Edit tour

Linux Analysis Report
boatnet.spc.elf

Overview

General Information

Sample name:boatnet.spc.elf
Analysis ID:1641139
MD5:cc8c238cf9c01e33e3cd011ad85306a3
SHA1:2652dec6b71db369921b3d64e175819c8a4655ee
SHA256:59da9b6192f06c760af8335b77bc10baa33b35ba10f076ac8d46abd381f3b22e
Tags:elfMiraiuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1641139
Start date and time:2025-03-18 03:31:56 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 56s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.spc.elf
Detection:MAL
Classification:mal76.spre.troj.linELF@0/0@2/0
Command:/tmp/boatnet.spc.elf
PID:5543
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:
  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5553, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5554, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5555, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5556, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
  • wrapper-2.0 (PID: 5557, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5558, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
boatnet.spc.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    boatnet.spc.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xc958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc96c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc9a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc9bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc9d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc9e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc9f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xca0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xca20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xca34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xca48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xca5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xca70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xca84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xca98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcaac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcac0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcad4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcae8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    boatnet.spc.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xceb8:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
    SourceRuleDescriptionAuthorStrings
    5546.1.00007f667c011000.00007f667c01f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5546.1.00007f667c011000.00007f667c01f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xc958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc96c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc9a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc9bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc9d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc9e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc9f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xca0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xca20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xca34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xca48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xca5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xca70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xca84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xca98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcaac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcac0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcad4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xcae8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5546.1.00007f667c011000.00007f667c01f000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xceb8:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5543.1.00007f667c011000.00007f667c01f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5543.1.00007f667c011000.00007f667c01f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xc958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc96c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc9a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc9bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc9d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc9e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc9f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xca0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xca20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xca34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xca48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xca5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xca70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xca84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xca98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xcaac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xcac0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xcad4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xcae8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        Click to see the 7 entries
        No Suricata rule has matched

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: boatnet.spc.elfAvira: detected
        Source: boatnet.spc.elfVirustotal: Detection: 67%Perma Link
        Source: boatnet.spc.elfReversingLabs: Detection: 63%
        Source: global trafficTCP traffic: 192.168.2.15:56828 -> 209.141.36.93:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: unknownTCP traffic detected without corresponding DNS query: 209.141.36.93
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Source: boatnet.spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: boatnet.spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5546.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5546.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5543.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5543.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.spc.elf PID: 5543, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.spc.elf PID: 5543, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.spc.elf PID: 5546, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.spc.elf PID: 5546, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3192, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3249, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3250, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3251, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3252, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3253, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3255, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3272, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3274, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3298, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5553, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5554, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5555, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5556, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5557, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5558, result: successfulJump to behavior
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3192, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3249, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3250, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3251, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3252, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3253, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3255, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3272, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3274, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 3298, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5553, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5554, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5555, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5556, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5557, result: successfulJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)SIGKILL sent: pid: 5558, result: successfulJump to behavior
        Source: boatnet.spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: boatnet.spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5546.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5546.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5543.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5543.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.spc.elf PID: 5543, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.spc.elf PID: 5543, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.spc.elf PID: 5546, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.spc.elf PID: 5546, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal76.spre.troj.linELF@0/0@2/0
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1185/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3241/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3483/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/5380/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1732/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1730/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1333/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1695/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3235/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3234/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/911/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/515/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/914/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1617/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1615/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/5553/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/5554/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3255/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3253/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1591/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3252/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3251/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3250/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1623/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1588/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3249/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/764/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3368/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1585/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3246/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3488/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/766/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/800/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/888/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3884/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/802/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1509/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/803/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/804/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3800/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/5549/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3801/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1867/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3407/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1484/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/490/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1514/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1634/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1479/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1875/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/654/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3379/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/655/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/656/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/777/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/931/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1595/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/657/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/5555/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/812/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/779/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/658/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/933/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/5556/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/5557/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/418/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/5558/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/419/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3419/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3310/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3275/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3274/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3273/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3394/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3272/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/782/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3303/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1762/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3027/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1486/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/789/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1806/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1660/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3440/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3715/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/793/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/794/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3316/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/674/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/796/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/675/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/676/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1498/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1497/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1496/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3157/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3278/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3399/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3798/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3799/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/1659/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3332/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3210/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5545)File opened: /proc/3298/cmdlineJump to behavior
        Source: /tmp/boatnet.spc.elf (PID: 5543)Queries kernel information via 'uname': Jump to behavior
        Source: boatnet.spc.elf, 5543.1.000055ce1d9b9000.000055ce1da3e000.rw-.sdmp, boatnet.spc.elf, 5546.1.000055ce1d9b9000.000055ce1da3e000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
        Source: boatnet.spc.elf, 5543.1.000055ce1d9b9000.000055ce1da3e000.rw-.sdmp, boatnet.spc.elf, 5546.1.000055ce1d9b9000.000055ce1da3e000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/sparc
        Source: boatnet.spc.elf, 5543.1.00007ffd095c2000.00007ffd095e3000.rw-.sdmp, boatnet.spc.elf, 5546.1.00007ffd095c2000.00007ffd095e3000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/boatnet.spc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/boatnet.spc.elf
        Source: boatnet.spc.elf, 5543.1.00007ffd095c2000.00007ffd095e3000.rw-.sdmp, boatnet.spc.elf, 5546.1.00007ffd095c2000.00007ffd095e3000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: boatnet.spc.elf, type: SAMPLE
        Source: Yara matchFile source: 5546.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5543.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.spc.elf PID: 5543, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.spc.elf PID: 5546, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: boatnet.spc.elf, type: SAMPLE
        Source: Yara matchFile source: 5546.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5543.1.00007f667c011000.00007f667c01f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.spc.elf PID: 5543, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.spc.elf PID: 5546, type: MEMORYSTR
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
        OS Credential Dumping
        11
        Security Software Discovery
        Remote ServicesData from Local System1
        Non-Standard Port
        Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        No configs have been found
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1641139 Sample: boatnet.spc.elf Startdate: 18/03/2025 Architecture: LINUX Score: 76 22 209.141.36.93, 3778, 56828, 56830 PONYNETUS United States 2->22 24 daisy.ubuntu.com 2->24 26 Malicious sample detected (through community Yara rule) 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Mirai 2->32 7 boatnet.spc.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 4 other processes 2->13 signatures3 process4 process5 15 boatnet.spc.elf 7->15         started        18 boatnet.spc.elf 7->18         started        20 boatnet.spc.elf 7->20         started        signatures6 34 Sample tries to kill multiple processes (SIGKILL) 15->34

