	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:13.198075056 CET	42556	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:13.198790073 CET	42558	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:13.202908993 CET	9198	42556	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:13.203620911 CET	9198	42558	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:13.203788042 CET	42558	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:13.203788042 CET	42558	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:13.209206104 CET	9198	42558	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:14.971682072 CET	9198	42558	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:14.972249031 CET	42558	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:14.972904921 CET	42560	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:14.977112055 CET	9198	42558	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:14.977916956 CET	9198	42560	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:14.977999926 CET	42560	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:14.978024960 CET	42560	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:14.983596087 CET	9198	42560	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:16.703264952 CET	9198	42560	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:16.703416109 CET	42560	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:16.704031944 CET	42562	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:16.708316088 CET	9198	42560	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:16.708908081 CET	9198	42562	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:16.709038973 CET	42562	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:16.709055901 CET	42562	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:16.714085102 CET	9198	42562	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:18.477413893 CET	9198	42562	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:18.477601051 CET	42562	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:18.478184938 CET	42564	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:18.482434988 CET	9198	42562	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:18.483001947 CET	9198	42564	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:18.483064890 CET	42564	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:18.483084917 CET	42564	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:18.487898111 CET	9198	42564	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:20.256696939 CET	9198	42564	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:20.257072926 CET	42564	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:20.257891893 CET	42566	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:20.261902094 CET	9198	42564	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:20.262809992 CET	9198	42566	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:20.262897968 CET	42566	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:20.262933969 CET	42566	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:20.267688036 CET	9198	42566	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:22.041766882 CET	9198	42566	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:22.042053938 CET	42566	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:22.042797089 CET	42568	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:22.047513962 CET	9198	42566	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:22.048613071 CET	9198	42568	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:22.048722982 CET	42568	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:22.048722982 CET	42568	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:22.054790020 CET	9198	42568	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:23.821345091 CET	9198	42568	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:23.821619034 CET	42568	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:23.822472095 CET	42570	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:23.826463938 CET	9198	42568	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:23.827275038 CET	9198	42570	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:23.827370882 CET	42570	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:23.827390909 CET	42570	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:23.832257986 CET	9198	42570	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:25.602627993 CET	9198	42570	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:25.602773905 CET	42570	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:25.603380919 CET	42572	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:25.607630014 CET	9198	42570	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:25.608249903 CET	9198	42572	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:25.608350039 CET	42572	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:25.608350039 CET	42572	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:25.613161087 CET	9198	42572	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:27.386909008 CET	9198	42572	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:27.387188911 CET	42572	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:27.388164043 CET	42574	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:27.392019987 CET	9198	42572	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:27.393109083 CET	9198	42574	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:27.393229008 CET	42574	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:27.393229008 CET	42574	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:27.398041010 CET	9198	42574	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:29.125183105 CET	9198	42574	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:29.125936031 CET	42574	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:29.127201080 CET	42576	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:29.131275892 CET	9198	42574	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:29.132580996 CET	9198	42576	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:29.132638931 CET	42576	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:29.132673979 CET	42576	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:29.137698889 CET	9198	42576	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:30.901473999 CET	9198	42576	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:30.901716948 CET	42576	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:30.902340889 CET	42578	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:30.906630039 CET	9198	42576	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:30.907202005 CET	9198	42578	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:30.907310009 CET	42578	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:30.907345057 CET	42578	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:30.912136078 CET	9198	42578	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:32.664601088 CET	9198	42578	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:32.665035963 CET	42578	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:32.665803909 CET	42580	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:32.674442053 CET	9198	42578	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:32.674478054 CET	9198	42580	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:32.674909115 CET	42580	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:32.674909115 CET	42580	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:32.679784060 CET	9198	42580	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:34.447340965 CET	9198	42580	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:34.447618008 CET	42580	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:34.448242903 CET	42582	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:34.452496052 CET	9198	42580	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:34.453126907 CET	9198	42582	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:34.453186035 CET	42582	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:34.453269958 CET	42582	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:34.458058119 CET	9198	42582	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:36.224677086 CET	9198	42582	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:36.224971056 CET	42582	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:36.225716114 CET	42584	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:36.229773045 CET	9198	42582	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:36.230536938 CET	9198	42584	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:36.230581999 CET	42584	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:36.230604887 CET	42584	