Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
arm7.elf

Overview

General Information

Sample name:arm7.elf
Analysis ID:1576202
MD5:e860dce716df2059091f4338eece3115
SHA1:a683983a24720fdb5f89f59ddfe688da4c0329a4
SHA256:55041ad0affc5402dc6a159cd69ee06b116cb7783e1ce584e17b8ed2b31b88f6
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:56
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1576202
Start date and time:2024-12-16 16:28:08 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 0s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:arm7.elf
Detection:MAL
Classification:mal56.troj.linELF@0/0@2/0
  • VT rate limit hit for: arm7.elf
Command:/tmp/arm7.elf
PID:5426
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Infected
Standard Error:
  • system is lnxubuntu20
  • arm7.elf (PID: 5426, Parent: 5352, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm7.elf
    • arm7.elf New Fork (PID: 5428, Parent: 5426)
      • arm7.elf New Fork (PID: 5432, Parent: 5428)
        • arm7.elf New Fork (PID: 5434, Parent: 5432)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
arm7.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    SourceRuleDescriptionAuthorStrings
    5432.1.00007febb4017000.00007febb402e000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5426.1.00007febb4017000.00007febb402e000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5428.1.00007febb4017000.00007febb402e000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          No Suricata rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: arm7.elfReversingLabs: Detection: 44%
          Source: global trafficTCP traffic: 192.168.2.13:53650 -> 85.239.34.134:6666
          Source: /tmp/arm7.elf (PID: 5426)Socket: 0.0.0.0:1210Jump to behavior
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
          Source: arm7.elfString found in binary or memory: http://fast.no/support/crawler.asp)
          Source: arm7.elfString found in binary or memory: http://feedback.redkolibri.com/
          Source: arm7.elfString found in binary or memory: http://www.baidu.com/search/spider.htm)
          Source: arm7.elfString found in binary or memory: http://www.baidu.com/search/spider.html)
          Source: arm7.elfString found in binary or memory: http://www.billybobbot.com/crawler/)
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: classification engineClassification label: mal56.troj.linELF@0/0@2/0
          Source: /tmp/arm7.elf (PID: 5426)Queries kernel information via 'uname': Jump to behavior
          Source: arm7.elf, 5426.1.000055c040981000.000055c040ad0000.rw-.sdmp, arm7.elf, 5428.1.000055c040981000.000055c040aaf000.rw-.sdmp, arm7.elf, 5432.1.000055c040981000.000055c040aaf000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
          Source: arm7.elf, 5426.1.000055c040981000.000055c040ad0000.rw-.sdmp, arm7.elf, 5428.1.000055c040981000.000055c040aaf000.rw-.sdmp, arm7.elf, 5432.1.000055c040981000.000055c040aaf000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
          Source: arm7.elf, 5426.1.00007ffde761c000.00007ffde763d000.rw-.sdmp, arm7.elf, 5428.1.00007ffde761c000.00007ffde763d000.rw-.sdmp, arm7.elf, 5432.1.00007ffde761c000.00007ffde763d000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
          Source: arm7.elf, 5426.1.00007ffde761c000.00007ffde763d000.rw-.sdmp, arm7.elf, 5428.1.00007ffde761c000.00007ffde763d000.rw-.sdmp, arm7.elf, 5432.1.00007ffde761c000.00007ffde763d000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7.elf

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: arm7.elf, type: SAMPLE
          Source: Yara matchFile source: 5432.1.00007febb4017000.00007febb402e000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5426.1.00007febb4017000.00007febb402e000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5428.1.00007febb4017000.00007febb402e000.r-x.sdmp, type: MEMORY
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
          Source: Initial sampleUser agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
          Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
          Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60
          Source: Initial sampleUser agent string found: Mozilla/5.0 (iPad; U; CPU OS 5_1 like Mac OS X) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B367 Safari/531.21.10 UCBrowser/3.4.3.532
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Nintendo WiiU) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.4.2.12 NintendoBrowser/4.3.1.11264.US
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; cn) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
          Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
          Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.01
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: arm7.elf, type: SAMPLE
          Source: Yara matchFile source: 5432.1.00007febb4017000.00007febb402e000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5426.1.00007febb4017000.00007febb402e000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5428.1.00007febb4017000.00007febb402e000.r-x.sdmp, type: MEMORY
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
          Security Software Discovery
          Remote ServicesData from Local System1
          Data Obfuscation
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
          Non-Standard Port
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
          Non-Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
          Application Layer Protocol
          Traffic DuplicationData Destruction
          No configs have been found
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576202 Sample: arm7.elf Startdate: 16/12/2024 Architecture: LINUX Score: 56 17 85.239.34.134, 53650, 53652, 53654 RAINBOW-HKRainbownetworklimitedHK Russian Federation 2->17 19 daisy.ubuntu.com 2->19 21 Multi AV Scanner detection for submitted file 2->21 23 Yara detected Mirai 2->23 9 arm7.elf 2->9         started        signatures3 process4 process5 11 arm7.elf 9->11         started        process6 13 arm7.elf 11->13         started        process7 15 arm7.elf 13->15         started       
          SourceDetectionScannerLabelLink
          arm7.elf45%ReversingLabsLinux.Trojan.Mirai
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          NameIPActiveMaliciousAntivirus DetectionReputation
          daisy.ubuntu.com
          162.213.35.24
          truefalse
            high
            NameSourceMaliciousAntivirus DetectionReputation
            http://www.baidu.com/search/spider.html)arm7.elffalse
              high
              http://www.billybobbot.com/crawler/)arm7.elffalse
                high
                http://fast.no/support/crawler.asp)arm7.elffalse
                  high
