Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
wind.m68k.elf

Overview

General Information

Sample name:wind.m68k.elf
Analysis ID:1586979
MD5:ff13644127fe6c566ef31ac2d9644a0f
SHA1:fb6cc4d4df031034b37517f380d8779f666832f8
SHA256:6e13983e6373c409b04053c166bde638a0343b13a72ec55807d57fcd489159b7
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1586979
Start date and time:2025-01-09 20:22:19 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 57s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:wind.m68k.elf
Detection:MAL
Classification:mal84.spre.troj.linELF@0/0@2/0

Warnings

  • VT rate limit hit for: wind.m68k.elf

Runtime Messages

Command:/tmp/wind.m68k.elf
PID:5526
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5542, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5545, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5546, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5549, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5568, Parent: 5549, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5550, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5551, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5567, Parent: 5566, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5577, Parent: 3044)
  • xfce4-notifyd (PID: 5577, Parent: 3044, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
wind.m68k.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    wind.m68k.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xe60f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe623:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe637:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe64b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe65f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe673:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe687:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe69b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe713:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe727:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe73b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe74f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe763:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe777:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe78b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe79f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    wind.m68k.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xeb60:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5526.1.00007fda78001000.00007fda78011000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5526.1.00007fda78001000.00007fda78011000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xe60f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe623:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe637:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe64b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe65f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe673:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe687:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe69b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe713:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe727:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe73b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe74f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe763:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe777:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe78b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe79f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5526.1.00007fda78001000.00007fda78011000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xeb60:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5529.1.00007fda78001000.00007fda78011000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5529.1.00007fda78001000.00007fda78011000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xe60f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe623:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe637:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe64b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe65f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe673:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe687:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe69b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe713:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe727:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe73b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe74f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe763:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe777:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe78b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe79f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        Click to see the 9 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: wind.m68k.elfAvira: detected
        Multi AV Scanner detection for submitted file
        Source: wind.m68k.elfReversingLabs: Detection: 65%
        Source: global trafficTCP traffic: 192.168.2.15:53486 -> 154.216.19.169:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.19.169
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: wind.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: wind.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5526.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5526.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5529.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5529.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: wind.m68k.elf PID: 5526, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: wind.m68k.elf PID: 5526, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: wind.m68k.elf PID: 5529, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: wind.m68k.elf PID: 5529, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Sample tries to kill multiple processes (SIGKILL)
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3192, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3249, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3250, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3251, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3252, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3253, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3255, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3272, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3274, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3298, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5542, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5545, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5546, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5549, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5550, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5551, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5567, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5577, result: successfulJump to behavior
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3192, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3249, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3250, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3251, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3252, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3253, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3255, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3272, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3274, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 3298, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5542, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5545, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5546, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5549, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5550, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5551, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5567, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)SIGKILL sent: pid: 5577, result: successfulJump to behavior
        Source: wind.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: wind.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5526.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5526.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5529.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5529.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: wind.m68k.elf PID: 5526, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: wind.m68k.elf PID: 5526, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: wind.m68k.elf PID: 5529, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: wind.m68k.elf PID: 5529, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal84.spre.troj.linELF@0/0@2/0
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5542)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5546)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5567)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5567)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5567)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5567)Directory: /home/saturnino/.configJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5542/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1185/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3241/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3483/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1732/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1730/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1333/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1695/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3235/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3234/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/911/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/515/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/914/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1617/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1615/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5550/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5551/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3255/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3253/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1591/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3252/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3251/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3250/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3803/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1623/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1588/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3249/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/764/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3368/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1585/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3246/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3488/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/766/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/800/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/888/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5545/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5666/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/802/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1509/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5546/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/803/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/804/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3800/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5549/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3801/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1867/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3407/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3802/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1484/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/490/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1514/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1634/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1479/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1875/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/654/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3379/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/655/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/656/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/777/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/931/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1595/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/657/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/812/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/779/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/658/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/933/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/418/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/419/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3419/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3310/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3275/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3274/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3273/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3394/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3272/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/782/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3303/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1762/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3027/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1486/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/789/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5567/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1806/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5580/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5581/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5582/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5583/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5584/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5585/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5586/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/5587/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1660/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3440/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/793/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/794/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3316/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/674/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/796/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/675/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/676/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1498/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1497/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/1496/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5528)File opened: /proc/3157/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5526)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5542)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5546)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5577)Queries kernel information via 'uname': Jump to behavior
        Source: wind.m68k.elf, 5526.1.00007ffebf4da000.00007ffebf4fb000.rw-.sdmp, wind.m68k.elf, 5529.1.00007ffebf4da000.00007ffebf4fb000.rw-.sdmpBinary or memory string: L+M%HVx86_64/usr/bin/qemu-m68k/tmp/wind.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/wind.m68k.elf
        Source: wind.m68k.elf, 5526.1.00007ffebf4da000.00007ffebf4fb000.rw-.sdmp, wind.m68k.elf, 5529.1.00007ffebf4da000.00007ffebf4fb000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
        Source: wind.m68k.elf, 5526.1.0000563be68a0000.0000563be6925000.rw-.sdmp, wind.m68k.elf, 5529.1.0000563be68a0000.0000563be6925000.rw-.sdmpBinary or memory string: ;V!/etc/qemu-binfmt/m68k
        Source: wind.m68k.elf, 5526.1.0000563be68a0000.0000563be6925000.rw-.sdmp, wind.m68k.elf, 5529.1.0000563be68a0000.0000563be6925000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: Process Memory Space: wind.m68k.elf PID: 5526, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: wind.m68k.elf PID: 5529, type: MEMORYSTR
        Source: Yara matchFile source: wind.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5526.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5529.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: Process Memory Space: wind.m68k.elf PID: 5526, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: wind.m68k.elf PID: 5529, type: MEMORYSTR
        Source: Yara matchFile source: wind.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5526.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5529.1.00007fda78001000.00007fda78011000.r-x.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
        Hidden Files and Directories        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586979 Sample: wind.m68k.elf Startdate: 09/01/2025 Architecture: LINUX Score: 84 24 154.216.19.169, 3778, 53486, 53488 SKHT-ASShenzhenKatherineHengTechnologyInformationCo Seychelles 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 7 wind.m68k.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 wind.m68k.elf 7->15         started        18 wind.m68k.elf 7->18         started        20 wind.m68k.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        wind.m68k.elf66%ReversingLabsLinux.Trojan.Mirai
        wind.m68k.elf100%AviraEXP/ELF.Gafgyt.Z.F

