Edit tour

Linux Analysis Report
mips.elf

Overview

General Information

Sample name:mips.elf
Analysis ID:1616819
MD5:9e87e6552b22865382efe2097dd065fa
SHA1:beaa6fd2d70c8dd636dea67265c8d89f0faad29a
SHA256:d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Opens /sys/class/net/* files useful for querying network interface information
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1616819
Start date and time:2025-02-17 08:49:07 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 52s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mips.elf
Detection:MAL
Classification:mal64.troj.spyw.evad.linELF@0/0@1/0
Command:/tmp/mips.elf
PID:5494
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Firmware update in progress
Standard Error:
  • system is lnxubuntu20
  • mips.elf (PID: 5494, Parent: 5419, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mips.elf
    • mips.elf New Fork (PID: 5497, Parent: 5494)
      • mips.elf New Fork (PID: 5500, Parent: 5497)
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: mips.elfVirustotal: Detection: 19%Perma Link
Source: mips.elfReversingLabs: Detection: 21%

Networking

barindex
Source: global trafficTCP traffic: 103.35.190.176 ports 5223,2,3,5,2222,3724
Source: /tmp/mips.elf (PID: 5497)Opens: /sys/class/net/Jump to behavior
Source: /tmp/mips.elf (PID: 5497)Opens: /sys/class/net/lo/addressJump to behavior
Source: /tmp/mips.elf (PID: 5497)Opens: /sys/class/net/ens160/addressJump to behavior
Source: /tmp/mips.elf (PID: 5497)Opens: /sys/class/net/ens160/flagsJump to behavior
Source: /tmp/mips.elf (PID: 5497)Opens: /sys/class/net/ens160/carrierJump to behavior
Source: global trafficTCP traffic: 192.168.2.13:38816 -> 1.1.1.1:554
Source: global trafficTCP traffic: 192.168.2.13:45794 -> 103.35.190.176:3724
Source: global trafficTCP traffic: 192.168.2.13:49982 -> 8.8.8.8:19153
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownTCP traffic detected without corresponding DNS query: 103.35.190.176
Source: unknownUDP traffic detected without corresponding DNS query: 172.217.192.127
Source: unknownUDP traffic detected without corresponding DNS query: 217.160.70.42
Source: global trafficDNS traffic detected: DNS query: iranistrash.libre
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal64.troj.spyw.evad.linELF@0/0@1/0

Hooking and other Techniques for Hiding and Protection

barindex
Source: /tmp/mips.elf (PID: 5494)File: /tmp/mips.elfJump to behavior
Source: /tmp/mips.elf (PID: 5494)Queries kernel information via 'uname': Jump to behavior
Source: /tmp/mips.elf (PID: 5497)Queries kernel information via 'uname': Jump to behavior
Source: mips.elf, 5494.1.000056293643e000.00005629364c5000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: mips.elf, 5494.1.00007ffd30858000.00007ffd30879000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
Source: mips.elf, 5494.1.000056293643e000.00005629364c5000.rw-.sdmpBinary or memory string: 7E6)V 0E6)V!/etc/qemu-binfmt/mips
Source: mips.elf, 5494.1.00007ffd30858000.00007ffd30879000.rw-.sdmpBinary or memory string: 'x86_64/usr/bin/qemu-mips/tmp/mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.elf

