Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
zmap.x86.elf

Overview

General Information

Sample name:zmap.x86.elf
Analysis ID:1547455
MD5:8edb75406d233f4201e85fd2d746c114
SHA1:79272fc7bf16c8f354efa0b4b59bcdf0f929fa0a
SHA256:e1f60f41d27140942ad74ef1f1bae26fc98787fed03c91d3c4a33e5390b6d3be
Tags:elfuser-abuse_ch
Infos:

Detection

Okiru
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Okiru
Machine Learning detection for sample
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1547455
Start date and time:2024-11-02 15:12:11 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 18s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zmap.x86.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/0@19/0

Warnings

  • VT rate limit hit for: zmap.x86.elf

Runtime Messages

Command:/tmp/zmap.x86.elf
PID:5489
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
VagneRHere
Standard Error:

Process Tree

  • system is lnxubuntu20
  • zmap.x86.elf (PID: 5489, Parent: 5416, MD5: 8edb75406d233f4201e85fd2d746c114) Arguments: /tmp/zmap.x86.elf
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
zmap.x86.elfJoeSecurity_OkiruYara detected OkiruJoe Security
    zmap.x86.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
    • 0xb20:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
    zmap.x86.elfLinux_Trojan_Mirai_88de437funknownunknown
    • 0x84e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
    zmap.x86.elfLinux_Trojan_Mirai_389ee3e9unknownunknown
    • 0xb670:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
    zmap.x86.elfLinux_Trojan_Mirai_cc93863bunknownunknown
    • 0x9f91:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5491.1.0000000008048000.0000000008057000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
      5491.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0xb20:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      5491.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
      • 0x84e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
      5491.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_389ee3e9unknownunknown
      • 0xb670:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
      5491.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
      • 0x9f91:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
      Click to see the 9 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: zmap.x86.elfReversingLabs: Detection: 60%
      Machine Learning detection for sample
      Source: zmap.x86.elfJoe Sandbox ML: detected
      Source: global trafficTCP traffic: 192.168.2.14:47358 -> 154.216.16.38:59962
      Source: global trafficDNS traffic detected: DNS query: server.myway-ing.win

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: classification engineClassification label: mal72.troj.evad.linELF@0/0@19/0

      Hooking and other Techniques for Hiding and Protection

      barindex
      Sample deletes itself
      Source: /tmp/zmap.x86.elf (PID: 5489)File: /tmp/zmap.x86.elfJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected Okiru
      Source: Yara matchFile source: zmap.x86.elf, type: SAMPLE
      Source: Yara matchFile source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: zmap.x86.elf PID: 5489, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: zmap.x86.elf PID: 5491, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Okiru
      Source: Yara matchFile source: zmap.x86.elf, type: SAMPLE
      Source: Yara matchFile source: 5491.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5489.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: zmap.x86.elf PID: 5489, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: zmap.x86.elf PID: 5491, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
      File Deletion      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Non-Standard Port      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      zmap.x86.elf61%ReversingLabsLinux.Trojan.LnxMirai
      zmap.x86.elf100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      server.myway-ing.win
      		154.216.16.38
      		truefalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        154.216.16.38
        		server.myway-ing.winSeychelles
        		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCofalse

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        154.216.16.38zmap.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
          debug.dbg.elfGet hashmaliciousMirai, OkiruBrowse
            zmap.m68k.elfGet hashmaliciousMirai, OkiruBrowse
              zmap.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                zmap.mips.elfGet hashmaliciousMirai, OkiruBrowse
                  zmap.arm.elfGet hashmaliciousMirai, OkiruBrowse
                    zmap.spc.elfGet hashmaliciousMirai, OkiruBrowse
                      zmap.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                        zmap.ppc.elfGet hashmaliciousMirai, OkiruBrowse
                          zmap.arm7.elfGet hashmaliciousMirai, OkiruBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            server.myway-ing.winzmap.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                            • 154.216.16.38

