Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
sh4.elf

Overview

General Information

Sample name:sh4.elf
Analysis ID:1576254
MD5:d71954b6eb39392c4c4a6f15c5454311
SHA1:e4e888e4c0347946283525773347280e0e0ebf3d
SHA256:0b3788848dcd2124648d12e647fa65b97bce0dc3d32f17c8fe81d02daeddf19b
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:56
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1576254
Start date and time:2024-12-16 17:26:57 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 53s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sh4.elf
Detection:MAL
Classification:mal56.troj.linELF@0/0@2/0
  • VT rate limit hit for: sh4.elf
Command:/tmp/sh4.elf
PID:5431
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Infected
Standard Error:
  • system is lnxubuntu20
  • sh4.elf (PID: 5431, Parent: 5352, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/sh4.elf
    • sh4.elf New Fork (PID: 5433, Parent: 5431)
      • sh4.elf New Fork (PID: 5436, Parent: 5433)
        • sh4.elf New Fork (PID: 5438, Parent: 5436)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
sh4.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    SourceRuleDescriptionAuthorStrings
    5431.1.00007fd840400000.00007fd840412000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5436.1.00007fd840400000.00007fd840412000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5433.1.00007fd840400000.00007fd840412000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          No Suricata rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: sh4.elfReversingLabs: Detection: 39%
          Source: global trafficTCP traffic: 192.168.2.13:53626 -> 85.239.34.134:6666
          Source: /tmp/sh4.elf (PID: 5431)Socket: 0.0.0.0:1210Jump to behavior
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
          Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
          Source: sh4.elfString found in binary or memory: http://fast.no/support/crawler.asp)
          Source: sh4.elfString found in binary or memory: http://feedback.redkolibri.com/
          Source: sh4.elfString found in binary or memory: http://www.baidu.com/search/spider.htm)
          Source: sh4.elfString found in binary or memory: http://www.baidu.com/search/spider.html)
          Source: sh4.elfString found in binary or memory: http://www.billybobbot.com/crawler/)
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: classification engineClassification label: mal56.troj.linELF@0/0@2/0
          Source: /tmp/sh4.elf (PID: 5431)Queries kernel information via 'uname': Jump to behavior
          Source: sh4.elf, 5431.1.00007ffcc1397000.00007ffcc13b8000.rw-.sdmp, sh4.elf, 5433.1.00007ffcc1397000.00007ffcc13b8000.rw-.sdmp, sh4.elf, 5436.1.00007ffcc1397000.00007ffcc13b8000.rw-.sdmpBinary or memory string: .Px86_64/usr/bin/qemu-sh4/tmp/sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sh4.elf
          Source: sh4.elf, 5431.1.00007ffcc1397000.00007ffcc13b8000.rw-.sdmp, sh4.elf, 5433.1.00007ffcc1397000.00007ffcc13b8000.rw-.sdmp, sh4.elf, 5436.1.00007ffcc1397000.00007ffcc13b8000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
          Source: sh4.elf, 5431.1.0000558d2c587000.0000558d2c5ea000.rw-.sdmp, sh4.elf, 5433.1.0000558d2c587000.0000558d2c5ea000.rw-.sdmp, sh4.elf, 5436.1.0000558d2c587000.0000558d2c5ea000.rw-.sdmpBinary or memory string: U5!/etc/qemu-binfmt/sh4
          Source: sh4.elf, 5431.1.0000558d2c587000.0000558d2c5ea000.rw-.sdmp, sh4.elf, 5433.1.0000558d2c587000.0000558d2c5ea000.rw-.sdmp, sh4.elf, 5436.1.0000558d2c587000.0000558d2c5ea000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: sh4.elf, type: SAMPLE
          Source: Yara matchFile source: 5431.1.00007fd840400000.00007fd840412000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5436.1.00007fd840400000.00007fd840412000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5433.1.00007fd840400000.00007fd840412000.r-x.sdmp, type: MEMORY
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
          Source: Initial sampleUser agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
          Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
          Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60
          Source: Initial sampleUser agent string found: Mozilla/5.0 (iPad; U; CPU OS 5_1 like Mac OS X) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B367 Safari/531.21.10 UCBrowser/3.4.3.532
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Nintendo WiiU) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.4.2.12 NintendoBrowser/4.3.1.11264.US
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; cn) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
          Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
          Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.01
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: sh4.elf, type: SAMPLE
          Source: Yara matchFile source: 5431.1.00007fd840400000.00007fd840412000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5436.1.00007fd840400000.00007fd840412000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5433.1.00007fd840400000.00007fd840412000.r-x.sdmp, type: MEMORY
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
          Security Software Discovery
          Remote ServicesData from Local System1
          Data Obfuscation
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
          Non-Standard Port
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
          Non-Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
          Application Layer Protocol
          Traffic DuplicationData Destruction
          No configs have been found
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576254 Sample: sh4.elf Startdate: 16/12/2024 Architecture: LINUX Score: 56 17 85.239.34.134, 53626, 53628, 53630 RAINBOW-HKRainbownetworklimitedHK Russian Federation 2->17 19 daisy.ubuntu.com 2->19 21 Multi AV Scanner detection for submitted file 2->21 23 Yara detected Mirai 2->23 9 sh4.elf 2->9         started        signatures3 process4 process5 11 sh4.elf 9->11         started        process6 13 sh4.elf 11->13         started        process7 15 sh4.elf 13->15         started       
          SourceDetectionScannerLabelLink
          sh4.elf39%ReversingLabsLinux.Trojan.Mirai
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          NameIPActiveMaliciousAntivirus DetectionReputation
          daisy.ubuntu.com
          162.213.35.24
          truefalse
            high
            NameSourceMaliciousAntivirus DetectionReputation
            http://www.baidu.com/search/spider.html)sh4.elffalse
              high
              http://www.billybobbot.com/crawler/)sh4.elffalse