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:36.235568047 CET	9198	42584	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:38.009141922 CET	9198	42584	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:38.009402037 CET	42584	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:38.010396957 CET	42586	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:38.014225960 CET	9198	42584	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:38.015523911 CET	9198	42586	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:38.015614033 CET	42586	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:38.015669107 CET	42586	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:38.020659924 CET	9198	42586	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:39.808561087 CET	9198	42586	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:39.808891058 CET	42586	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:39.809554100 CET	42588	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:39.813803911 CET	9198	42586	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:39.814405918 CET	9198	42588	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:39.814502001 CET	42588	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:39.814537048 CET	42588	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:39.819267035 CET	9198	42588	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:41.569289923 CET	9198	42588	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:41.569506884 CET	42588	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:41.570082903 CET	42590	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:41.574295044 CET	9198	42588	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:41.575027943 CET	9198	42590	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:41.575191975 CET	42590	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:41.575191975 CET	42590	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:41.580034971 CET	9198	42590	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:43.351635933 CET	9198	42590	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:43.351814985 CET	42590	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:43.352484941 CET	42592	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:43.356632948 CET	9198	42590	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:43.357331991 CET	9198	42592	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:43.357431889 CET	42592	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:43.357496977 CET	42592	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:43.362222910 CET	9198	42592	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:45.102056026 CET	9198	42592	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:45.102277040 CET	42592	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:45.103008986 CET	42594	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:45.107057095 CET	9198	42592	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:45.107852936 CET	9198	42594	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:45.107945919 CET	42594	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:45.107975960 CET	42594	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:45.112737894 CET	9198	42594	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:46.895411968 CET	9198	42594	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:46.895736933 CET	42594	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:46.896492004 CET	42596	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:46.900696039 CET	9198	42594	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:46.901348114 CET	9198	42596	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:46.901453972 CET	42596	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:46.901539087 CET	42596	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:46.906352043 CET	9198	42596	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:48.639807940 CET	9198	42596	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:48.640183926 CET	42596	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:48.641091108 CET	42598	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:48.645073891 CET	9198	42596	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:48.645932913 CET	9198	42598	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:48.646018982 CET	42598	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:48.646028996 CET	42598	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:48.650845051 CET	9198	42598	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:50.396264076 CET	9198	42598	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:50.396682978 CET	42598	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:50.397213936 CET	42600	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:50.401557922 CET	9198	42598	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:50.402101994 CET	9198	42600	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:50.402180910 CET	42600	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:50.402180910 CET	42600	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:50.406948090 CET	9198	42600	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:52.141753912 CET	9198	42600	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:52.141995907 CET	42600	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:52.142510891 CET	42602	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:52.146837950 CET	9198	42600	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:52.147296906 CET	9198	42602	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:52.147358894 CET	42602	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:52.147360086 CET	42602	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:52.152198076 CET	9198	42602	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:53.928211927 CET	9198	42602	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:53.928349018 CET	42602	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:53.928889036 CET	42604	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:53.933145046 CET	9198	42602	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:53.933691978 CET	9198	42604	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:53.933773041 CET	42604	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:53.933773041 CET	42604	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:53.938611984 CET	9198	42604	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:55.654604912 CET	9198	42604	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:55.654941082 CET	42604	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:55.655563116 CET	42606	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:55.659812927 CET	9198	42604	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:55.660329103 CET	9198	42606	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:55.660382032 CET	42606	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:55.660394907 CET	42606	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:55.665277958 CET	9198	42606	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:57.448486090 CET	9198	42606	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:57.448729992 CET	42606	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:57.449656963 CET	42608	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:57.453572989 CET	9198	42606	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:57.454498053 CET	9198	42608	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:57.454576969 CET	42608	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:57.454611063 CET	42608	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:57.459392071 CET	9198	42608	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:59.209381104 CET	9198	42608	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:59.209609985 CET	42608	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:59.210196972 CET	42610	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:59.214456081 CET	9198	42608	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:59.214946985 CET	9198	42610	216.9.227.143	192.168.2.13