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.25
        		truefalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          154.216.19.169
          		unknownSeychelles
          		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCofalse

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          daisy.ubuntu.comwind.arm7.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.24
          Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25
          Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.24
          Fantazy.mips.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25
          .i.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25
          Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.25
          2.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25
          Fantazy.i486.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25
          Fantazy.x86_64.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.24
          Fantazy.arm5.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          SKHT-ASShenzhenKatherineHengTechnologyInformationConew.batGet hashmaliciousUnknownBrowse
          • 154.216.17.175
          army7.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 154.216.20.70
          gigganiggax86.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 154.216.20.70
          army4.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 154.216.20.70
          army6.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 154.216.20.70
          mippytippy.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 154.216.20.70
          mippywippy.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 154.216.20.70
          army5.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 154.216.20.70
          gompsl.elfGet hashmaliciousMiraiBrowse
          • 156.254.70.172
          garm.elfGet hashmaliciousMiraiBrowse
          • 156.241.11.50

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
          Entropy (8bit):6.360532849433493
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:wind.m68k.elf
          File size:65'072 bytes
          MD5:ff13644127fe6c566ef31ac2d9644a0f
          SHA1:fb6cc4d4df031034b37517f380d8779f666832f8
          SHA256:6e13983e6373c409b04053c166bde638a0343b13a72ec55807d57fcd489159b7
          SHA512:b2485cebb85e710bb8811391b4ebb610de1943a464d8f64b794cdc262eeeeca60234f62ed80a405ae816a563ec79ab4e25877b1b0a7652e9f47dbd5df10cc11d
          SSDEEP:1536:TO76X79qRw/eeTh2yw8E6Mw0n8XDZKRlr:SzG/eeTh1xMoD0RN
          TLSH:80531BE9B8025E3CF91B9ABA44164E0ABD6177C152830F27677BFDD37C720A59D02C85
          File Content Preview:.ELF.......................D...4.........4. ...(.......................2...2...... ........8...8...8...(.......... .dt.Q............................NV..a....da.....N^NuNV..J9...`f>"y...P QJ.g.X.#....PN."y...P QJ.f.A.....J.g.Hy...4N.X........`N^NuNV..N^NuN

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, big endian
          Version:1 (current)
          Machine:MC68000
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x80000144
          Flags:0x0
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:64672
          Section Header Size:40
          Number of Section Headers:10
          Header String Table Index:9