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        boatnet.spc.elf67%VirustotalBrowse
        boatnet.spc.elf64%ReversingLabsLinux.Backdoor.Mirai
        boatnet.spc.elf100%AviraEXP/ELF.Gafgyt.D
        No Antivirus matches
        No Antivirus matches
        No Antivirus matches

        Download Network PCAP: filteredfull

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        162.213.35.24
        truefalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          209.141.36.93
          unknownUnited States
          53667PONYNETUSfalse
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          209.141.36.93boatnet.m68k.elfGet hashmaliciousMiraiBrowse
            boatnet.x86.elfGet hashmaliciousMiraiBrowse
              boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                boatnet.arm.elfGet hashmaliciousMiraiBrowse
                  boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                    boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                      boatnet.mips.elfGet hashmaliciousMiraiBrowse
                        boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          daisy.ubuntu.comboatnet.arm6.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.24
                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.25
                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.24
                          boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.24
                          boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.25
                          kworker.elfGet hashmaliciousUnknownBrowse
                          • 162.213.35.24
                          sync.arm6.elfGet hashmaliciousUnknownBrowse
                          • 162.213.35.25
                          sync.arm5.elfGet hashmaliciousUnknownBrowse
                          • 162.213.35.25
                          .i.elfGet hashmaliciousUnknownBrowse
                          • 162.213.35.25
                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          PONYNETUSboatnet.m68k.elfGet hashmaliciousMiraiBrowse
                          • 209.141.36.93
                          boatnet.x86.elfGet hashmaliciousMiraiBrowse
                          • 209.141.36.93
                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                          • 209.141.36.93
                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                          • 209.141.36.93
                          boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                          • 209.141.36.93
                          boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                          • 209.141.36.93
                          kworker.elfGet hashmaliciousUnknownBrowse
                          • 198.98.48.4
                          arm.elfGet hashmaliciousMiraiBrowse
                          • 107.189.4.201
                          mpsl.elfGet hashmaliciousMiraiBrowse
                          • 107.189.4.201
                          arm7.elfGet hashmaliciousMiraiBrowse
                          • 107.189.4.201
                          No context
                          No context
                          No created / dropped files found
                          File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
                          Entropy (8bit):6.066364502466801
                          TrID:
                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                          File name:boatnet.spc.elf
                          File size:58'376 bytes
                          MD5:cc8c238cf9c01e33e3cd011ad85306a3
                          SHA1:2652dec6b71db369921b3d64e175819c8a4655ee
                          SHA256:59da9b6192f06c760af8335b77bc10baa33b35ba10f076ac8d46abd381f3b22e
                          SHA512:fe2390277542fb47858e8ee97f615bcd9ee122c99754c6a28d26de377feeb9559409b5f9cdf3f823102be12e9274b6e8f7907b92a47fd720d5ca3b8e5a231e72
                          SSDEEP:768:RqowmZPu9wtnfbltWgC6BSJsBcfDSbFwuQKqgESnmC/xO+KpAw+:RqtmZPuutfbltZFBSJsBcfDSbFw+BE+
                          TLSH:A2431921B53A1F13D0E0A47D21FB4B59B1A15ADE26A4C64E7D720F4FFF11A80A943DB8
                          File Content Preview:.ELF...........................4...x.....4. ...(.......................................................8...P........dt.Q................................@..(....@.2.................#.....b8..`.....!..... ...@.....".........`......$ ... ...@...........`....