                high
                http://fast.no/support/crawler.asp)sh4.elffalse
                  high
                  http://feedback.redkolibri.com/sh4.elffalse
                    high
                    http://www.baidu.com/search/spider.htm)sh4.elffalse
                      high
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      85.239.34.134
                      unknownRussian Federation
                      134121RAINBOW-HKRainbownetworklimitedHKfalse
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      85.239.34.134mips.elfGet hashmaliciousMiraiBrowse
                        spc.elfGet hashmaliciousMiraiBrowse
                          arm6.elfGet hashmaliciousMiraiBrowse
                            arm.elfGet hashmaliciousMiraiBrowse
                              m68k.elfGet hashmaliciousMiraiBrowse
                                arm7.elfGet hashmaliciousMiraiBrowse
                                  x86.elfGet hashmaliciousMiraiBrowse
                                    mpsl.elfGet hashmaliciousMiraiBrowse
                                      arm5.elfGet hashmaliciousMiraiBrowse
                                        arm5.elfGet hashmaliciousMiraiBrowse
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          daisy.ubuntu.comarm7.elfGet hashmaliciousMiraiBrowse
                                          • 162.213.35.24
                                          debug.dbg.elfGet hashmaliciousMirai, OkiruBrowse
                                          • 162.213.35.25
                                          zmap.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                          • 162.213.35.25
                                          mipsel.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 162.213.35.25
                                          x86_64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 162.213.35.25
                                          powerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 162.213.35.25
                                          armv7l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 162.213.35.25
                                          8lSWx5kumf.elfGet hashmaliciousUnknownBrowse
                                          • 162.213.35.25
                                          UrVQpxwfbD.elfGet hashmaliciousUnknownBrowse
                                          • 162.213.35.24
                                          JvkHaM3iKq.elfGet hashmaliciousUnknownBrowse
                                          • 162.213.35.25
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          RAINBOW-HKRainbownetworklimitedHKmips.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          spc.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          arm6.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          arm.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          m68k.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          arm7.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          x86.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          mpsl.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          arm5.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          arm5.elfGet hashmaliciousMiraiBrowse
                                          • 85.239.34.134
                                          No context
                                          No context
                                          No created / dropped files found
                                          File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
                                          Entropy (8bit):6.91980805403923
                                          TrID:
                                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                          File name:sh4.elf
                                          File size:75'108 bytes
                                          MD5:d71954b6eb39392c4c4a6f15c5454311
                                          SHA1:e4e888e4c0347946283525773347280e0e0ebf3d
                                          SHA256:0b3788848dcd2124648d12e647fa65b97bce0dc3d32f17c8fe81d02daeddf19b
                                          SHA512:5d329abdbda6de0f315482ac73dcbf4c21d79c5fb52f29391ce75dd0332293313a6ca9e7596ea1a1afeeb1468310893a32370d8c3e94c75815359c61c712cfcb
                                          SSDEEP:1536:q4tEzX9A132+Jh/72NcEljKsjGeoisu5hZ:oq1b/qNJrjQ05hZ
                                          TLSH:5F738D23C8250F53C106DAB5303AEF78135706B2818B2EF56566C7B88983E9EF559FE4
                                          File Content Preview:.ELF..............*.......@.4...4#......4. ...(...............@...@...................... ... A.. A.....,u..............| ..| A.| A.................Q.td............................././"O.n........#.*@........#.*@,....o&O.n...l.............................

                                          ELF header

                                          Class:ELF32
                                          Data:2's complement, little endian
                                          Version:1 (current)
                                          Machine:<unknown>
                                          Version Number:0x1
                                          Type:EXEC (Executable file)
                                          OS/ABI:UNIX - System V
                                          ABI Version:0
                                          Entry Point Address:0x4001c0
                                          Flags:0x9
                                          ELF Header Size:52
                                          Program Header Offset:52
                                          Program Header Size:32
                                          Number of Program Headers:4
                                          Section Header Offset:74548
                                          Section Header Size:40
                                          Number of Section Headers:14
                                          Header String Table Index:13
                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                          NULL0x00x00x00x00x0000
                                          .initPROGBITS0x4000b40xb40x300x00x6AX004
                                          .textPROGBITS0x4001000x1000xed400x00x6AX0032
                                          .finiPROGBITS0x40ee400xee400x240x00x6AX004
                                          .rodataPROGBITS0x40ee640xee640x2fa00x00x2A004