                  http://feedback.redkolibri.com/arm7.elffalse
                    high
                    http://www.baidu.com/search/spider.htm)arm7.elffalse
                      high
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      85.239.34.134
                      unknownRussian Federation
                      134121RAINBOW-HKRainbownetworklimitedHKfalse
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      85.239.34.134mpsl.elfGet hashmaliciousMiraiBrowse
                        arm5.elfGet hashmaliciousMiraiBrowse
                          arm5.elfGet hashmaliciousMiraiBrowse
                            m68k.elfGet hashmaliciousUnknownBrowse
                              x86.elfGet hashmaliciousUnknownBrowse
                                arm.elfGet hashmaliciousUnknownBrowse
                                  mpsl.elfGet hashmaliciousUnknownBrowse
                                    spc.elfGet hashmaliciousUnknownBrowse
                                      m68k.elfGet hashmaliciousUnknownBrowse
                                        mips.elfGet hashmaliciousUnknownBrowse
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          daisy.ubuntu.comdebug.dbg.elfGet hashmaliciousMirai, OkiruBrowse
                                          • 162.213.35.25
                                          zmap.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                          • 162.213.35.25
                                          mipsel.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 162.213.35.25
                                          x86_64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 162.213.35.25
                                          powerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 162.213.35.25
                                          armv7l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 162.213.35.25
                                          8lSWx5kumf.elfGet hashmaliciousUnknownBrowse
                                          • 162.213.35.25
                                          UrVQpxwfbD.elfGet hashmaliciousUnknownBrowse
                                          • 162.213.35.24
                                          JvkHaM3iKq.elfGet hashmaliciousUnknownBrowse
                                          • 162.213.35.25
                                          tonGZTd9mB.elfGet hashmaliciousUnknownBrowse
                                          • 162.213.35.24
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          RAINBOW-HKRainbownetworklimitedHKmpsl.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          arm5.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          arm5.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          m68k.elfGet hashmaliciousUnknownBrowse
                                          • 85.239.34.134
                                          x86.elfGet hashmaliciousUnknownBrowse
                                          • 85.239.34.134
                                          arm.elfGet hashmaliciousUnknownBrowse
                                          • 85.239.34.134
                                          mpsl.elfGet hashmaliciousUnknownBrowse
                                          • 85.239.34.134
                                          spc.elfGet hashmaliciousUnknownBrowse
                                          • 85.239.34.134
                                          m68k.elfGet hashmaliciousUnknownBrowse
                                          • 85.239.34.134
                                          mips.elfGet hashmaliciousUnknownBrowse
                                          • 85.239.34.134
                                          No context
                                          No context
                                          No created / dropped files found
                                          File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
                                          Entropy (8bit):6.261855827876342
                                          TrID:
                                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                          File name:arm7.elf
                                          File size:94'196 bytes
                                          MD5:e860dce716df2059091f4338eece3115
                                          SHA1:a683983a24720fdb5f89f59ddfe688da4c0329a4
                                          SHA256:55041ad0affc5402dc6a159cd69ee06b116cb7783e1ce584e17b8ed2b31b88f6
                                          SHA512:20888dfe6d33605e55db474f3ba3068ff965f610eb20da76781e34b2642a68705628c1a36b77b18a075697d9e9cca69a77cfe1cb31f58a2ed8cc85023ca7b5b0
                                          SSDEEP:1536:dUn5Q049+qO78ryxh6vadA40HbUdgql/viydfkHN8TvY7pI5hEs:cA9BOp6vadA40HCndfkHKTviI5hE
                                          TLSH:FD933A5AF8809F01D9D5257BFA4E228933534B7CE3EF71129E249B2067C696B0F7B841
                                          File Content Preview:.ELF..............(.........4...tm......4. ...(........p.h.......... ... ............................j...j...............j..............Hu...............j..........................Q.td..................................-...L..................@-.,@...0....S

                                          ELF header

                                          Class:ELF32
                                          Data:2's complement, little endian
                                          Version:1 (current)
                                          Machine:ARM
                                          Version Number:0x1
                                          Type:EXEC (Executable file)
                                          OS/ABI:UNIX - System V
                                          ABI Version:0
                                          Entry Point Address:0x8194
                                          Flags:0x4000002
                                          ELF Header Size:52
                                          Program Header Offset:52
                                          Program Header Size:32
                                          Number of Program Headers:5
                                          Section Header Offset:93556
                                          Section Header Size:40
                                          Number of Section Headers:16
                                          Header String Table Index:15
                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                          NULL0x00x00x00x00x0000
                                          .initPROGBITS0x80d40xd40x100x00x6AX004
                                          .textPROGBITS0x80f00xf00x137f40x00x6AX0016