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x800000940x940x140x00x6AX002
          .textPROGBITS0x800000a80xa80xe5020x00x6AX004
          .finiPROGBITS0x8000e5aa0xe5aa0xe0x00x6AX002
          .rodataPROGBITS0x8000e5b80xe5b80x147a0x00x2A002
          .ctorsPROGBITS0x80011a380xfa380x80x00x3WA004
          .dtorsPROGBITS0x80011a400xfa400x80x00x3WA004
          .dataPROGBITS0x80011a4c0xfa4c0x2140x00x3WA004
          .bssNOBITS0x80011c600xfc600x2e80x00x3WA004
          .shstrtabSTRTAB0x00xfc600x3e0x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x800000000x800000000xfa320xfa326.39130x5R E0x2000.init .text .fini .rodata
          LOAD0xfa380x80011a380x80011a380x2280x5103.07770x6RW 0x2000.ctors .dtors .data .bss
          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jan 9, 2025 20:23:04.627947092 CET534863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:04.633002996 CET377853486154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:04.633097887 CET534863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:04.665975094 CET534863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:04.670861959 CET377853486154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:04.670913935 CET534863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:04.675820112 CET377853486154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:05.292498112 CET377853486154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:05.292747021 CET534863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.292915106 CET534863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.294159889 CET534883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.299005032 CET377853488154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:05.299109936 CET534883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.300005913 CET534883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.304826021 CET377853488154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:05.304887056 CET534883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.309695959 CET377853488154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:05.985256910 CET377853488154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:05.985377073 CET534883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.985420942 CET534883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.985982895 CET534903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.990803003 CET377853490154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:05.990873098 CET534903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.991797924 CET534903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:05.996617079 CET377853490154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:05.996673107 CET534903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:06.002162933 CET377853490154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:06.647341013 CET377853490154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:06.647588015 CET534903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:06.647588015 CET534903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:06.651910067 CET534923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:06.656661034 CET377853492154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:06.656815052 CET534923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:06.669250011 CET534923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:06.674107075 CET377853492154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:06.674165010 CET534923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:06.679065943 CET377853492154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:07.333188057 CET377853492154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:07.333363056 CET534923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:07.333385944 CET534923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:07.333909035 CET534943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:07.338721037 CET377853494154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:07.338771105 CET534943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:07.339642048 CET534943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:07.344381094 CET377853494154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:07.344444990 CET534943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:07.349230051 CET377853494154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:07.998938084 CET377853494154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:07.999061108 CET534943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:07.999114037 CET534943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:07.999663115 CET534963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.004590034 CET377853496154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:08.004673958 CET534963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.005383968 CET534963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.010135889 CET377853496154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:08.010184050 CET534963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.014962912 CET377853496154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:08.693572998 CET377853496154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:08.693898916 CET534963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.694014072 CET534963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.694634914 CET534983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.699426889 CET377853498154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:08.699531078 CET534983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.700227022 CET534983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.704998970 CET377853498154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:08.705071926 CET534983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:08.709920883 CET377853498154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:09.378233910 CET377853498154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:09.378540993 CET534983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:09.378540993 CET534983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:09.379112959 CET535003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:09.383907080 CET377853500154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:09.383976936 CET535003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:09.384680033 CET535003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:09.389513016 CET377853500154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:09.389596939 CET535003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:09.394416094 CET377853500154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:10.081377983 CET377853500154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:10.082071066 CET535003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.082071066 CET535003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.083234072 CET535023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.088053942 CET377853502154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:10.088299036 CET535023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.091988087 CET535023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.096842051 CET377853502154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:10.096942902 CET535023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.101746082 CET377853502154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:10.749157906 CET377853502154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:10.749231100 CET535023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.749231100 CET535023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.773400068 CET535043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.778311968 CET377853504154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:10.778371096 CET535043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.784991026 CET535043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.789738894 CET377853504154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:10.789793968 CET535043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:10.794543028 CET377853504154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:11.482259035 CET377853504154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:11.482338905 CET535043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:11.482392073 CET535043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:11.484982014 CET535063778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:11.489914894 CET377853506154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:11.489958048 CET535063778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:11.496011972 CET535063778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:11.500864029 CET377853506154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:11.500910044 CET535063778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:11.505801916 CET377853506154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:12.161626101 CET377853506154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:12.161681890 CET535063778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.161712885 CET535063778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.175802946 CET535083778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.180680990 CET377853508154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:12.180793047 CET535083778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.190498114 CET535083778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.195369005 