Jan 11, 2025 07:20:59.215029001 CET	42610	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:59.215046883 CET	42610	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:20:59.219916105 CET	9198	42610	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:00.974744081 CET	9198	42610	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:00.975001097 CET	42610	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:00.975583076 CET	42612	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:00.979849100 CET	9198	42610	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:00.980429888 CET	9198	42612	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:00.980504990 CET	42612	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:00.980532885 CET	42612	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:00.985290051 CET	9198	42612	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:02.720896006 CET	9198	42612	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:02.721085072 CET	42612	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:02.721548080 CET	42614	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:02.726005077 CET	9198	42612	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:02.726330996 CET	9198	42614	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:02.726418018 CET	42614	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:02.726432085 CET	42614	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:02.731353045 CET	9198	42614	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:04.511116028 CET	9198	42614	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:04.511482954 CET	42614	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:04.512264967 CET	42616	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:04.516521931 CET	9198	42614	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:04.517177105 CET	9198	42616	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:04.517262936 CET	42616	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:04.517324924 CET	42616	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:04.522169113 CET	9198	42616	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:06.252435923 CET	9198	42616	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:06.252707958 CET	42616	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:06.253458977 CET	42618	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:06.258215904 CET	9198	42616	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:06.258229971 CET	9198	42618	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:06.258342981 CET	42618	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:06.258342981 CET	42618	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:06.263210058 CET	9198	42618	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:08.022701979 CET	9198	42618	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:08.022913933 CET	42618	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:08.023499966 CET	42620	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:08.027807951 CET	9198	42618	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:08.028312922 CET	9198	42620	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:08.028417110 CET	42620	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:08.028430939 CET	42620	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:08.033185005 CET	9198	42620	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:09.747473955 CET	9198	42620	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:09.747806072 CET	42620	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:09.748368025 CET	42622	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:09.752636909 CET	9198	42620	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:09.753123045 CET	9198	42622	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:09.753205061 CET	42622	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:09.753237009 CET	42622	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:09.757996082 CET	9198	42622	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:11.505639076 CET	9198	42622	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:11.505925894 CET	42622	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:11.506532907 CET	42624	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:11.510791063 CET	9198	42622	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:11.511342049 CET	9198	42624	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:11.511447906 CET	42624	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:11.511459112 CET	42624	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:11.516237974 CET	9198	42624	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:13.251511097 CET	9198	42624	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:13.251763105 CET	42624	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:13.252270937 CET	42626	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:13.256561995 CET	9198	42624	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:13.257062912 CET	9198	42626	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:13.257128000 CET	42626	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:13.257147074 CET	42626	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:13.261948109 CET	9198	42626	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:14.983603954 CET	9198	42626	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:14.983814001 CET	42626	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:14.984438896 CET	42628	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:14.990370989 CET	9198	42626	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:14.990384102 CET	9198	42628	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:14.990468979 CET	42628	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:14.990468979 CET	42628	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:14.995572090 CET	9198	42628	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:16.739567995 CET	9198	42628	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:16.739981890 CET	42628	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:16.740670919 CET	42630	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:16.744853020 CET	9198	42628	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:16.745538950 CET	9198	42630	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:16.745625019 CET	42630	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:16.745660067 CET	42630	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:16.750427008 CET	9198	42630	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:18.523855925 CET	9198	42630	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:18.524236917 CET	42630	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:18.524887085 CET	42632	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:18.529330015 CET	9198	42630	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:18.530072927 CET	9198	42632	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:18.530133963 CET	42632	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:18.530177116 CET	42632	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:18.534936905 CET	9198	42632	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:20.290658951 CET	9198	42632	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:20.290832043 CET	42632	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:20.291383028 CET	42634	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:20.295669079 CET	9198	42632	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:20.296128988 CET	9198	42634	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:20.296227932 CET	42634	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:20.296227932 CET	42634	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:20.301064014 CET	9198	42634	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:22.031708956 CET	9198	42634	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:22.031976938 CET	42634	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:22.032618046 CET	42636	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:22.036829948 CET	9198	42634	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:22.037419081 CET	9198	42636	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:22.037506104 CET	42636	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:22.037533998 CET	42636	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:22.042316914 CET	9198	42636	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:52.042552948 CET	9198	42636	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:52.042728901 CET	42636	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:52.043559074 CET	42638	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:52.047704935 CET	9198	42636	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:52.048485041 CET	9198	42638	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:52.048580885 CET	42638	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:52.048582077 CET	42638	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:52.053582907 CET	9198	42638	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:53.779504061 CET	9198	42638	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:53.780189037 CET	42638	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:53.784719944 CET	42640	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:53.785027981 