                                          .finiPROGBITS0x1b8e40x138e40x100x00x6AX004
                                          .rodataPROGBITS0x1b8f80x138f80x2fdc0x00x2A008
                                          .ARM.extabPROGBITS0x1e8d40x168d40x180x00x2A004
                                          .ARM.exidxARM_EXIDX0x1e8ec0x168ec0x1200x00x82AL204
                                          .eh_framePROGBITS0x1fa0c0x16a0c0x40x00x3WA004
                                          .tbssNOBITS0x1fa100x16a100x80x00x403WAT004
                                          .init_arrayINIT_ARRAY0x1fa100x16a100x40x00x3WA004
                                          .fini_arrayFINI_ARRAY0x1fa140x16a140x40x00x3WA004
                                          .jcrPROGBITS0x1fa180x16a180x40x00x3WA004
                                          .gotPROGBITS0x1fa1c0x16a1c0xb00x40x3WA004
                                          .dataPROGBITS0x1facc0x16acc0x2300x00x3WA004
                                          .bssNOBITS0x1fd000x16cfc0x72540x00x3WA008
                                          .shstrtabSTRTAB0x00x16cfc0x780x00x0001
                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                          EXIDX0x168ec0x1e8ec0x1e8ec0x1200x1204.52620x4R 0x4.ARM.exidx
                                          LOAD0x00x80000x80000x16a0c0x16a0c6.28210x5R E0x1000.init .text .fini .rodata .ARM.extab .ARM.exidx
                                          LOAD0x16a0c0x1fa0c0x1fa0c0x2f00x75484.02020x6RW 0x1000.eh_frame .tbss .init_array .fini_array .jcr .got .data .bss
                                          TLS0x16a100x1fa100x1fa100x00x80.00000x4R 0x4.tbss
                                          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 16, 2024 16:28:55.828509092 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:28:55.953377008 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:28:55.953432083 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:28:55.953831911 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:28:56.079979897 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:28:57.137116909 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:28:57.137412071 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:28:57.137438059 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:28:57.137859106 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:28:57.257687092 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:06.146193981 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:06.266088009 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:06.266395092 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:06.267002106 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:06.387041092 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:07.437994957 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:07.438155890 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:07.438493013 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:07.438606024 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:07.559578896 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:16.448920965 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:16.569307089 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:16.569597006 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:16.569699049 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:16.690412998 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:17.737303019 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:17.737349987 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:17.737524033 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:17.737787962 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:17.857956886 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:26.747864008 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:26.868966103 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:26.869098902 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:26.869220018 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:26.989188910 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:28.034918070 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:28.035034895 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:28.035058975 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:28.035190105 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:28.155710936 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:37.045263052 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:37.165180922 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:37.165312052 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:37.165342093 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:37.285633087 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:38.337567091 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:38.337891102 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:38.337891102 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:38.338013887 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:38.458378077 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:47.348437071 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:47.468369007 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:47.468652964 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:47.468727112 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:47.588567019 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:48.634442091 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:48.634504080 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:48.634753942 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:48.634783983 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:48.754704952 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:57.644560099 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:57.765086889 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:57.765254974 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:57.765336037 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:57.885298967 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:58.934812069 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:58.934837103 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:29:58.934978008 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:58.935034990 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:29:59.054936886 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:07.944767952 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:08.065315008 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:08.065649033 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:08.065756083 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:08.186990976 