CET377853508154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:12.198390007 CET535083778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.203167915 CET377853508154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:12.841664076 CET377853508154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:12.841758013 CET535083778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.841758013 CET535083778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.844757080 CET535103778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.849571943 CET377853510154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:12.849649906 CET535103778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.855372906 CET535103778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.860117912 CET377853510154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:12.860169888 CET535103778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:12.864969015 CET377853510154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:13.528714895 CET377853510154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:13.528779030 CET535103778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:13.528883934 CET535103778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:13.531569958 CET535123778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:13.536365986 CET377853512154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:13.536417961 CET535123778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:13.542444944 CET535123778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:13.547256947 CET377853512154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:13.547307014 CET535123778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:13.552088022 CET377853512154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:14.254009008 CET377853512154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:14.254100084 CET535123778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.254100084 CET535123778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.291500092 CET535143778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.296376944 CET377853514154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:14.296446085 CET535143778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.349163055 CET535143778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.353919983 CET377853514154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:14.354015112 CET535143778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.358797073 CET377853514154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:14.955482006 CET377853514154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:14.955583096 CET535143778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.955627918 CET535143778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.958352089 CET535163778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.963222027 CET377853516154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:14.963293076 CET535163778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.969465017 CET535163778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.974301100 CET377853516154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:14.974422932 CET535163778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:14.979259014 CET377853516154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:15.622689009 CET377853516154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:15.622796059 CET535163778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:15.622828960 CET535163778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:15.627307892 CET535183778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:15.633385897 CET377853518154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:15.633470058 CET535183778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:15.639919043 CET535183778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:15.645998001 CET377853518154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:15.646097898 CET535183778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:15.652095079 CET377853518154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:16.291414022 CET377853518154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:16.293266058 CET535183778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.293266058 CET535183778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.303766966 CET535203778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.308862925 CET377853520154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:16.308933020 CET535203778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.331231117 CET535203778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.337197065 CET377853520154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:16.337264061 CET535203778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.343364954 CET377853520154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:16.966814995 CET377853520154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:16.966892004 CET535203778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.966947079 CET535203778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.973368883 CET535223778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.978195906 CET377853522154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:16.978247881 CET535223778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:16.996136904 CET535223778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:17.001554012 CET377853522154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:17.001648903 CET535223778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:17.006421089 CET377853522154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:17.649837017 CET377853522154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:17.649904966 CET535223778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:17.649952888 CET535223778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:17.657380104 CET535243778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:17.662312984 CET377853524154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:17.662373066 CET535243778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:17.680565119 CET535243778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:17.685813904 CET377853524154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:17.685868979 CET535243778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:17.690845966 CET377853524154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:18.349328041 CET377853524154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:18.349438906 CET535243778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:18.349438906 CET535243778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:18.373270988 CET535263778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:18.378099918 CET377853526154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:18.378998995 CET535263778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:18.444576979 CET535263778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:18.449420929 CET377853526154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:18.449511051 CET535263778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:18.454263926 CET377853526154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:19.039839983 CET377853526154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:19.039921045 CET535263778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.039967060 CET535263778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.042177916 CET535283778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.046971083 CET377853528154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:19.047027111 CET535283778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.054867983 CET535283778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.059762955 CET377853528154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:19.059797049 CET535283778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.064557076 CET377853528154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:19.711286068 CET377853528154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:19.713295937 CET535283778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.713330984 CET535283778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.716341019 CET535303778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.721101999 CET377853530154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:19.721143961 CET535303778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.728708982 CET535303778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.733490944 CET377853530154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:19.733524084 CET535303778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:19.738337994 CET377853530154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:20.386502981 CET377853530154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:20.386612892 CET535303778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:20.386612892 CET535303778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:20.396208048 CET535323778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:20.401019096 CET377853532154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:20.401103020 CET535323778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:20.407757044 CET535323778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:20.412504911 CET377853532154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:20.412643909 CET535323778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:20.417402029 