CET	9198	42638	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:53.789557934 CET	9198	42640	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:53.789789915 CET	42640	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:53.789813042 CET	42640	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:53.794528961 CET	9198	42640	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:55.517117977 CET	9198	42640	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:55.517412901 CET	42640	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:55.517925978 CET	42642	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:55.522305965 CET	9198	42640	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:55.522778034 CET	9198	42642	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:55.522850037 CET	42642	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:55.522872925 CET	42642	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:55.527683973 CET	9198	42642	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:57.305938005 CET	9198	42642	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:57.306355000 CET	42642	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:57.306874037 CET	42644	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:57.311250925 CET	9198	42642	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:57.311728954 CET	9198	42644	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:57.311798096 CET	42644	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:57.311798096 CET	42644	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:57.316687107 CET	9198	42644	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:59.070411921 CET	9198	42644	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:59.070647955 CET	42644	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:59.071193933 CET	42646	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:59.075535059 CET	9198	42644	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:59.075997114 CET	9198	42646	216.9.227.143	192.168.2.13
Jan 11, 2025 07:21:59.076046944 CET	42646	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:59.076064110 CET	42646	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:21:59.080825090 CET	9198	42646	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:00.815864086 CET	9198	42646	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:00.816319942 CET	42646	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:00.816817999 CET	42648	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:00.821230888 CET	9198	42646	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:00.821639061 CET	9198	42648	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:00.821680069 CET	42648	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:00.821700096 CET	42648	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:00.826472044 CET	9198	42648	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:02.621619940 CET	9198	42648	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:02.622010946 CET	42648	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:02.622572899 CET	42650	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:02.627032042 CET	9198	42648	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:02.627546072 CET	9198	42650	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:02.627624035 CET	42650	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:02.627624035 CET	42650	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:02.632558107 CET	9198	42650	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:04.381531000 CET	9198	42650	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:04.382093906 CET	42650	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:04.382719994 CET	42652	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:04.387083054 CET	9198	42650	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:04.387630939 CET	9198	42652	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:04.387716055 CET	42652	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:04.387747049 CET	42652	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:04.392636061 CET	9198	42652	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:06.131788969 CET	9198	42652	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:06.132231951 CET	42652	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:06.132945061 CET	42654	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:06.137089014 CET	9198	42652	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:06.137743950 CET	9198	42654	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:06.137852907 CET	42654	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:06.137852907 CET	42654	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:06.142688990 CET	9198	42654	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:07.860666990 CET	9198	42654	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:07.861269951 CET	42654	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:07.861999989 CET	42656	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:07.866051912 CET	9198	42654	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:07.866792917 CET	9198	42656	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:07.866864920 CET	42656	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:07.866904974 CET	42656	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:07.871697903 CET	9198	42656	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:09.748868942 CET	9198	42656	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:09.749311924 CET	42656	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:09.750137091 CET	42658	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:09.754216909 CET	9198	42656	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:09.754968882 CET	9198	42658	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:09.755331993 CET	42658	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:09.755331993 CET	42658	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:09.760215044 CET	9198	42658	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:11.501612902 CET	9198	42658	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:11.502015114 CET	42658	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:11.502791882 CET	42660	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:11.506949902 CET	9198	42658	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:11.507745981 CET	9198	42660	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:11.507837057 CET	42660	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:11.507894993 CET	42660	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:11.512681961 CET	9198	42660	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:13.232924938 CET	9198	42660	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:13.233108044 CET	42660	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:13.233746052 CET	42662	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:13.237907887 CET	9198	42660	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:13.238600016 CET	9198	42662	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:13.238652945 CET	42662	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:13.238666058 CET	42662	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:13.243479013 CET	9198	42662	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:14.968914986 CET	9198	42662	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:14.969225883 CET	42662	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:14.969880104 CET	42664	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:14.974524975 CET	9198	42662	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:14.975667000 CET	9198	42664	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:14.975759983 CET	42664	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:14.975795031 CET	42664	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:14.980987072 CET	9198	42664	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:16.760283947 CET	9198	42664	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:16.760572910 CET	42664	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:16.761328936 CET	42666	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:16.765479088 CET	9198	42664	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:16.766154051 CET	9198	42666	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:16.766254902 CET	42666	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:16.766278982 CET	42666	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:16.771162033 CET	9198	42666	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:18.504584074 CET	9198	42666	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:18.504813910 CET	42666	