                          ELF header

                          Class:ELF32
                          Data:2's complement, big endian
                          Version:1 (current)
                          Machine:Sparc
                          Version Number:0x1
                          Type:EXEC (Executable file)
                          OS/ABI:UNIX - System V
                          ABI Version:0
                          Entry Point Address:0x101a4
                          Flags:0x0
                          ELF Header Size:52
                          Program Header Offset:52
                          Program Header Size:32
                          Number of Program Headers:3
                          Section Header Offset:57976
                          Section Header Size:40
                          Number of Section Headers:10
                          Header String Table Index:9
                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                          NULL0x00x00x00x00x0000
                          .initPROGBITS0x100940x940x1c0x00x6AX004
                          .textPROGBITS0x100b00xb00xc8880x00x6AX004
                          .finiPROGBITS0x1c9380xc9380x140x00x6AX004
                          .rodataPROGBITS0x1c9500xc9500x11b00x00x2A008
                          .ctorsPROGBITS0x2e0000xe0000x80x00x3WA004
                          .dtorsPROGBITS0x2e0080xe0080x80x00x3WA004
                          .dataPROGBITS0x2e0180xe0180x2200x00x3WA008
                          .bssNOBITS0x2e2380xe2380x3180x00x3WA004
                          .shstrtabSTRTAB0x00xe2380x3e0x00x0001
                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                          LOAD0x00x100000x100000xdb000xdb006.17290x5R E0x10000.init .text .fini .rodata
                          LOAD0xe0000x2e0000x2e0000x2380x5502.92290x6RW 0x10000.ctors .dtors .data .bss
                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                          Download Network PCAP: filteredfull