CET377853532154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:21.059933901 CET377853532154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:21.060055017 CET535323778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.060055017 CET535323778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.065171003 CET535343778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.071425915 CET377853534154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:21.071711063 CET535343778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.081463099 CET535343778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.087553978 CET377853534154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:21.087647915 CET535343778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.093892097 CET377853534154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:21.755302906 CET377853534154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:21.755388021 CET535343778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.755461931 CET535343778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.758097887 CET535363778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.762950897 CET377853536154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:21.763014078 CET535363778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.770204067 CET535363778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.774966002 CET377853536154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:21.775026083 CET535363778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:21.779819965 CET377853536154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:23.417407036 CET377853536154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:23.417500973 CET535363778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:23.417536020 CET535363778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:23.420911074 CET535383778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:23.425698996 CET377853538154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:23.425760031 CET535383778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:23.447438002 CET535383778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:23.452277899 CET377853538154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:23.452325106 CET535383778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:23.457066059 CET377853538154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:24.105508089 CET377853538154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:24.105586052 CET535383778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.105618000 CET535383778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.109601021 CET535403778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.114443064 CET377853540154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:24.114495039 CET535403778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.127547026 CET535403778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.132477045 CET377853540154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:24.132527113 CET535403778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.137300968 CET377853540154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:24.799880981 CET377853540154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:24.799949884 CET535403778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.799995899 CET535403778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.805659056 CET535423778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.810549974 CET377853542154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:24.810622931 CET535423778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.825293064 CET535423778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.830159903 CET377853542154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:24.830529928 CET535423778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:24.835443974 CET377853542154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:25.484555006 CET377853542154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:25.484704971 CET535423778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:25.484704971 CET535423778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:25.485270977 CET535443778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:25.490082979 CET377853544154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:25.490174055 CET535443778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:25.491353035 CET535443778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:25.496114969 CET377853544154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:25.496170998 CET535443778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:25.500999928 CET377853544154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:27.207488060 CET377853544154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:27.207622051 CET535443778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.207636118 CET535443778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.208102942 CET535463778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.212865114 CET377853546154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:27.212928057 CET535463778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.213532925 CET535463778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.218291044 CET377853546154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:27.218341112 CET535463778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.223094940 CET377853546154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:27.870347023 CET377853546154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:27.870502949 CET535463778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.870563984 CET535463778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.871114016 CET535483778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.875986099 CET377853548154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:27.876040936 CET535483778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.876648903 CET535483778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.881472111 CET377853548154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:27.881521940 CET535483778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:27.886288881 CET377853548154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:28.539036989 CET377853548154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:28.539330959 CET535483778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:28.539330959 CET535483778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:28.540049076 CET535503778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:28.545306921 CET377853550154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:28.545383930 CET535503778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:28.546406984 CET535503778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:28.551220894 CET377853550154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:28.551281929 CET535503778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:28.556072950 CET377853550154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:29.250880957 CET377853550154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:29.251233101 CET535503778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.251233101 CET535503778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.252022028 CET535523778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.256942034 CET377853552154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:29.257023096 CET535523778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.257674932 CET535523778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.262432098 CET377853552154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:29.262551069 CET535523778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.267333031 CET377853552154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:29.939910889 CET377853552154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:29.940110922 CET535523778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.940262079 CET535523778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.940867901 CET535543778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.945673943 CET377853554154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:29.945740938 CET535543778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.946409941 CET535543778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.951206923 CET377853554154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:29.951282978 CET535543778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:29.956111908 CET377853554154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:30.604547024 CET377853554154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:30.604715109 CET535543778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:30.604743958 CET535543778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:30.605273962 CET535563778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:30.610093117 CET377853556154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:30.610158920 CET535563778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:30.610816956 CET535563778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:30.615567923 CET377853556154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:30.615621090 CET535563778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:30.621779919 CET377853556154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:31.279021978 CET377853556154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:31.279246092 