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: iranistrash.libre
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
File Deletion
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1616819 Sample: mips.elf Startdate: 17/02/2025 Architecture: LINUX Score: 64 16 iranistrash.libre 2->16 18 103.35.190.176, 2222, 3724, 38696 VECTANTARTERIANetworksCorporationJP Japan 2->18 20 3 other IPs or domains 2->20 22 Multi AV Scanner detection for submitted file 2->22 24 Connects to many ports of the same IP (likely port scanning) 2->24 8 mips.elf 2->8         started        signatures3 26 Performs DNS TXT record lookups 16->26 process4 signatures5 28 Sample deletes itself 8->28 11 mips.elf 8->11         started        process6 signatures7 30 Opens /sys/class/net/* files useful for querying network interface information 11->30 14 mips.elf 11->14         started        process8
SourceDetectionScannerLabelLink
mips.elf19%VirustotalBrowse
mips.elf22%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
iranistrash.libre
unknown
unknownfalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    8.8.8.8
    unknownUnited States
    15169GOOGLEUSfalse
    1.1.1.1
    unknownAustralia
    13335CLOUDFLARENETUSfalse
    103.35.190.176
    unknownJapan2519VECTANTARTERIANetworksCorporationJPtrue
    172.217.192.127
    unknownUnited States
    15169GOOGLEUSfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    1.1.1.1watchdog.elfGet hashmaliciousXmrigBrowse
    • 1.1.1.1:8080/
    6fW0GedR6j.xlsGet hashmaliciousUnknownBrowse
    • 1.1.1.1/ctrl/playback.php
    PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
    • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
    AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
    • 1.1.1.1/
    103.35.190.176armv6l.elfGet hashmaliciousUnknownBrowse
      mipsel.elfGet hashmaliciousUnknownBrowse
        sh4.elfGet hashmaliciousUnknownBrowse
          armv4l.elfGet hashmaliciousUnknownBrowse
            sparc.elfGet hashmaliciousUnknownBrowse
              mips.elfGet hashmaliciousUnknownBrowse
                mipsel.elfGet hashmaliciousUnknownBrowse
                  No context
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  CLOUDFLARENETUShttps://https.www.secure.kb4.io/XR1dUdXYxc1dKVXpvYWtZcnZXOWVGWG9NZ2tDSk94TFRTUHVtbTI2dGYyZVJ3RkNVdDBQUy9kVUVCQ21iRktUa2hBV0pVemtGKzgrTzBlWjVZZldzYjlXVlhxRjh1VGx4SzJPeEVGZFpOZHF6aytkT0RzemUvT3hzS0lzQXNGVW5xd1NKVGJSSklxQkJwQkE2bzl4aHpCVG5xQnZGNDRObzhYZ2lUc3V2OTBjRXhRWHR5ai9UbExXRm9RUUczb1dLVTNlMmNBPT0tLU1VMGVQYWJGb1p2YVFUcW8tLUhOUWU2Nk1walZ5cHFGZmVkV3k5OUE9PQ==?cid=315805208Get hashmaliciousKnowBe4Browse
                  • 104.17.247.203
                  armv4l.elfGet hashmaliciousUnknownBrowse
                  • 1.1.1.1
                  http://7lwsw.balistrera.my/khdsdpaednGet hashmaliciousHTMLPhisherBrowse
                  • 172.67.172.122
                  http://hengamsubdomain.hengam.io/ls/click?upn=u001.JQDF40m9oaKPC3keBkLMs1-2By3SxbSYElatIs9mEXN6pVhebS33z9lhrbkTXAG1aIghDoU1e3JLdRQZsfdKyCqw-3D-3D2hu8_PdzQ0IY67nhnHkjyXJLaNle0r4LRw4Labut0j4MFN43DRemhw4xrFK2ar09JcLGeIpcxINEB3CzObK1X5g4pbEWnkBMCWWb-2Fk7HPOlf5JCf8TZAflrQ7FxYXLzC9m9IdhW4FiGuGBqn4pL4hvjs5hiSeBOwnzcayeYdxKA9i5gRsMMAMqrkQMGvk3iMAAk7GHwqjZrKgbyr9vmv5qh9Z4Prn2LbEbg5ySXCQZAay3ipef15CX0VPWdoqL0YVw1tJE3YiWy0oRpx3-2FqSggOmZ902t1O-2BMOdgsK6QFHroqo1k-3DGet hashmaliciousUnknownBrowse