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:09.311672926 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:09.311827898 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:09.312015057 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:09.312108994 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:09.435813904 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:18.322937965 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:18.443200111 CET66665366685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:18.443356037 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:18.443562984 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:18.567075014 CET66665366685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:19.587955952 CET66665366685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:19.588015079 CET66665366685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:19.588231087 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:19.588231087 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:19.708615065 CET66665366685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:28.598617077 CET536686666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:28.718683004 CET66665366885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:28.718954086 CET536686666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:28.718954086 CET536686666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:28.839088917 CET66665366885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:29.934530973 CET66665366885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:29.934604883 CET66665366885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:29.934802055 CET536686666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:29.934802055 CET536686666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:30.054990053 CET66665366885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:38.942400932 CET536706666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:39.063553095 CET66665367085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:39.063981056 CET536706666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:39.063981056 CET536706666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:39.184075117 CET66665367085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:40.207797050 CET66665367085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:40.207853079 CET66665367085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:40.208297014 CET536706666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:40.208297014 CET536706666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:40.331391096 CET66665367085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:49.218295097 CET536726666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:49.339492083 CET66665367285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:49.339967966 CET536726666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:49.340017080 CET536726666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:49.460608006 CET66665367285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:50.485641003 CET66665367285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:50.485860109 CET66665367285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:50.485863924 CET536726666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:50.485933065 CET536726666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:50.608372927 CET66665367285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:59.495481014 CET536746666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:59.615991116 CET66665367485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:30:59.616276026 CET536746666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:59.616276979 CET536746666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:30:59.736284971 CET66665367485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:00.762705088 CET66665367485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:00.762736082 CET66665367485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:00.763029099 CET536746666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:00.763226032 CET536746666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:00.883311033 CET66665367485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:09.771910906 CET536766666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:09.892004967 CET66665367685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:09.892254114 CET536766666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:09.892337084 CET536766666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:10.012263060 CET66665367685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:11.063668966 CET66665367685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:11.063718081 CET66665367685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:11.063925982 CET536766666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:11.063976049 CET536766666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:11.183830976 CET66665367685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:20.071738005 CET536786666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:20.191560984 CET66665367885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:20.191690922 CET536786666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:20.191792965 CET536786666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:20.311777115 CET66665367885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:21.363027096 CET66665367885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:21.363363028 CET536786666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:21.363528967 CET66665367885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:21.363755941 CET536786666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:21.483804941 CET66665367885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:30.373620987 CET536806666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:30.493952036 CET66665368085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:30.494298935 CET536806666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:30.494472980 CET536806666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:30.616667986 CET66665368085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:31.662823915 CET66665368085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:31.662924051 CET66665368085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:31.662990093 CET536806666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:31.663121939 CET536806666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:31.783032894 CET66665368085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:40.672115088 CET536826666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:40.792035103 CET66665368285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:40.792143106 CET536826666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:40.792205095 CET536826666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:40.912193060 CET66665368285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:42.317092896 CET66665368285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:42.317116976 CET66665368285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:42.317332983 CET536826666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:42.317332983 CET536826666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:42.353223085 CET66665368285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:42.353426933 CET536826666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:42.437386990 CET66665368285.