                                          .eh_framePROGBITS0x4120000x120000x7c0x00x3WA004
                                          .tbssNOBITS0x41207c0x1207c0x80x00x403WAT004
                                          .ctorsPROGBITS0x41207c0x1207c0x80x00x3WA004
                                          .dtorsPROGBITS0x4120840x120840x80x00x3WA004
                                          .jcrPROGBITS0x41208c0x1208c0x40x00x3WA004
                                          .dataPROGBITS0x4120900x120900x2380x00x3WA004
                                          .gotPROGBITS0x4122c80x122c80x140x40x3WA004
                                          .bssNOBITS0x4122dc0x122dc0x72500x00x3WA004
                                          .shstrtabSTRTAB0x00x122dc0x580x00x0001
                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                          LOAD0x00x4000000x4000000x11e040x11e046.98290x5R E0x1000.init .text .fini .rodata
                                          LOAD0x120000x4120000x4120000x2dc0x752c3.93940x6RW 0x1000.eh_frame .tbss .ctors .dtors .jcr .data .got .bss
                                          TLS0x1207c0x41207c0x41207c0x00x80.00000x4R 0x4.tbss
                                          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 16, 2024 17:27:38.676709890 CET536266666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:38.796760082 CET66665362685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:38.796847105 CET536266666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:38.797240973 CET536266666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:38.917340994 CET66665362685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:39.977541924 CET66665362685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:39.977570057 CET66665362685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:39.977732897 CET536266666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:39.978003979 CET536266666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:40.100131989 CET66665362685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:48.984563112 CET536286666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:49.104739904 CET66665362885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:49.105000973 CET536286666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:49.105480909 CET536286666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:49.225274086 CET66665362885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:50.265470028 CET66665362885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:50.265520096 CET66665362885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:50.265645981 CET536286666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:50.265786886 CET536286666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:50.385701895 CET66665362885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:59.273649931 CET536306666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:59.394762993 CET66665363085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:27:59.395071983 CET536306666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:59.395203114 CET536306666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:27:59.515080929 CET66665363085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:00.558686972 CET66665363085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:00.558738947 CET66665363085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:00.559050083 CET536306666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:00.559182882 CET536306666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:00.679347038 CET66665363085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:09.571690083 CET536326666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:09.692485094 CET66665363285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:09.692718029 CET536326666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:09.692934036 CET536326666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:09.814527035 CET66665363285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:10.877403975 CET66665363285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:10.877413988 CET66665363285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:10.877639055 CET536326666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:10.877639055 CET536326666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:10.998342991 CET66665363285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:19.887886047 CET536346666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:20.008563995 CET66665363485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:20.008862019 CET536346666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:20.008862019 CET536346666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:20.129280090 CET66665363485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:21.164803982 CET66665363485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:21.165029049 CET536346666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:21.165107012 CET66665363485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:21.165266991 CET536346666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:21.287823915 CET66665363485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:30.173716068 CET536366666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:30.293826103 CET66665363685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:30.294294119 CET536366666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:30.294294119 CET536366666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:30.414341927 CET66665363685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:31.463864088 CET66665363685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:31.464070082 CET536366666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:31.464338064 CET66665363685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:31.464485884 CET536366666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:31.585350990 CET66665363685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:40.478624105 CET536386666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:40.599463940 CET66665363885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:40.599823952 CET536386666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:40.599960089 CET536386666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:40.720040083 CET66665363885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:41.764014006 CET66665363885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:41.764112949 CET66665363885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:41.764300108 