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            SKHT-ASShenzhenKatherineHengTechnologyInformationCozmap.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                            • 154.216.16.38
                            qkehusl.elfGet hashmaliciousMiraiBrowse
                            • 154.216.19.76
                            jwwofba5.elfGet hashmaliciousMiraiBrowse
                            • 154.216.19.76
                            wheiuwa4.elfGet hashmaliciousMiraiBrowse
                            • 154.216.19.76
                            dvwkja7.elfGet hashmaliciousMiraiBrowse
                            • 154.216.19.76
                            vsbeps.elfGet hashmaliciousMiraiBrowse
                            • 154.216.19.76
                            qkbfi86.elfGet hashmaliciousMiraiBrowse
                            • 154.216.19.76
                            boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                            • 154.216.19.64
                            boatnet.x86.elfGet hashmaliciousMiraiBrowse
                            • 154.216.19.64
                            boatnet.ppc.elfGet hashmaliciousUnknownBrowse
                            • 154.216.19.64

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            No created / dropped files found

                            Static File Info

                            General

                            File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                            Entropy (8bit):6.522977840229838
                            TrID:
                            • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                            • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                            File name:zmap.x86.elf
                            File size:62'640 bytes
                            MD5:8edb75406d233f4201e85fd2d746c114
                            SHA1:79272fc7bf16c8f354efa0b4b59bcdf0f929fa0a
                            SHA256:e1f60f41d27140942ad74ef1f1bae26fc98787fed03c91d3c4a33e5390b6d3be
                            SHA512:df424a671363b4a9d6480a3210e9b135dfbce80bb9e8af7f2b931c5ba51deb8256d54b505dd418091f03c4139ccec955cc00cfeb1456e791c37d7abb5a1253c5
                            SSDEEP:1536:1BGfyT5OGMMt4cesUTeFIv5TzHhWKg80CIjOepn2Z:1caT5OGMMtmaATzBWKp07Kan0
                            TLSH:74534AC4E583DCFAEC5605705173EB368B77F13B1268DA87C7A89923F852B02E54629C
                            File Content Preview:.ELF....................d...4... .......4. ...(..............................................p...p.......*..........Q.td............................U..S.......w....h........[]...$.............U......=.r...t..5....$p.....$p......u........t....h.o..........

                            Static ELF Info

                            ELF header

                            Class:ELF32
                            Data:2's complement, little endian
                            Version:1 (current)
                            Machine:Intel 80386
                            Version Number:0x1
                            Type:EXEC (Executable file)
                            OS/ABI:UNIX - System V
                            ABI Version:0
                            Entry Point Address:0x8048164
                            Flags:0x0
                            ELF Header Size:52
                            Program Header Offset:52
                            Program Header Size:32
                            Number of Program Headers:3
                            Section Header Offset:62240
                            Section Header Size:40
                            Number of Section Headers:10
                            Header String Table Index:9

                            Sections

                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                            NULL0x00x00x00x00x0000
                            .initPROGBITS0x80480940x940x1c0x00x6AX001
                            .textPROGBITS0x80480b00xb00xd1060x00x6AX0016
                            .finiPROGBITS0x80551b60xd1b60x170x00x6AX001
                            .rodataPROGBITS0x80551e00xd1e00x1e1c0x00x2A0032
                            .ctorsPROGBITS0x80570000xf0000x80x00x3WA004
                            .dtorsPROGBITS0x80570080xf0080x80x00x3WA004
                            .dataPROGBITS0x80570200xf0200x2c00x00x3WA0032
                            .bssNOBITS0x80572e00xf2e00x27c00x00x3WA0032
                            .shstrtabSTRTAB0x00xf2e00x3e0x00x0001