CET535563778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.279283047 CET535563778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.279767036 CET535583778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.287336111 CET377853558154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:31.287403107 CET535583778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.288144112 CET535583778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.292964935 CET377853558154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:31.293020010 CET535583778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.299037933 CET377853558154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:31.953329086 CET377853558154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:31.953669071 CET535583778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.953744888 CET535583778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.954687119 CET535603778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.959515095 CET377853560154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:31.959611893 CET535603778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.960582018 CET535603778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.965321064 CET377853560154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:31.965377092 CET535603778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:31.971359015 CET377853560154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:32.616942883 CET377853560154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:32.617245913 CET535603778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:32.617245913 CET535603778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:32.617954016 CET535623778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:32.622721910 CET377853562154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:32.622788906 CET535623778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:32.623733997 CET535623778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:32.628515005 CET377853562154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:32.628619909 CET535623778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:32.633482933 CET377853562154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:33.361987114 CET377853562154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:33.362164974 CET535623778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:33.362196922 CET535623778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:33.362728119 CET535643778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:33.367614985 CET377853564154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:33.367675066 CET535643778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:33.368422985 CET535643778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:33.373178959 CET377853564154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:33.373228073 CET535643778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:33.380186081 CET377853564154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:35.697746992 CET377853564154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:35.697896004 CET535643778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:35.697928905 CET535643778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:35.698605061 CET535663778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:35.703439951 CET377853566154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:35.703490019 CET535663778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:35.704454899 CET535663778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:35.709252119 CET377853566154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:35.709295988 CET535663778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:35.714045048 CET377853566154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:36.388890028 CET377853566154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:36.389065027 CET535663778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:36.389090061 CET535663778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:36.390072107 CET535683778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:36.395059109 CET377853568154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:36.395296097 CET535683778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:36.396261930 CET535683778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:36.401004076 CET377853568154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:36.401058912 CET535683778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:36.407015085 CET377853568154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:37.095999956 CET377853568154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:37.096174955 CET535683778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.096242905 CET535683778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.097245932 CET535703778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.102194071 CET377853570154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:37.102303028 CET535703778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.103269100 CET535703778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.108273029 CET377853570154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:37.108413935 CET535703778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.113240004 CET377853570154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:37.785530090 CET377853570154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:37.785907984 CET535703778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.785907984 CET535703778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.787125111 CET535723778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.792036057 CET377853572154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:37.792124033 CET535723778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.793181896 CET535723778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.798018932 CET377853572154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:37.798151016 CET535723778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:37.803034067 CET377853572154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:38.468312979 CET377853572154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:38.468445063 CET535723778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:38.468481064 CET535723778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:38.469407082 CET535743778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:38.474224091 CET377853574154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:38.474307060 CET535743778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:38.475691080 CET535743778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:38.480460882 CET377853574154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:38.480531931 CET535743778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:38.485306025 CET377853574154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:39.155441999 CET377853574154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:39.155755043 CET535743778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.155755043 CET535743778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.156155109 CET535763778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.160983086 CET377853576154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:39.161071062 CET535763778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.161716938 CET535763778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.166522980 CET377853576154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:39.166579962 CET535763778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.171380043 CET377853576154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:39.838644028 CET377853576154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:39.838881969 CET535763778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.838882923 CET535763778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.839814901 CET535783778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.844626904 CET377853578154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:39.844723940 CET535783778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.845706940 CET535783778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.850517035 CET377853578154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:39.850579023 CET535783778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:39.855386019 CET377853578154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:40.503891945 CET377853578154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:40.504168987 CET535783778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:40.504288912 CET535783778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:40.505619049 CET535803778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:40.510513067 CET377853580154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:40.510597944 CET535803778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:40.512121916 CET535803778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:40.516927004 CET377853580154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:40.517052889 CET535803778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:40.521929026 CET377853580154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:41.192233086 CET377853580154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:41.192555904 CET535803778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.192640066 CET535803778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.193365097 