CET536386666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:41.764420986 CET536386666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:41.884562969 CET66665363885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:50.773190975 CET536406666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:50.896184921 CET66665364085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:50.896298885 CET536406666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:50.896353960 CET536406666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:51.017128944 CET66665364085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:52.064353943 CET66665364085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:52.064589977 CET536406666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:52.064727068 CET66665364085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:28:52.064831018 CET536406666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:28:52.184582949 CET66665364085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:01.072998047 CET536426666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:01.193919897 CET66665364285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:01.194039106 CET536426666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:01.194281101 CET536426666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:01.314822912 CET66665364285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:02.357635975 CET66665364285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:02.357650995 CET66665364285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:02.357894897 CET536426666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:02.357979059 CET536426666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:02.479284048 CET66665364285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:11.366900921 CET536446666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:11.488985062 CET66665364485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:11.489289045 CET536446666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:11.489413977 CET536446666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:11.610192060 CET66665364485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:12.660120010 CET66665364485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:12.660224915 CET66665364485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:12.660496950 CET536446666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:12.660648108 CET536446666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:12.780502081 CET66665364485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:21.669615030 CET536466666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:21.789612055 CET66665364685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:21.789794922 CET536466666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:21.789894104 CET536466666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:21.910523891 CET66665364685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:22.934592962 CET66665364685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:22.934617043 CET66665364685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:22.934732914 CET536466666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:22.934962988 CET536466666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:23.054704905 CET66665364685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:31.943209887 CET536486666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:32.063298941 CET66665364885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:32.063540936 CET536486666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:32.063618898 CET536486666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:32.184173107 CET66665364885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:33.237231016 CET66665364885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:33.237373114 CET66665364885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:33.237469912 CET536486666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:33.237607956 CET536486666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:33.358563900 CET66665364885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:42.248130083 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:42.368089914 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:42.368283987 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:42.368314028 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:42.488255978 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:43.537233114 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:43.537343025 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:43.537571907 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:43.537781954 CET536506666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:43.657566071 CET66665365085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:52.547468901 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:52.667373896 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:52.667649031 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:52.667736053 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:52.787705898 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:53.834511042 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:53.834624052 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:29:53.834847927 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:53.835055113 CET536526666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:29:53.955347061 CET66665365285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:02.844943047 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:02.965059042 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:02.965215921 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:02.965418100 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:03.087230921 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:04.134731054 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:04.134984016 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:04.135106087 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:04.135107040 CET536546666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:04.255764008 CET66665365485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:13.144256115 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:13.264058113 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:13.264369011 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:13.264410019 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:13.385976076 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:14.407336950 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:14.407520056 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:14.407639027 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:14.407747030 CET536566666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:14.529405117 CET66665365685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:23.422435999 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:23.542306900 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:23.542510033 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:23.542510033 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:23.662795067 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:24.689038992 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:24.689121008 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:24.689165115 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:24.689274073 CET536586666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:24.809098005 CET66665365885.