Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
debug.dbg.elf

Overview

General Information

Sample name:debug.dbg.elf
Analysis ID:1547502
MD5:5ebf5890d7d2c998b801d48b87667276
SHA1:4888c1c4df5cfc9f76b9dc5094e9b991127e16f5
SHA256:d4bc44ddc24214d6409a8e0ac6eaa66c47f19c345123498373a81e7b96faed98
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai, Okiru
Score:88
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Yara detected Okiru
Machine Learning detection for sample
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1547502
Start date and time:2024-11-02 16:17:09 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 31s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:debug.dbg.elf
Detection:MAL
Classification:mal88.troj.evad.linELF@0/0@19/0

Warnings

  • VT rate limit hit for: debug.dbg.elf

Runtime Messages

Command:/tmp/debug.dbg.elf
PID:5432
Exit Code:
Exit Code Info:
Killed:True
Standard Output:
VagneRHere
[VagneR] >> debug mode, pid: 5432
[VagneR] >> We Are The Only Process On This System!
(watchdog) >> failed to find a valid watchdog driver, bailing out
[VagneR] >> debug mode, pid: 5432
[VagneR] >> We Are The Only Process On This System!
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
(main) >> resolved domain
(main) >> connected to CNC.
(main) >> attempting to connect to cnc
(YBot/Resolver) >> got response from select
(YBot/Resolver) >> found ipv4 address: 2610d89a
(YBot/Resolver) >> resolved server.myway-ing.win to 1 ipv4 addresses
Standard Error:

Process Tree

  • system is lnxubuntu20
  • debug.dbg.elf (PID: 5432, Parent: 5358, MD5: 5ebf5890d7d2c998b801d48b87667276) Arguments: /tmp/debug.dbg.elf
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
debug.dbg.elfJoeSecurity_OkiruYara detected OkiruJoe Security
    debug.dbg.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      debug.dbg.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xdb6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdb80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdb94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdba8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdbbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdbd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdbe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdbf8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdc0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdc20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdc34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdc48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdc5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdc70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdc84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdc98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdcac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdcc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdcd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdce8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdcfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      debug.dbg.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0xb20:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      debug.dbg.elfLinux_Trojan_Mirai_88de437funknownunknown
      • 0x8bf2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
      Click to see the 3 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      5433.1.0000000008048000.0000000008059000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
        5433.1.0000000008048000.0000000008059000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          5433.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0xdb6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdb80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdb94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdba8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdbbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdbd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdbe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdbf8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdc0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdc20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdc34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdc48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdc5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdc70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdc84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdc98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdcac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdcc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdcd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdce8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xdcfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          5433.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
          • 0xb20:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
          5433.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
          • 0x8bf2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
          Click to see the 17 entries

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: debug.dbg.elfAvira: detected
          Multi AV Scanner detection for submitted file
          Source: debug.dbg.elfReversingLabs: Detection: 47%
          Machine Learning detection for sample
          Source: debug.dbg.elfJoe Sandbox ML: detected
          Source: global trafficTCP traffic: 192.168.2.13:55698 -> 154.216.16.38:59962
          Source: global trafficDNS traffic detected: DNS query: server.myway-ing.win
          Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
          Source: Process Memory Space: debug.dbg.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: debug.dbg.elf PID: 5433, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
          Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
          Source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
          Source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
          Source: Process Memory Space: debug.dbg.elf PID: 5432, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: debug.dbg.elf PID: 5433, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: classification engineClassification label: mal88.troj.evad.linELF@0/0@19/0