                            Program Segments

                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                            LOAD0x00x80480000x80480000xeffc0xeffc6.55690x5R E0x1000.init .text .fini .rodata
                            LOAD0xf0000x80570000x80570000x2e00x2aa03.73580x6RW 0x1000.ctors .dtors .data .bss
                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Nov 2, 2024 15:12:59.054897070 CET4735859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.059752941 CET5996247358154.216.16.38192.168.2.14
                            Nov 2, 2024 15:12:59.059825897 CET4735859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.059840918 CET4735859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.064774036 CET5996247358154.216.16.38192.168.2.14
                            Nov 2, 2024 15:12:59.064837933 CET4735859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.069681883 CET5996247358154.216.16.38192.168.2.14
                            Nov 2, 2024 15:12:59.948862076 CET5996247358154.216.16.38192.168.2.14
                            Nov 2, 2024 15:12:59.948971033 CET4735859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.949121952 CET4735859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.956326008 CET4736059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.962156057 CET5996247360154.216.16.38192.168.2.14
                            Nov 2, 2024 15:12:59.962214947 CET4736059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.962232113 CET4736059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.967447042 CET5996247360154.216.16.38192.168.2.14
                            Nov 2, 2024 15:12:59.967489004 CET4736059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:12:59.972462893 CET5996247360154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:00.860641003 CET5996247360154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:00.860799074 CET4736059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:00.860886097 CET4736059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:00.868096113 CET4736259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:00.873017073 CET5996247362154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:00.873064995 CET4736259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:00.873079062 CET4736259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:00.877919912 CET5996247362154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:00.877958059 CET4736259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:00.882895947 CET5996247362154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:01.773111105 CET5996247362154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:01.773235083 CET4736259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:01.773272038 CET4736259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:01.780802011 CET4736459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:01.785721064 CET5996247364154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:01.785808086 CET4736459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:01.785824060 CET4736459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:01.790739059 CET5996247364154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:01.790790081 CET4736459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:01.795732021 CET5996247364154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:02.667843103 CET5996247364154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:02.668031931 CET4736459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:02.668158054 CET4736459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:02.719225883 CET4736659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:02.724427938 CET5996247366154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:02.724478960 CET4736659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:02.724499941 CET4736659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:02.729494095 CET5996247366154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:02.729537964 CET4736659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:02.734344006 CET5996247366154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:03.615190983 CET5996247366154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:03.615426064 CET4736659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:03.615453959 CET4736659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:03.622709036 CET4736859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:03.627607107 CET5996247368154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:03.627682924 CET4736859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:03.627760887 CET4736859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:03.632555008 CET5996247368154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:03.632601023 CET4736859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:03.637507915 CET5996247368154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:04.508093119 CET5996247368154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:04.508203983 CET4736859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:04.508279085 CET4736859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:04.515588999 CET4737059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:04.520442009 CET5996247370154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:04.520514965 CET4737059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:04.520591974 CET4737059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:04.525461912 CET5996247370154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:04.525521994 CET4737059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:04.530340910 CET5996247370154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:05.415667057 CET5996247370154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:05.415812016 CET4737059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:05.415880919 CET4737059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:05.426841021 CET4737259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:05.434706926 CET5996247372154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:05.434793949 CET4737259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:05.434858084 CET4737259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:05.442943096 CET5996247372154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:05.442996979 CET4737259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:05.448910952 CET5996247372154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:06.375041008 CET5996247372154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:06.375143051 CET4737259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:06.375181913 CET4737259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:06.389513016 CET4737459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:06.394395113 CET5996247374154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:06.394572020 CET4737459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:06.394572020 CET4737459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:06.399535894 CET5996247374154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:06.399602890 CET4737459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:06.404515028 CET5996247374154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:07.277285099 CET5996247374154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:07.277431965 CET4737459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:07.277479887 CET4737459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:07.285316944 CET4737659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:07.290291071 CET5996247376154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:07.290368080 CET4737659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:07.290452003 CET4737659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:07.295320988 CET5996247376154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:07.295382977 CET4737659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:07.300362110 CET5996247376154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:08.200709105 CET5996247376154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:08.200850964 CET4737659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:08.200876951 CET4737659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:08.208029032 CET4737859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:08.213965893 CET5996247378154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:08.214083910 CET4737859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:08.214135885 CET4737859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:08.222414970 CET5996247378154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:08.222480059 CET4737859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:08.227731943 CET5996247378154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:09.140635014 CET5996247378154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:09.140707970 CET4737859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:09.140770912 CET4737859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:09.148343086 CET4738059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:09.153430939 CET5996247380154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:09.153503895 CET4738059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:09.153553009 CET4738059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:09.158886909 CET5996247380154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:09.158951998 CET4738059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:09.164123058 CET5996247380154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:10.033519983 CET5996247380154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:10.033678055 CET4738059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.033725023 CET4738059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.041162014 CET4738259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.046061993 CET5996247382154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:10.046199083 CET4738259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.046247005 CET4738259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.051129103 CET5996247382154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:10.051192999 CET4738259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.056236029 CET5996247382154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:10.934580088 CET5996247382154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:10.934993029 CET4738259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.934993029 CET4738259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.947063923 CET4738459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.955117941 CET5996247384154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:10.955185890 CET4738459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.955260038 CET4738459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.960344076 CET5996247384154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:10.960422993 CET4738459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:10.966312885 CET5996247384154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:11.843719006 CET5996247384154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:11.843944073 CET4738459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:11.843944073 CET4738459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:11.851605892 CET4738659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:11.856399059 CET5996247386154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:11.856498003 CET4738659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:11.856514931 CET4738659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:11.861517906 CET5996247386154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:11.861573935 CET4738659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:11.866449118 CET5996247386154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:12.749929905 CET5996247386154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:12.749948025 CET5996247386154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:12.750318050 CET4738659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:12.750318050 CET4738659962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:12.757380009 CET4738859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:12.762676001 CET5996247388154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:12.762739897 CET4738859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:12.762770891 CET4738859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:12.767896891 CET5996247388154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:12.767937899 CET4738859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:12.772799015 CET5996247388154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:13.653168917 CET5996247388154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:13.653368950 CET4738859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:13.653368950 CET4738859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:13.653474092 CET5996247388154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:13.653578043 CET4738859962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:13.661115885 CET4739059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:13.666645050 CET5996247390154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:13.666790009 CET4739059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:13.666843891 CET4739059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:13.673151016 CET5996247390154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:13.673209906 CET4739059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:13.677998066 CET5996247390154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:14.550237894 CET5996247390154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:14.550534964 CET4739059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:14.550705910 CET4739059962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:14.557944059 CET4739259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:14.562969923 CET5996247392154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:14.563064098 CET4739259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:14.563113928 CET4739259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:14.567950010 CET5996247392154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:14.568032980 CET4739259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:14.572969913 CET5996247392154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:15.442326069 CET5996247392154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:15.442643881 CET4739259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:15.442698002 CET4739259962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:15.450140953 CET4739459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:15.455018997 CET5996247394154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:15.455110073 CET4739459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:15.455153942 CET4739459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:15.459995985 CET5996247394154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:15.460053921 CET4739459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:15.465123892 CET5996247394154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:25.464972019 CET4739459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:13:25.470295906 CET5996247394154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:25.736279011 CET5996247394154.216.16.38192.168.2.14
                            Nov 2, 2024 15:13:25.736377001 CET4739459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:14:25.742095947 CET4739459962192.168.2.14154.216.16.38
                            Nov 2, 2024 15:14:25.747047901 CET5996247394154.216.16.38192.168.2.14
                            Nov 2, 2024 15:14:26.195364952 CET5996247394154.216.16.38192.168.2.14
                            Nov 2, 2024 15:14:26.195631981 CET4739459962192.168.2.14154.216.16.38