CET535823778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.198421001 CET377853582154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:41.198487997 CET535823778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.199054956 CET535823778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.204128027 CET377853582154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:41.204195023 CET535823778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.209482908 CET377853582154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:41.886270046 CET377853582154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:41.886528969 CET535823778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.886622906 CET535823778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.887572050 CET535843778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.892366886 CET377853584154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:41.892570019 CET535843778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.893898964 CET535843778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.898679018 CET377853584154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:41.898761034 CET535843778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:41.903666019 CET377853584154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:42.568850994 CET377853584154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:42.569077969 CET535843778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:42.569164991 CET535843778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:42.569956064 CET535863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:42.574965954 CET377853586154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:42.575081110 CET535863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:42.576136112 CET535863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:42.581209898 CET377853586154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:42.581309080 CET535863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:42.586522102 CET377853586154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:43.272748947 CET377853586154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:43.272852898 CET535863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.272901058 CET535863778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.273389101 CET535883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.278275013 CET377853588154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:43.278326035 CET535883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.278903961 CET535883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.283755064 CET377853588154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:43.283807993 CET535883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.288569927 CET377853588154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:43.949295998 CET377853588154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:43.949400902 CET535883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.949429989 CET535883778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.950207949 CET535903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.955022097 CET377853590154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:43.955071926 CET535903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.956012964 CET535903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.960875034 CET377853590154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:43.960928917 CET535903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:43.965689898 CET377853590154.216.19.169192.168.2.15
          Jan 9, 2025 20:23:53.966047049 CET535903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:23:53.971815109 CET377853590154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:13.333175898 CET377853590154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:13.333451033 CET535903778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:13.338294983 CET377853590154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:14.336338997 CET535923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:14.341362000 CET377853592154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:14.341497898 CET535923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:14.342933893 CET535923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:14.347693920 CET377853592154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:14.347742081 CET535923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:14.352559090 CET377853592154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:35.726372957 CET377853592154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:35.726824999 CET535923778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:35.731750011 CET377853592154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:36.729883909 CET535943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:36.734890938 CET377853594154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:36.735033989 CET535943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:36.736306906 CET535943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:36.741132975 CET377853594154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:36.741223097 CET535943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:36.746057034 CET377853594154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:58.133142948 CET377853594154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:58.133605957 CET535943778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:58.138905048 CET377853594154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:59.135799885 CET535963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:59.140935898 CET377853596154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:59.141026974 CET535963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:59.142235041 CET535963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:59.147078037 CET377853596154.216.19.169192.168.2.15
          Jan 9, 2025 20:24:59.147144079 CET535963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:24:59.151993990 CET377853596154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:09.152193069 CET535963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:09.157026052 CET377853596154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:20.504247904 CET377853596154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:20.504637003 CET535963778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:20.509542942 CET377853596154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:21.507313967 CET535983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:21.512291908 CET377853598154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:21.512392044 CET535983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:21.513560057 CET535983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:21.518467903 CET377853598154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:21.518527031 CET535983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:21.523391962 CET377853598154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:42.864156008 CET377853598154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:42.864669085 CET535983778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:42.869532108 CET377853598154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:43.870600939 CET536003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:43.875847101 CET377853600154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:43.875941992 CET536003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:43.878170967 CET536003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:43.883135080 CET377853600154.216.19.169192.168.2.15
          Jan 9, 2025 20:25:43.883213043 CET536003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:25:43.888067961 CET377853600154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:05.241385937 CET377853600154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:05.241971016 CET536003778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:05.246949911 CET377853600154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:06.244692087 CET536023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:06.249598980 CET377853602154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:06.249679089 CET536023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:06.251029015 CET536023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:06.255834103 CET377853602154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:06.255892992 CET536023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:06.260663033 CET377853602154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:16.261115074 CET536023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:16.267848969 CET377853602154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:27.630192041 CET377853602154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:27.630552053 CET536023778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:27.635622025 CET377853602154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:28.633392096 CET536043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:28.640069962 CET377853604154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:28.640223026 CET536043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:28.641107082 CET536043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:28.647389889 CET377853604154.216.19.169192.168.2.15
          Jan 9, 2025 20:26:28.647475004 CET536043778192.168.2.15154.216.19.169
          Jan 9, 2025 20:26:28.653801918 CET377853604154.216.19.169192.168.2.15