          Hooking and other Techniques for Hiding and Protection

          barindex
          Sample deletes itself
          Source: /tmp/debug.dbg.elf (PID: 5432)File: /tmp/debug.dbg.elfJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: debug.dbg.elf, type: SAMPLE
          Source: Yara matchFile source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: debug.dbg.elf PID: 5432, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: debug.dbg.elf PID: 5433, type: MEMORYSTR
          Yara detected Okiru
          Source: Yara matchFile source: debug.dbg.elf, type: SAMPLE
          Source: Yara matchFile source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: debug.dbg.elf PID: 5432, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: debug.dbg.elf PID: 5433, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: debug.dbg.elf, type: SAMPLE
          Source: Yara matchFile source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: debug.dbg.elf PID: 5432, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: debug.dbg.elf PID: 5433, type: MEMORYSTR
          Yara detected Okiru
          Source: Yara matchFile source: debug.dbg.elf, type: SAMPLE
          Source: Yara matchFile source: 5433.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5432.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: debug.dbg.elf PID: 5432, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: debug.dbg.elf PID: 5433, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
          File Deletion          		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
          Non-Standard Port          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact

          Malware Configuration

          No configs have been found

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          debug.dbg.elf47%ReversingLabsLinux.Backdoor.Mirai
          debug.dbg.elf100%AviraEXP/ELF.Mirai.Z.A
          debug.dbg.elf100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          daisy.ubuntu.com
          		162.213.35.24
          		truefalse
            		unknown
            server.myway-ing.win
            		154.216.16.38
            		truefalse
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              154.216.16.38
              		server.myway-ing.winSeychelles
              		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCofalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              154.216.16.38zmap.arm.elfGet hashmaliciousMirai, OkiruBrowse
                zmap.spc.elfGet hashmaliciousMirai, OkiruBrowse
                  zmap.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                    zmap.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                      zmap.ppc.elfGet hashmaliciousMirai, OkiruBrowse
                        zmap.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                          zmap.mips.elfGet hashmaliciousMirai, OkiruBrowse
                            zmap.x86.elfGet hashmaliciousOkiruBrowse
                              zmap.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                debug.dbg.elfGet hashmaliciousMirai, OkiruBrowse

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  server.myway-ing.winzmap.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.spc.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.ppc.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.x86.elfGet hashmaliciousOkiruBrowse
                                  • 154.216.16.38
                                  zmap.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  daisy.ubuntu.comzmap.x86_64.elfGet hashmaliciousOkiruBrowse
                                  • 162.213.35.25
                                  armv5l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                  • 162.213.35.25
                                  armv7l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                  • 162.213.35.25
                                  i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                  • 162.213.35.24
                                  mips64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                  • 162.213.35.25
                                  armv4l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                  • 162.213.35.25
                                  powerpc.elfGet hashmaliciousMiraiBrowse
                                  • 162.213.35.25
                                  sshd.elfGet hashmaliciousUnknownBrowse
                                  • 162.213.35.24
                                  kjsusa6.elfGet hashmaliciousMiraiBrowse
                                  • 162.213.35.24
                                  mcron-vip-1.elfGet hashmaliciousUnknownBrowse
                                  • 162.213.35.24

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  SKHT-ASShenzhenKatherineHengTechnologyInformationCozmap.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.spc.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.ppc.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  zmap.x86.elfGet hashmaliciousOkiruBrowse
                                  • 154.216.16.38
                                  zmap.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 154.216.16.38
                                  qkehusl.elfGet hashmaliciousMiraiBrowse
                                  • 154.216.19.76

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  No created / dropped files found

                                  Static File Info

                                  General

                                  File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                                  Entropy (8bit):6.453416635603942
                                  TrID:
                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                  File name:debug.dbg.elf
                                  File size:70'832 bytes
                                  MD5:5ebf5890d7d2c998b801d48b87667276
                                  SHA1:4888c1c4df5cfc9f76b9dc5094e9b991127e16f5
                                  SHA256:d4bc44ddc24214d6409a8e0ac6eaa66c47f19c345123498373a81e7b96faed98
                                  SHA512:651716eaa2f1fb738361ddc500c428134627a99a98bc8260a90ed4e14a1eb93e37f41d164806e39230e9a71e72cea2f96c2a6f781e27c8c9394eb3d27f0fe24e
                                  SSDEEP:1536:bSKRI7C2wEI5Z5268+I/UCCPyimYJmoV9okwKBTx3Poui7N1OF9Q+1j:bSKRI7C2wEI5nxCCqimYJmoVikwKBTxl
                                  TLSH:9B635BC4F943C8B6FD160630217BEB775FB2F1B91358EE43D7A89972E862641E501A8C
                                  File Content Preview:.ELF....................d...4... .......4. ...(......................................................... *..........Q.td............................U..S.......w....h....S...[]...$.............U......=.....t..5....$......$.......u........t....h............