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Nov 2, 2024 15:12:59.013602018 CET5911753192.168.2.148.8.8.8
                            Nov 2, 2024 15:12:59.054795980 CET53591178.8.8.8192.168.2.14
                            Nov 2, 2024 15:12:59.949171066 CET4638853192.168.2.148.8.8.8
                            Nov 2, 2024 15:12:59.956254005 CET53463888.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:00.860937119 CET5429853192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:00.868033886 CET53542988.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:01.773298979 CET4370253192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:01.780714035 CET53437028.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:02.668210983 CET5643353192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:02.719038010 CET53564338.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:03.615487099 CET5132853192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:03.622622013 CET53513288.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:04.508389950 CET4363753192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:04.515470028 CET53436378.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:05.415982962 CET4951953192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:05.426729918 CET53495198.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:06.375242949 CET4056853192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:06.389436960 CET53405688.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:07.277546883 CET3748853192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:07.285197973 CET53374888.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:08.200917959 CET6052653192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:08.207904100 CET53605268.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:09.140877008 CET3818353192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:09.148232937 CET53381838.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:10.033829927 CET4823053192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:10.041053057 CET53482308.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:10.935007095 CET3475453192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:10.946819067 CET53347548.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:11.843940020 CET5692653192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:11.851538897 CET53569268.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:12.750313997 CET5699853192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:12.757296085 CET53569988.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:13.653368950 CET4220653192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:13.660958052 CET53422068.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:14.550791025 CET5847853192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:14.557811022 CET53584788.8.8.8192.168.2.14
                            Nov 2, 2024 15:13:15.442811012 CET3404153192.168.2.148.8.8.8
                            Nov 2, 2024 15:13:15.450025082 CET53340418.8.8.8192.168.2.14