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jan 9, 2025 20:25:47.014302015 CET4239753192.168.2.151.1.1.1
          Jan 9, 2025 20:25:47.014375925 CET5304553192.168.2.151.1.1.1
          Jan 9, 2025 20:25:47.021445990 CET53530451.1.1.1192.168.2.15
          Jan 9, 2025 20:25:47.021981955 CET53423971.1.1.1192.168.2.15

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Jan 9, 2025 20:25:47.014302015 CET192.168.2.151.1.1.10x825Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
          Jan 9, 2025 20:25:47.014375925 CET192.168.2.151.1.1.10x8f1dStandard query (0)daisy.ubuntu.com28IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Jan 9, 2025 20:25:47.021981955 CET1.1.1.1192.168.2.150x825No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
          Jan 9, 2025 20:25:47.021981955 CET1.1.1.1192.168.2.150x825No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

          System Behavior

          General

          Start time (UTC):19:23:03
          Start date (UTC):09/01/2025
          Path:/tmp/wind.m68k.elf
          Arguments:/tmp/wind.m68k.elf
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          Chronological Activities


          General

          Start time (UTC):19:23:03
          Start date (UTC):09/01/2025
          Path:/tmp/wind.m68k.elf
          Arguments:-
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          Chronological Activities


          General

          Start time (UTC):19:23:03
          Start date (UTC):09/01/2025
          Path:/tmp/wind.m68k.elf
          Arguments:-
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          Chronological Activities


          General

          Start time (UTC):19:23:03
          Start date (UTC):09/01/2025
          Path:/tmp/wind.m68k.elf
          Arguments:-
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):19:23:16
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:-
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):19:23:16
          Start date (UTC):09/01/2025
          Path:/usr/sbin/xfpm-power-backlight-helper
          Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
          File size:14656 bytes
          MD5 hash:3d221ad23f28ca3259f599b1664e2427

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):19:23:09
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):19:23:16
          Start date (UTC):09/01/2025
          Path:/usr/bin/dbus-daemon
          Arguments:-
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          Chronological Activities


          General

          Start time (UTC):19:23:16
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
          File size:112880 bytes
          MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

          Chronological Activities


          General

          Start time (UTC):19:23:20
          Start date (UTC):09/01/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Chronological Activities


          General

          Start time (UTC):19:23:20
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
          File size:112872 bytes
          MD5 hash:eee956f1b227c1d5031f9c61223255d1

          Chronological Activities