                                  Static ELF Info

                                  ELF header

                                  Class:ELF32
                                  Data:2's complement, little endian
                                  Version:1 (current)
                                  Machine:Intel 80386
                                  Version Number:0x1
                                  Type:EXEC (Executable file)
                                  OS/ABI:UNIX - System V
                                  ABI Version:0
                                  Entry Point Address:0x8048164
                                  Flags:0x0
                                  ELF Header Size:52
                                  Program Header Offset:52
                                  Program Header Size:32
                                  Number of Program Headers:3
                                  Section Header Offset:70432
                                  Section Header Size:40
                                  Number of Section Headers:10
                                  Header String Table Index:9

                                  Sections

                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                  NULL0x00x00x00x00x0000
                                  .initPROGBITS0x80480940x940x1c0x00x6AX001
                                  .textPROGBITS0x80480b00xb00xd9760x00x6AX0016
                                  .finiPROGBITS0x8055a260xda260x170x00x6AX001
                                  .rodataPROGBITS0x8055a400xda400x2bdc0x00x2A0032
                                  .ctorsPROGBITS0x80590000x110000x80x00x3WA004
                                  .dtorsPROGBITS0x80590080x110080x80x00x3WA004
                                  .dataPROGBITS0x80590200x110200x2c00x00x3WA0032
                                  .bssNOBITS0x80592e00x112e00x27400x00x3WA0032
                                  .shstrtabSTRTAB0x00x112e00x3e0x00x0001