                  • 104.21.87.54
                  https://t.co/E08Tq5DXPjGet hashmaliciousHTMLPhisherBrowse
                  • 172.66.0.227
                  http://hengamsubdomain.hengam.io/ls/click?upn=u001.JQDF40m9oaKPC3keBkLMs1-2By3SxbSYElatIs9mEXN6ph8uC5zTiXfY-2FcmioYUTLZHxVXEUG3K6iXA92a-2BfWykg-3D-3DVTHB_PdzQ0IY67nhnHkjyXJLaNle0r4LRw4Labut0j4MFN43DRemhw4xrFK2ar09JcLGe-2FO4UFCiwBRel4jTum3lDiYqKYg4cnaLiN2pw40sj9uADJpMgyFOdoChpMfVyYOqfattBFqzweUka1kBdcSXU5Ec0ozXE8GjG0NWTJ94-2FteqpRO0fIID2kY1dF8vI5jgjfNUQLLTA52mTUQPp603nKdmWID2rkzw-2FBqOf1lUx8YHDBTWRNevwvM8IohrM1wRzoWUwSBXOQ1g3CcBHzpsKLT1YWfOnHjtahcQfTGfz2-2Fk-3DGet hashmaliciousUnknownBrowse
                  • 172.67.141.229
                  SPECIFICATIONS112025.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                  • 104.21.80.1
                  Play_VM-Now(beverly.wilson)VWAV.html.._Get hashmaliciousUnknownBrowse
                  • 104.17.25.14
                  https://codaria.com.br/user/claim/qantas/auth/auhs1Get hashmaliciousUnknownBrowse
                  • 104.21.54.112
                  powerpc.elfGet hashmaliciousUnknownBrowse
                  • 1.1.1.1
                  VECTANTARTERIANetworksCorporationJParmv6l.elfGet hashmaliciousUnknownBrowse
                  • 103.35.190.176
                  mipsel.elfGet hashmaliciousUnknownBrowse
                  • 103.35.190.176
                  sh4.elfGet hashmaliciousUnknownBrowse
                  • 103.35.190.176
                  armv4l.elfGet hashmaliciousUnknownBrowse
                  • 36.3.233.191
                  armv6l.elfGet hashmaliciousUnknownBrowse
                  • 122.223.93.2
                  Owari.arm.elfGet hashmaliciousUnknownBrowse
                  • 203.114.9.204
                  res.mips.elfGet hashmaliciousUnknownBrowse
                  • 220.158.51.57
                  jade.sh4.elfGet hashmaliciousMiraiBrowse
                  • 36.2.53.56
                  Fantazy.sh4.elfGet hashmaliciousMiraiBrowse
                  • 157.14.200.76
                  x86.elfGet hashmaliciousMirai, MoobotBrowse
                  • 157.14.224.29
                  No context
                  No context
                  No created / dropped files found
                  File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                  Entropy (8bit):5.476786652373029
                  TrID:
                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                  File name:mips.elf
                  File size:88'192 bytes
                  MD5:9e87e6552b22865382efe2097dd065fa
                  SHA1:beaa6fd2d70c8dd636dea67265c8d89f0faad29a
                  SHA256:d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6
                  SHA512:1adcd8655a2ccba7cdb82861f7be64e7a3afea11a5bc0d82cdd29503a860e4d134457648d0866efad93015e92a07e8b7e93b3c11f3b74fec21521a5dfccecfb1
                  SSDEEP:1536:3Hd7wZlW8kaMdUnKfcissPtBewrpDUjavP5mapHHaSUdl2u/n1Dxh5twT:t9UStfcissPXeG5ma16Sclh7hYT
                  TLSH:6A83C61E6E158FACF7A9C63107B79E21974D37C727E1CA41E16CEA001E7024E685FB68
                  File Content Preview:.ELF.....................@.`...4..V......4. ...(.............@...@....O0..O0..............P..EP..EP....T...$........dt.Q............................<...'..<...!'.......................<...'......!... ....'9... ......................<...'......!........'9F