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:18.505574942 CET	42668	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:18.510122061 CET	9198	42666	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:18.511426926 CET	9198	42668	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:18.511502981 CET	42668	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:18.511559010 CET	42668	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:18.516397953 CET	9198	42668	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:20.293776035 CET	9198	42668	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:20.294014931 CET	42668	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:20.294768095 CET	42670	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:20.298787117 CET	9198	42668	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:20.299544096 CET	9198	42670	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:20.299624920 CET	42670	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:20.299659014 CET	42670	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:20.304373980 CET	9198	42670	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:22.056116104 CET	9198	42670	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:22.056334019 CET	42670	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:22.057014942 CET	42672	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:22.061237097 CET	9198	42670	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:22.061793089 CET	9198	42672	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:22.061837912 CET	42672	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:22.061851025 CET	42672	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:22.066637993 CET	9198	42672	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:23.780101061 CET	9198	42672	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:23.780677080 CET	42672	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:23.781721115 CET	42674	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:23.785566092 CET	9198	42672	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:23.786595106 CET	9198	42674	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:23.786685944 CET	42674	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:23.786720037 CET	42674	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:23.791487932 CET	9198	42674	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:25.517270088 CET	9198	42674	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:25.517725945 CET	42674	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:25.518316031 CET	42676	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:25.522562981 CET	9198	42674	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:25.523096085 CET	9198	42676	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:25.523149014 CET	42676	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:25.523185015 CET	42676	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:25.528022051 CET	9198	42676	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:27.311357021 CET	9198	42676	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:27.311753988 CET	42676	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:27.312479019 CET	42678	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:27.316673040 CET	9198	42676	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:27.317322969 CET	9198	42678	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:27.317403078 CET	42678	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:27.317456961 CET	42678	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:27.322268963 CET	9198	42678	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:29.071739912 CET	9198	42678	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:29.071929932 CET	42678	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:29.072710037 CET	42680	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:29.076864958 CET	9198	42678	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:29.077534914 CET	9198	42680	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:29.077615023 CET	42680	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:29.077636003 CET	42680	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:29.082433939 CET	9198	42680	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:30.834791899 CET	9198	42680	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:30.835015059 CET	42680	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:30.835726023 CET	42682	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:30.839982033 CET	9198	42680	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:30.840574026 CET	9198	42682	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:30.840648890 CET	42682	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:30.840660095 CET	42682	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:30.845454931 CET	9198	42682	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:32.620831013 CET	9198	42682	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:32.621089935 CET	42682	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:32.621748924 CET	42684	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:32.625936031 CET	9198	42682	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:32.626630068 CET	9198	42684	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:32.626698017 CET	42684	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:32.626713991 CET	42684	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:32.631557941 CET	9198	42684	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:34.382266045 CET	9198	42684	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:34.382646084 CET	42684	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:34.383349895 CET	42686	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:34.387501001 CET	9198	42684	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:34.388134003 CET	9198	42686	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:34.388235092 CET	42686	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:34.388247013 CET	42686	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:34.393065929 CET	9198	42686	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:36.169039965 CET	9198	42686	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:36.169529915 CET	42686	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:36.170373917 CET	42688	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:36.174686909 CET	9198	42686	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:36.175271988 CET	9198	42688	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:36.175340891 CET	42688	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:36.175457954 CET	42688	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:36.180455923 CET	9198	42688	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:37.931091070 CET	9198	42688	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:37.931401014 CET	42688	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:37.931981087 CET	42690	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:37.936299086 CET	9198	42688	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:37.936810017 CET	9198	42690	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:37.936887026 CET	42690	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:37.936887026 CET	42690	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:37.941726923 CET	9198	42690	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:39.714387894 CET	9198	42690	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:39.714673996 CET	42690	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:39.715322971 CET	42692	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:39.719667912 CET	9198	42690	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:39.720159054 CET	9198	42692	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:39.720252991 CET	42692	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:39.720297098 CET	42692	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:39.725178957 CET	9198	42692	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:41.454035997 CET	9198	42692	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:41.454292059 CET	42692	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:41.454933882 CET	42694	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:41.459220886 CET	9198	42692	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:41.459785938 CET	9198	42694	216.9.227.143	192.168.2.13
Jan 11, 2025 07:22:41.459858894 CET	42694	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:41.459872961 CET	42694	9198	192.168.2.13	216.9.227.143
Jan 11, 2025 07:22:41.464764118 CET	9198	42694	216.9.227.143	192.168.2.13