                          • Total Packets: 230
                          • 3778 undefined
                          • 53 (DNS)
                          TimestampSource PortDest PortSource IPDest IP
                          Mar 18, 2025 03:32:43.555623055 CET568283778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:43.560378075 CET377856828209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:43.560442924 CET568283778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:43.614281893 CET568283778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:43.618978977 CET377856828209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:43.619023085 CET568283778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:43.623631001 CET377856828209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:44.131371975 CET377856828209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:44.131438017 CET568283778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.131592035 CET568283778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.134517908 CET568303778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.140214920 CET377856830209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:44.140290022 CET568303778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.143826962 CET568303778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.148438931 CET377856830209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:44.148478031 CET568303778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.153134108 CET377856830209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:44.732853889 CET377856830209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:44.732958078 CET568303778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.732958078 CET568303778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.733464003 CET568323778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.738157034 CET377856832209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:44.738218069 CET568323778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.739483118 CET568323778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.744122982 CET377856832209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:44.744160891 CET568323778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:44.748800039 CET377856832209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:45.325630903 CET377856832209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:45.325695038 CET568323778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.325725079 CET568323778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.326277971 CET568343778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.330905914 CET377856834209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:45.330945969 CET568343778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.332281113 CET568343778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.336932898 CET377856834209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:45.336981058 CET568343778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.341669083 CET377856834209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:45.943465948 CET377856834209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:45.943536043 CET568343778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.943568945 CET568343778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.944519043 CET568363778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.949239969 CET377856836209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:45.949294090 CET568363778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.950931072 CET568363778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.955632925 CET377856836209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:45.955672979 CET568363778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:45.960357904 CET377856836209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:46.533413887 CET377856836209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:46.533612967 CET568363778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:46.533646107 CET568363778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:46.534338951 CET568383778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:46.539010048 CET377856838209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:46.539228916 CET568383778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:46.541475058 CET568383778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:46.546109915 CET377856838209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:46.546293020 CET568383778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:46.550934076 CET377856838209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:47.124382973 CET377856838209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:47.124491930 CET568383778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.124531984 CET568383778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.125571966 CET568403778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.130202055 CET377856840209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:47.130333900 CET568403778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.132356882 CET568403778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.137047052 CET377856840209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:47.137161970 CET568403778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.141824961 CET377856840209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:47.737972975 CET377856840209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:47.738049984 CET568403778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.738111973 CET568403778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.741123915 CET568423778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.745811939 CET377856842209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:47.745858908 CET568423778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.750710011 CET568423778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.755462885 CET377856842209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:47.755511045 CET568423778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:47.760093927 CET377856842209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:48.357453108 CET377856842209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:48.357520103 CET568423778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:48.357543945 CET568423778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:48.358441114 CET568443778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:48.363126040 CET377856844209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:48.363213062 CET568443778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:48.365109921 CET568443778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:48.369755030 CET377856844209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:48.369788885 CET568443778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:48.374497890 CET377856844209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:48.995821953 CET377856844209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:48.999520063 CET568443778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:48.999520063 CET568443778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.009349108 CET568463778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.014035940 CET377856846209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:49.014084101 CET568463778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.095437050 CET568463778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.100123882 CET377856846209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:49.103315115 CET568463778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.108000040 CET377856846209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:49.617786884 CET377856846209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:49.618024111 CET568463778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.618024111 CET568463778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.618460894 CET568483778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.623161077 CET377856848209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:49.623209953 CET568483778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.624006033 CET568483778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.628626108 CET377856848209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:49.628676891 CET568483778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:49.633285046 CET377856848209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:50.196177006 CET377856848209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:50.196330070 CET568483778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.196330070 CET568483778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.196814060 CET568503778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.201704979 CET377856850209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:50.201751947 CET568503778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.202399015 CET568503778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.207719088 CET377856850209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:50.207758904 CET568503778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.213140011 CET377856850209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:50.782144070 CET377856850209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:50.782286882 CET568503778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.782311916 CET568503778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.782692909 CET568523778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.787375927 CET377856852209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:50.787432909 CET568523778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.788067102 CET568523778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.792714119 CET377856852209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:50.792752981 CET568523778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:50.797465086 CET377856852209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:51.359239101 CET377856852209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:51.359358072 CET568523778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.359373093 CET568523778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.359826088 CET568543778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.364563942 CET377856854209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:51.364617109 CET568543778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.365271091 CET568543778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.369909048 CET377856854209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:51.369946003 