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Nov 2, 2024 15:12:59.013602018 CET192.168.2.148.8.8.80x4135Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:12:59.949171066 CET192.168.2.148.8.8.80x5149Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:00.860937119 CET192.168.2.148.8.8.80x6ab4Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:01.773298979 CET192.168.2.148.8.8.80xa4bbStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:02.668210983 CET192.168.2.148.8.8.80xd90aStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:03.615487099 CET192.168.2.148.8.8.80xaa38Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:04.508389950 CET192.168.2.148.8.8.80xc556Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:05.415982962 CET192.168.2.148.8.8.80x955bStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:06.375242949 CET192.168.2.148.8.8.80x5b77Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:07.277546883 CET192.168.2.148.8.8.80xff6cStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:08.200917959 CET192.168.2.148.8.8.80x74f8Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:09.140877008 CET192.168.2.148.8.8.80x7e77Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:10.033829927 CET192.168.2.148.8.8.80x8ba8Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:10.935007095 CET192.168.2.148.8.8.80x4119Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:11.843940020 CET192.168.2.148.8.8.80x8be6Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:12.750313997 CET192.168.2.148.8.8.80x9418Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:13.653368950 CET192.168.2.148.8.8.80xfd58Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:14.550791025 CET192.168.2.148.8.8.80xa91fStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:15.442811012 CET192.168.2.148.8.8.80x33f8Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Nov 2, 2024 15:12:59.054795980 CET8.8.8.8192.168.2.140x4135No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:12:59.956254005 CET8.8.8.8192.168.2.140x5149No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:00.868033886 CET8.8.8.8192.168.2.140x6ab4No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:01.780714035 CET8.8.8.8192.168.2.140xa4bbNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:02.719038010 CET8.8.8.8192.168.2.140xd90aNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:03.622622013 CET8.8.8.8192.168.2.140xaa38No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:04.515470028 CET8.8.8.8192.168.2.140xc556No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:05.426729918 CET8.8.8.8192.168.2.140x955bNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:06.389436960 CET8.8.8.8192.168.2.140x5b77No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:07.285197973 CET8.8.8.8192.168.2.140xff6cNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:08.207904100 CET8.8.8.8192.168.2.140x74f8No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:09.148232937 CET8.8.8.8192.168.2.140x7e77No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:10.041053057 CET8.8.8.8192.168.2.140x8ba8No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:10.946819067 CET8.8.8.8192.168.2.140x4119No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:11.851538897 CET8.8.8.8192.168.2.140x8be6No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:12.757296085 CET8.8.8.8192.168.2.140x9418No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:13.660958052 CET8.8.8.8192.168.2.140xfd58No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:14.557811022 CET8.8.8.8192.168.2.140xa91fNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                            Nov 2, 2024 15:13:15.450025082 CET8.8.8.8192.168.2.140x33f8No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false

                            System Behavior

                            General

                            Start time (UTC):14:12:58
                            Start date (UTC):02/11/2024
                            Path:/tmp/zmap.x86.elf
                            Arguments:/tmp/zmap.x86.elf
                            File size:62640 bytes
                            MD5 hash:8edb75406d233f4201e85fd2d746c114

                            Chronological Activities


                            General

                            Start time (UTC):14:12:58
                            Start date (UTC):02/11/2024
                            Path:/tmp/zmap.x86.elf
                            Arguments:-
                            File size:62640 bytes
                            MD5 hash:8edb75406d233f4201e85fd2d746c114

                            Chronological Activities


                            General

                            Start time (UTC):14:12:58
                            Start date (UTC):02/11/2024
                            Path:/tmp/zmap.x86.elf
                            Arguments:-
                            File size:62640 bytes
                            MD5 hash:8edb75406d233f4201e85fd2d746c114

                            Chronological Activities