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 07:21:51.563940048 CET	52796	53	192.168.2.13	8.8.8.8
Jan 11, 2025 07:21:51.563998938 CET	45999	53	192.168.2.13	8.8.8.8
Jan 11, 2025 07:21:51.570640087 CET	53	52796	8.8.8.8	192.168.2.13
Jan 11, 2025 07:21:51.570667028 CET	53	45999	8.8.8.8	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 11, 2025 07:21:51.563940048 CET	192.168.2.13	8.8.8.8	0x8776	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 07:21:51.563998938 CET	192.168.2.13	8.8.8.8	0x72c	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 11, 2025 07:21:51.570640087 CET	8.8.8.8	192.168.2.13	0x8776	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false
Jan 11, 2025 07:21:51.570640087 CET	8.8.8.8	192.168.2.13	0x8776	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: X86_64.elf PID: 5435, Parent PID: 5358

General

Start time (UTC):	06:19:06
Start date (UTC):	11/01/2025
Path:	/tmp/X86_64.elf
Arguments:	/tmp/X86_64.elf
File size:	35840 bytes
MD5 hash:	1135868ad5966792fdcca09a699dce3f

Chronological Activities

Analysis Process: X86_64.elf PID: 5436, Parent PID: 5435

General

Start time (UTC):	06:19:06
Start date (UTC):	11/01/2025
Path:	/tmp/X86_64.elf
Arguments:	-
File size:	35840 bytes
MD5 hash:	1135868ad5966792fdcca09a699dce3f

Chronological Activities

Analysis Process: X86_64.elf PID: 5437, Parent PID: 5435

General

Start time (UTC):	06:19:06
Start date (UTC):	11/01/2025
Path:	/tmp/X86_64.elf
Arguments:	-
File size:	35840 bytes
MD5 hash:	1135868ad5966792fdcca09a699dce3f

Chronological Activities

Analysis Process: X86_64.elf PID: 5438, Parent PID: 5437

General

Start time (UTC):	06:19:06
Start date (UTC):	11/01/2025
Path:	/tmp/X86_64.elf
Arguments:	-
File size:	35840 bytes
MD5 hash:	1135868ad5966792fdcca09a699dce3f

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net .
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report X86_64.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: X86_64.elf PID: 5435, Parent PID: 5358

General

Chronological Activities

Analysis Process: X86_64.elf PID: 5436, Parent PID: 5435

General

Chronological Activities

Analysis Process: X86_64.elf PID: 5437, Parent PID: 5435

General

Chronological Activities

Analysis Process: X86_64.elf PID: 5438, Parent PID: 5437

General

Chronological Activities

Linux Analysis Report
X86_64.elf