CET568543778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.374605894 CET377856854209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:51.940460920 CET377856854209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:51.940650940 CET568543778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.940650940 CET568543778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.940987110 CET568563778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.945611954 CET377856856209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:51.945657969 CET568563778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.946270943 CET568563778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.950987101 CET377856856209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:51.951024055 CET568563778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:51.955671072 CET377856856209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:52.524796009 CET377856856209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:52.524914026 CET568563778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:52.524960041 CET568563778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:52.525388956 CET568583778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:52.530095100 CET377856858209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:52.530141115 CET568583778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:52.530800104 CET568583778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:52.535465956 CET377856858209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:52.535512924 CET568583778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:52.541085958 CET377856858209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:53.101243019 CET377856858209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:53.101452112 CET568583778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.101468086 CET568583778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.101983070 CET568603778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.106667042 CET377856860209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:53.106715918 CET568603778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.107430935 CET568603778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.112090111 CET377856860209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:53.112131119 CET568603778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.116806984 CET377856860209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:53.706501961 CET377856860209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:53.706590891 CET568603778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.706607103 CET568603778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.707017899 CET568623778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.711734056 CET377856862209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:53.711792946 CET568623778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.712435007 CET568623778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.717926025 CET377856862209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:53.717972040 CET568623778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:53.722709894 CET377856862209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:54.309144020 CET377856862209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:54.309359074 CET568623778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.309359074 CET568623778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.309772968 CET568643778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.314497948 CET377856864209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:54.314549923 CET568643778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.315188885 CET568643778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.319828987 CET377856864209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:54.319870949 CET568643778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.324505091 CET377856864209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:54.896752119 CET377856864209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:54.896910906 CET568643778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.896910906 CET568643778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.897284985 CET568663778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.901992083 CET377856866209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:54.902046919 CET568663778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.902698040 CET568663778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.907346964 CET377856866209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:54.907387018 CET568663778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:54.912043095 CET377856866209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:55.484050035 CET377856866209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:55.484139919 CET568663778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:55.484181881 CET568663778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:55.484616995 CET568683778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:55.489321947 CET377856868209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:55.489376068 CET568683778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:55.490020037 CET568683778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:55.494646072 CET377856868209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:55.494687080 CET568683778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:55.499351025 CET377856868209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:56.087203026 CET377856868209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:56.087331057 CET568683778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.087373018 CET568683778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.087846994 CET568703778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.092600107 CET377856870209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:56.092644930 CET568703778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.093314886 CET568703778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.097976923 CET377856870209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:56.098016024 CET568703778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.102703094 CET377856870209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:56.670840979 CET377856870209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:56.670949936 CET568703778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.670984030 CET568703778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.671399117 CET568723778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.676110983 CET377856872209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:56.676161051 CET568723778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.676785946 CET568723778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.681461096 CET377856872209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:56.681500912 CET568723778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:56.686150074 CET377856872209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:57.259372950 CET377856872209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:57.259469986 CET568723778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.259489059 CET568723778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.259946108 CET568743778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.264659882 CET377856874209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:57.264710903 CET568743778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.265405893 CET568743778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.270100117 CET377856874209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:57.270143032 CET568743778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.274754047 CET377856874209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:57.854734898 CET377856874209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:57.854825020 CET568743778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.854881048 CET568743778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.855377913 CET568763778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.860008955 CET377856876209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:57.860059023 CET568763778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.860805988 CET568763778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.865545988 CET377856876209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:57.865593910 CET568763778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:57.870260954 CET377856876209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:58.471549988 CET377856876209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:58.471681118 CET568763778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:58.471719980 CET568763778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:58.472256899 CET568783778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:58.477081060 CET377856878209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:58.477128983 CET568783778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:58.477777958 CET568783778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:58.482892990 CET377856878209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:58.482939005 CET568783778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:58.488050938 CET377856878209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:59.052206039 CET377856878209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:59.052364111 CET568783778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.052402973 CET568783778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.052947998 CET568803778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.057609081 CET377856880209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:59.057663918 CET568803778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.058798075 CET568803778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.063414097 CET377856880209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:59.063458920 CET568803778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.068070889 CET377856880209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:59.626914024 CET377856880209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:59.627007008 CET568803778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.627043962 CET568803778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.627552986 CET568823778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.632225990 CET377856882209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:59.632276058 CET568823778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.633094072 CET568823778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.637768984 CET377856882209.141.36.93192.168.2.15