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:51.326673031 CET536846666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:51.446860075 CET66665368485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:51.447046041 CET536846666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:51.447093964 CET536846666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:51.567104101 CET66665368485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:52.592597008 CET66665368485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:52.592741013 CET66665368485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:31:52.592818975 CET536846666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:52.592899084 CET536846666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:31:52.712866068 CET66665368485.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:01.601181984 CET536866666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:01.721777916 CET66665368685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:01.722027063 CET536866666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:01.722202063 CET536866666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:01.842236042 CET66665368685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:02.867094994 CET66665368685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:02.867491961 CET536866666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:02.867703915 CET66665368685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:02.867945910 CET536866666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:02.987782955 CET66665368685.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:11.877851009 CET536886666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:11.998112917 CET66665368885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:11.998249054 CET536886666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:11.998306990 CET536886666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:12.118268013 CET66665368885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:13.163687944 CET66665368885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:13.163803101 CET66665368885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:13.163921118 CET536886666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:13.164011955 CET536886666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:13.284085035 CET66665368885.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:22.175734043 CET536906666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:22.295711994 CET66665369085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:22.295933008 CET536906666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:22.296024084 CET536906666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:22.416022062 CET66665369085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:23.472436905 CET66665369085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:23.472506046 CET66665369085.239.34.134192.168.2.13
                                          Dec 16, 2024 16:32:23.472614050 CET536906666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:23.472728014 CET536906666192.168.2.1385.239.34.134
                                          Dec 16, 2024 16:32:23.592782021 CET66665369085.239.34.134192.168.2.13
                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 16, 2024 16:31:40.323445082 CET5222053192.168.2.138.8.8.8
                                          Dec 16, 2024 16:31:40.323497057 CET5338753192.168.2.138.8.8.8
                                          Dec 16, 2024 16:31:40.446238995 CET53522208.8.8.8192.168.2.13
                                          Dec 16, 2024 16:31:40.446269989 CET53533878.8.8.8192.168.2.13
                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Dec 16, 2024 16:31:40.323445082 CET192.168.2.138.8.8.80x6ab2Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                          Dec 16, 2024 16:31:40.323497057 CET192.168.2.138.8.8.80x515fStandard query (0)daisy.ubuntu.com28IN (0x0001)false
                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Dec 16, 2024 16:31:40.446238995 CET8.8.8.8192.168.2.130x6ab2No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                          Dec 16, 2024 16:31:40.446238995 CET8.8.8.8192.168.2.130x6ab2No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                                          System Behavior

                                          Start time (UTC):15:28:55
                                          Start date (UTC):16/12/2024
                                          Path:/tmp/arm7.elf
                                          Arguments:/tmp/arm7.elf
                                          File size:4956856 bytes
                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                          Start time (UTC):15:28:55
                                          Start date (UTC):16/12/2024
                                          Path:/tmp/arm7.elf
                                          Arguments:-
                                          File size:4956856 bytes
                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                          Start time (UTC):15:28:55
                                          Start date (UTC):16/12/2024
                                          Path:/tmp/arm7.elf
                                          Arguments:-
                                          File size:4956856 bytes
                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                          Start time (UTC):15:28:55
                                          Start date (UTC):16/12/2024
                                          Path:/tmp/arm7.elf
                                          Arguments:-
                                          File size:4956856 bytes
                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1