                                  Program Segments

                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                  LOAD0x00x80480000x80480000x1061c0x1061c6.62180x5R E0x1000.init .text .fini .rodata
                                  LOAD0x110000x80590000x80590000x2e00x2a203.76690x6RW 0x1000.ctors .dtors .data .bss
                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Nov 2, 2024 16:17:53.863571882 CET5569859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:53.868647099 CET5996255698154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:53.868706942 CET5569859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:53.868746042 CET5569859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:53.873637915 CET5996255698154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:53.873687029 CET5569859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:53.878973961 CET5996255698154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:54.748262882 CET5996255698154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:54.748816967 CET5569859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:54.748817921 CET5569859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:54.756671906 CET5570059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:54.761746883 CET5996255700154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:54.761811972 CET5570059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:54.761836052 CET5570059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:54.766881943 CET5996255700154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:54.766921997 CET5570059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:54.771951914 CET5996255700154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:55.645735025 CET5996255700154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:55.646048069 CET5570059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:55.646048069 CET5570059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:55.653640985 CET5570259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:55.658608913 CET5996255702154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:55.658703089 CET5570259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:55.658766985 CET5570259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:55.663789034 CET5996255702154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:55.663846016 CET5570259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:55.669183969 CET5996255702154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:56.542937040 CET5996255702154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:56.543195009 CET5570259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:56.543195009 CET5570259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:56.551728010 CET5570459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:56.556674957 CET5996255704154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:56.556741953 CET5570459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:56.556828022 CET5570459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:56.562155008 CET5996255704154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:56.562200069 CET5570459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:56.567400932 CET5996255704154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:57.492625952 CET5996255704154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:57.492990017 CET5570459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:57.493014097 CET5570459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:57.502300978 CET5570659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:57.508256912 CET5996255706154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:57.508346081 CET5570659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:57.508411884 CET5570659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:57.514072895 CET5996255706154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:57.514138937 CET5570659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:57.520128965 CET5996255706154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:58.396102905 CET5996255706154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:58.396121025 CET5996255706154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:58.396266937 CET5570659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:58.396286964 CET5570659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:58.396333933 CET5570659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:58.404263973 CET5570859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:58.409257889 CET5996255708154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:58.409339905 CET5570859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:58.409399986 CET5570859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:58.414824963 CET5996255708154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:58.414889097 CET5570859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:58.419698954 CET5996255708154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:59.289431095 CET5996255708154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:59.289554119 CET5570859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:59.289593935 CET5570859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:59.296593904 CET5571059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:59.301590919 CET5996255710154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:59.301646948 CET5571059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:59.301671028 CET5571059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:59.306494951 CET5996255710154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:17:59.306543112 CET5571059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:17:59.311542988 CET5996255710154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:00.215033054 CET5996255710154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:00.215102911 CET5996255710154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:00.215193987 CET5571059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:00.215193987 CET5571059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:00.215234041 CET5571059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:00.222642899 CET5571259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:00.227806091 CET5996255712154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:00.227891922 CET5571259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:00.227925062 CET5571259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:00.232764006 CET5996255712154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:00.232819080 CET5571259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:00.237631083 CET5996255712154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:01.102232933 CET5996255712154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:01.102267981 CET5996255712154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:01.102423906 CET5571259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:01.102423906 CET5571259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:01.102511883 CET5571259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:01.109533072 CET5571459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:01.114429951 CET5996255714154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:01.114543915 CET5571459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:01.114578962 CET5571459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:01.119466066 CET5996255714154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:01.119544029 CET5571459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:01.124401093 CET5996255714154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:02.554996967 CET5996255714154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:02.555016994 CET5996255714154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:02.555028915 CET5996255714154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:02.555381060 CET5571459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:02.555381060 CET5571459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:02.555382013 CET5571459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:02.555399895 CET5996255714154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:02.555455923 CET5571459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:02.555486917 CET5571459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:02.563414097 CET5571659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:02.568257093 CET5996255716154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:02.568340063 CET5571659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:02.568396091 CET5571659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:02.573544979 CET5996255716154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:02.573609114 CET5571659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:02.579804897 CET5996255716154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:03.466907978 CET5996255716154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:03.466928005 CET5996255716154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:03.467031956 CET5571659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:03.467051983 CET5571659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:03.467116117 CET5571659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:03.478961945 CET5571859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:03.483933926 CET5996255718154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:03.483998060 CET5571859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:03.484081984 CET5571859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:03.488959074 CET5996255718154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:03.489012003 CET5571859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:03.493876934 CET5996255718154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:04.373442888 CET5996255718154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:04.373584986 CET5571859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:04.373646021 CET5571859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:04.380454063 CET5572059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:04.385335922 CET5996255720154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:04.385412931 CET5572059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:04.385488033 CET5572059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:04.390279055 CET5996255720154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:04.390331984 CET5572059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:04.395200968 CET5996255720154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:05.288845062 CET5996255720154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:05.289165974 CET5572059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:05.289226055 CET5572059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:05.296222925 CET5572259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:05.301090956 CET5996255722154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:05.301179886 CET5572259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:05.301251888 CET5572259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:05.306062937 CET5996255722154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:05.306129932 CET5572259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:05.311007977 CET5996255722154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:06.311424971 CET5996255722154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:06.311561108 CET5572259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:06.311619043 CET5572259962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:06.318519115 CET5572459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:06.323388100 CET5996255724154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:06.323465109 CET5572459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:06.323522091 CET5572459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:06.328346968 CET5996255724154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:06.328421116 CET5572459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:06.333210945 CET5996255724154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:07.233908892 CET5996255724154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:07.233931065 CET5996255724154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:07.234220982 CET5572459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:07.234347105 CET5572459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:07.234386921 CET5572459962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:07.241729975 CET5572659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:07.246579885 CET5996255726154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:07.246670961 CET5572659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:07.246742964 CET5572659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:07.251554966 CET5996255726154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:07.251645088 CET5572659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:07.256510973 CET5996255726154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:08.123991966 CET5996255726154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:08.124197960 CET5572659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:08.124293089 CET5572659962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:08.135030031 CET5572859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:08.139897108 CET5996255728154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:08.139978886 CET5572859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:08.140036106 CET5572859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:08.144972086 CET5996255728154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:08.145030975 CET5572859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:08.149916887 CET5996255728154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:09.030014038 CET5996255728154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:09.030200958 CET5572859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:09.030227900 CET5572859962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:09.038201094 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:09.043149948 CET5996255730154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:09.043226004 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:09.043257952 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:09.048257113 CET5996255730154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:09.048330069 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:09.053272963 CET5996255730154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:19.043585062 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:19.048829079 CET5996255730154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:20.358720064 CET5996255730154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:20.359087944 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:20.360008001 CET5996255730154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:20.360053062 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:20.360198021 CET5996255730154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:20.360236883 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:20.360718966 CET5996255730154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:20.360758066 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:37.847217083 CET5573059962192.168.2.13154.216.16.38
                                  Nov 2, 2024 16:18:37.852477074 CET5996255730154.216.16.38192.168.2.13
                                  Nov 2, 2024 16:18:37.852534056 CET5573059962192.168.2.13154.216.16.38