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:33.699868917 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:33.820025921 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:33.820188999 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:33.820482969 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:33.940303087 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:34.984886885 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:34.984939098 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:34.985246897 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:34.985430002 CET536606666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:35.105314016 CET66665366085.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:43.993310928 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:44.113243103 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:44.113419056 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:44.113419056 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:44.236412048 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:45.266051054 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:45.266103983 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:45.266311884 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:45.266479969 CET536626666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:45.386266947 CET66665366285.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:54.275331020 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:54.395421982 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:54.395574093 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:54.395626068 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:54.515640974 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:55.564168930 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:55.564306021 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:30:55.564361095 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:55.564461946 CET536646666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:30:55.684806108 CET66665366485.239.34.134192.168.2.13
                                          Dec 16, 2024 17:31:04.576225996 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:31:04.696914911 CET66665366685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:31:04.697094917 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:31:04.697176933 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:31:04.816888094 CET66665366685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:31:05.864377975 CET66665366685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:31:05.864487886 CET66665366685.239.34.134192.168.2.13
                                          Dec 16, 2024 17:31:05.864600897 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:31:05.864852905 CET536666666192.168.2.1385.239.34.134
                                          Dec 16, 2024 17:31:05.986228943 CET66665366685.239.34.134192.168.2.13
                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 16, 2024 17:30:23.099570990 CET4629453192.168.2.131.1.1.1
                                          Dec 16, 2024 17:30:23.099637985 CET3719153192.168.2.131.1.1.1
                                          Dec 16, 2024 17:30:23.322721958 CET53371911.1.1.1192.168.2.13
                                          Dec 16, 2024 17:30:23.337096930 CET53462941.1.1.1192.168.2.13
                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Dec 16, 2024 17:30:23.099570990 CET192.168.2.131.1.1.10xfbadStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                          Dec 16, 2024 17:30:23.099637985 CET192.168.2.131.1.1.10xca20Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Dec 16, 2024 17:30:23.337096930 CET1.1.1.1192.168.2.130xfbadNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                          Dec 16, 2024 17:30:23.337096930 CET1.1.1.1192.168.2.130xfbadNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                                          System Behavior

                                          Start time (UTC):16:27:37
                                          Start date (UTC):16/12/2024
                                          Path:/tmp/sh4.elf
                                          Arguments:/tmp/sh4.elf
                                          File size:4139976 bytes
                                          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                                          Start time (UTC):16:27:38
                                          Start date (UTC):16/12/2024
                                          Path:/tmp/sh4.elf
                                          Arguments:-
                                          File size:4139976 bytes
                                          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                                          Start time (UTC):16:27:38
                                          Start date (UTC):16/12/2024
                                          Path:/tmp/sh4.elf
                                          Arguments:-
                                          File size:4139976 bytes
                                          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                                          Start time (UTC):16:27:38
                                          Start date (UTC):16/12/2024
                                          Path:/tmp/sh4.elf
                                          Arguments:-
                                          File size:4139976 bytes
                                          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9