                          Mar 18, 2025 03:32:59.637804985 CET568823778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:32:59.642507076 CET377856882209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:00.200776100 CET377856882209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:00.200877905 CET568823778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.200915098 CET568823778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.201394081 CET568843778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.206101894 CET377856884209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:00.206150055 CET568843778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.206814051 CET568843778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.211492062 CET377856884209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:00.211544991 CET568843778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.216219902 CET377856884209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:00.777043104 CET377856884209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:00.777159929 CET568843778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.777242899 CET568843778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.777746916 CET568863778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.782474041 CET377856886209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:00.782531977 CET568863778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.783176899 CET568863778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.787846088 CET377856886209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:00.787893057 CET568863778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:00.792530060 CET377856886209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:01.355825901 CET377856886209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:01.355983019 CET568863778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.356010914 CET568863778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.356528997 CET568883778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.361231089 CET377856888209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:01.361274958 CET568883778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.361937046 CET568883778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.367105007 CET377856888209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:01.367140055 CET568883778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.371954918 CET377856888209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:01.963973999 CET377856888209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:01.964126110 CET568883778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.964168072 CET568883778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.964770079 CET568903778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.970055103 CET377856890209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:01.970122099 CET568903778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.970798969 CET568903778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.976231098 CET377856890209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:01.976277113 CET568903778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:01.981875896 CET377856890209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:02.538739920 CET377856890209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:02.538887024 CET568903778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:02.538887978 CET568903778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:02.539324999 CET568923778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:02.544083118 CET377856892209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:02.544137955 CET568923778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:02.544786930 CET568923778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:02.549443007 CET377856892209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:02.549501896 CET568923778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:02.554233074 CET377856892209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:03.134040117 CET377856892209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:03.134215117 CET568923778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.134215117 CET568923778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.134799957 CET568943778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.139560938 CET377856894209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:03.139621973 CET568943778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.140314102 CET568943778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.144934893 CET377856894209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:03.145134926 CET568943778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.149816036 CET377856894209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:03.712786913 CET377856894209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:03.712996006 CET568943778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.712996006 CET568943778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.713576078 CET568963778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.718255043 CET377856896209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:03.718312979 CET568963778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.719002008 CET568963778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.723660946 CET377856896209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:03.723714113 CET568963778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:03.728473902 CET377856896209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:04.349551916 CET377856896209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:04.349765062 CET568963778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.349766016 CET568963778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.350471973 CET568983778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.355201006 CET377856898209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:04.355269909 CET568983778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.356257915 CET568983778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.360924006 CET377856898209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:04.360970974 CET568983778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.365729094 CET377856898209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:04.936389923 CET377856898209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:04.936516047 CET568983778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.936603069 CET568983778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.937215090 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.941895962 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:04.941946030 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.942517042 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.947948933 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:04.947989941 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:04.954108000 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:14.950828075 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:33:14.955514908 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:15.146090031 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:33:15.146167994 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:34:15.183937073 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:34:15.188976049 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:34:15.471002102 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:34:15.471071959 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:35:15.529992104 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:35:15.534704924 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:35:15.692764044 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:35:15.692845106 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:36:15.736702919 CET569003778192.168.2.15209.141.36.93
                          Mar 18, 2025 03:36:15.741440058 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:36:15.900680065 CET377856900209.141.36.93192.168.2.15
                          Mar 18, 2025 03:36:15.900835991 CET569003778192.168.2.15209.141.36.93
                          TimestampSource PortDest PortSource IPDest IP
                          Mar 18, 2025 03:35:29.681252003 CET3561453192.168.2.158.8.8.8
                          Mar 18, 2025 03:35:29.681309938 CET5369953192.168.2.158.8.8.8
                          Mar 18, 2025 03:35:29.687357903 CET53536998.8.8.8192.168.2.15
                          Mar 18, 2025 03:35:29.687560081 CET53356148.8.8.8192.168.2.15
                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Mar 18, 2025 03:35:29.681252003 CET192.168.2.158.8.8.80x704dStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                          Mar 18, 2025 03:35:29.681309938 CET192.168.2.158.8.8.80x3f4fStandard query (0)daisy.ubuntu.com28IN (0x0001)false
                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Mar 18, 2025 03:35:29.687560081 CET8.8.8.8192.168.2.150x704dNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                          Mar 18, 2025 03:35:29.687560081 CET8.8.8.8192.168.2.150x704dNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                          System Behavior

                          Start time (UTC):02:32:42
                          Start date (UTC):18/03/2025
                          Path:/tmp/boatnet.spc.elf
                          Arguments:/tmp/boatnet.spc.elf
                          File size:4379400 bytes
                          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                          Start time (UTC):02:32:42
                          Start date (UTC):18/03/2025
                          Path:/tmp/boatnet.spc.elf
                          Arguments:-
                          File size:4379400 bytes
                          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                          Start time (UTC):02:32:42
                          Start date (UTC):18/03/2025
                          Path:/tmp/boatnet.spc.elf
                          Arguments:-
                          File size:4379400 bytes
                          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                          Start time (UTC):02:32:42
                          Start date (UTC):18/03/2025
                          Path:/tmp/boatnet.spc.elf
                          Arguments:-
                          File size:4379400 bytes
                          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Start time (UTC):02:32:43
                          Start date (UTC):18/03/2025
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76