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Nov 2, 2024 16:17:53.855060101 CET5467353192.168.2.138.8.8.8
                                  Nov 2, 2024 16:17:53.863471031 CET53546738.8.8.8192.168.2.13
                                  Nov 2, 2024 16:17:54.748817921 CET3807153192.168.2.138.8.8.8
                                  Nov 2, 2024 16:17:54.756567001 CET53380718.8.8.8192.168.2.13
                                  Nov 2, 2024 16:17:55.646245956 CET5568953192.168.2.138.8.8.8
                                  Nov 2, 2024 16:17:55.653470039 CET53556898.8.8.8192.168.2.13
                                  Nov 2, 2024 16:17:56.543335915 CET4210653192.168.2.138.8.8.8
                                  Nov 2, 2024 16:17:56.551594973 CET53421068.8.8.8192.168.2.13
                                  Nov 2, 2024 16:17:57.493168116 CET5630853192.168.2.138.8.8.8
                                  Nov 2, 2024 16:17:57.502151966 CET53563088.8.8.8192.168.2.13
                                  Nov 2, 2024 16:17:58.396425962 CET5542953192.168.2.138.8.8.8
                                  Nov 2, 2024 16:17:58.404103994 CET53554298.8.8.8192.168.2.13
                                  Nov 2, 2024 16:17:59.289679050 CET4415753192.168.2.138.8.8.8
                                  Nov 2, 2024 16:17:59.296492100 CET53441578.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:00.215361118 CET4655153192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:00.222517967 CET53465518.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:01.102639914 CET5480253192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:01.109334946 CET53548028.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:02.555581093 CET4766953192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:02.563272953 CET53476698.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:03.467227936 CET4007053192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:03.474040985 CET53400708.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:04.373779058 CET4713353192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:04.380309105 CET53471338.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:05.289359093 CET6062153192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:05.296061993 CET53606218.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:06.311688900 CET3549353192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:06.318356037 CET53354938.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:07.234528065 CET5573453192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:07.241547108 CET53557348.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:08.124435902 CET5483553192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:08.130944014 CET53548358.8.8.8192.168.2.13
                                  Nov 2, 2024 16:18:09.030320883 CET5530553192.168.2.138.8.8.8
                                  Nov 2, 2024 16:18:09.038034916 CET53553058.8.8.8192.168.2.13
                                  Nov 2, 2024 16:20:39.770241976 CET5414253192.168.2.138.8.8.8
                                  Nov 2, 2024 16:20:39.770288944 CET4840653192.168.2.138.8.8.8
                                  Nov 2, 2024 16:20:39.778901100 CET53484068.8.8.8192.168.2.13
                                  Nov 2, 2024 16:20:39.779053926 CET53541428.8.8.8192.168.2.13

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Nov 2, 2024 16:17:53.855060101 CET192.168.2.138.8.8.80x6161Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:54.748817921 CET192.168.2.138.8.8.80x1ff5Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:55.646245956 CET192.168.2.138.8.8.80xfa5aStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:56.543335915 CET192.168.2.138.8.8.80xf744Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:57.493168116 CET192.168.2.138.8.8.80x6e1cStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:58.396425962 CET192.168.2.138.8.8.80x63ccStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:59.289679050 CET192.168.2.138.8.8.80x1639Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:00.215361118 CET192.168.2.138.8.8.80xc039Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:01.102639914 CET192.168.2.138.8.8.80xb451Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:02.555581093 CET192.168.2.138.8.8.80x7fabStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:03.467227936 CET192.168.2.138.8.8.80x5d05Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:04.373779058 CET192.168.2.138.8.8.80x49fdStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:05.289359093 CET192.168.2.138.8.8.80x4a47Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:06.311688900 CET192.168.2.138.8.8.80x1736Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:07.234528065 CET192.168.2.138.8.8.80xe023Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:08.124435902 CET192.168.2.138.8.8.80x4aceStandard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:09.030320883 CET192.168.2.138.8.8.80x8049Standard query (0)server.myway-ing.winA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:20:39.770241976 CET192.168.2.138.8.8.80xb5b0Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:20:39.770288944 CET192.168.2.138.8.8.80x1046Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Nov 2, 2024 16:17:53.863471031 CET8.8.8.8192.168.2.130x6161No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:54.756567001 CET8.8.8.8192.168.2.130x1ff5No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:55.653470039 CET8.8.8.8192.168.2.130xfa5aNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:56.551594973 CET8.8.8.8192.168.2.130xf744No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:57.502151966 CET8.8.8.8192.168.2.130x6e1cNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:58.404103994 CET8.8.8.8192.168.2.130x63ccNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:17:59.296492100 CET8.8.8.8192.168.2.130x1639No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:00.222517967 CET8.8.8.8192.168.2.130xc039No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:01.109334946 CET8.8.8.8192.168.2.130xb451No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:02.563272953 CET8.8.8.8192.168.2.130x7fabNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:03.474040985 CET8.8.8.8192.168.2.130x5d05No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:04.380309105 CET8.8.8.8192.168.2.130x49fdNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:05.296061993 CET8.8.8.8192.168.2.130x4a47No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:06.318356037 CET8.8.8.8192.168.2.130x1736No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:07.241547108 CET8.8.8.8192.168.2.130xe023No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:08.130944014 CET8.8.8.8192.168.2.130x4aceNo error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:18:09.038034916 CET8.8.8.8192.168.2.130x8049No error (0)server.myway-ing.win154.216.16.38A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:20:39.779053926 CET8.8.8.8192.168.2.130xb5b0No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                  Nov 2, 2024 16:20:39.779053926 CET8.8.8.8192.168.2.130xb5b0No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                                  System Behavior

                                  General

                                  Start time (UTC):15:17:51
                                  Start date (UTC):02/11/2024
                                  Path:/tmp/debug.dbg.elf
                                  Arguments:/tmp/debug.dbg.elf
                                  File size:70832 bytes
                                  MD5 hash:5ebf5890d7d2c998b801d48b87667276

                                  Chronological Activities


                                  General

                                  Start time (UTC):15:17:52
                                  Start date (UTC):02/11/2024
                                  Path:/tmp/debug.dbg.elf
                                  Arguments:-
                                  File size:70832 bytes
                                  MD5 hash:5ebf5890d7d2c998b801d48b87667276

                                  Chronological Activities