                  ELF header

                  Class:ELF32
                  Data:2's complement, big endian
                  Version:1 (current)
                  Machine:MIPS R3000
                  Version Number:0x1
                  Type:EXEC (Executable file)
                  OS/ABI:UNIX - System V
                  ABI Version:0
                  Entry Point Address:0x400260
                  Flags:0x1007
                  ELF Header Size:52
                  Program Header Offset:52
                  Program Header Size:32
                  Number of Program Headers:3
                  Section Header Offset:87712
                  Section Header Size:40
                  Number of Section Headers:12
                  Header String Table Index:11
                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                  NULL0x00x00x00x00x0000
                  .initPROGBITS0x4000940x940x8c0x00x6AX004
                  .textPROGBITS0x4001200x1200x145e00x00x6AX0016
                  .finiPROGBITS0x4147000x147000x5c0x00x6AX004
                  .rodataPROGBITS0x4147600x147600x7d00x00x2A0016
                  .ctorsPROGBITS0x4550000x150000x80x00x3WA004
                  .dtorsPROGBITS0x4550080x150080x80x00x3WA004
                  .dataPROGBITS0x4550200x150200x1b80x00x3WA0016
                  .gotPROGBITS0x4551e00x151e00x4740x40x10000003WAp0016
                  .sbssNOBITS0x4556540x156540x80x00x10000003WAp004
                  .bssNOBITS0x4556600x156540x14c40x00x3WA0016
                  .shstrtabSTRTAB0x00x156540x490x00x0001
                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                  LOAD0x00x4000000x4000000x14f300x14f305.50350x5R E0x10000.init .text .fini .rodata
                  LOAD0x150000x4550000x4550000x6540x1b243.60080x6RW 0x10000.ctors .dtors .data .got .sbss .bss
                  GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                  Download Network PCAP: filteredfull

                  • Total Packets: 25
                  • 19153 undefined
                  • 5223 undefined
                  • 3724 undefined
                  • 2222 undefined
                  • 554 undefined
                  • 53 (DNS)
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 17, 2025 08:50:17.456382990 CET386965223192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:17.464199066 CET522338696103.35.190.176192.168.2.13
                  Feb 17, 2025 08:50:17.464287996 CET386965223192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:17.464652061 CET386965223192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:17.471788883 CET522338696103.35.190.176192.168.2.13
                  Feb 17, 2025 08:50:27.475104094 CET386965223192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:27.480295897 CET522338696103.35.190.176192.168.2.13
                  Feb 17, 2025 08:50:27.480360031 CET386965223192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:28.477763891 CET38816554192.168.2.131.1.1.1
                  Feb 17, 2025 08:50:28.482877970 CET554388161.1.1.1192.168.2.13
                  Feb 17, 2025 08:50:28.482980013 CET38816554192.168.2.131.1.1.1
                  Feb 17, 2025 08:50:28.483285904 CET38816554192.168.2.131.1.1.1
                  Feb 17, 2025 08:50:28.488476038 CET554388161.1.1.1192.168.2.13
                  Feb 17, 2025 08:50:38.491211891 CET38816554192.168.2.131.1.1.1
                  Feb 17, 2025 08:50:38.537802935 CET554388161.1.1.1192.168.2.13
                  Feb 17, 2025 08:50:39.495171070 CET457943724192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:39.500686884 CET372445794103.35.190.176192.168.2.13
                  Feb 17, 2025 08:50:39.500778913 CET457943724192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:39.500860929 CET457943724192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:39.507214069 CET372445794103.35.190.176192.168.2.13
                  Feb 17, 2025 08:50:49.503350019 CET457943724192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:49.509494066 CET372445794103.35.190.176192.168.2.13
                  Feb 17, 2025 08:50:49.509752035 CET457943724192.168.2.13103.35.190.176
                  Feb 17, 2025 08:50:49.905770063 CET554388161.1.1.1192.168.2.13
                  Feb 17, 2025 08:50:49.906286001 CET38816554192.168.2.131.1.1.1
                  Feb 17, 2025 08:50:52.506252050 CET4998219153192.168.2.138.8.8.8
                  Feb 17, 2025 08:50:52.511147022 CET19153499828.8.8.8192.168.2.13
                  Feb 17, 2025 08:50:52.511234999 CET4998219153192.168.2.138.8.8.8
                  Feb 17, 2025 08:50:52.511276960 CET4998219153192.168.2.138.8.8.8
                  Feb 17, 2025 08:50:52.516385078 CET19153499828.8.8.8192.168.2.13
                  Feb 17, 2025 08:51:02.517334938 CET4998219153192.168.2.138.8.8.8
                  Feb 17, 2025 08:51:02.564510107 CET19153499828.8.8.8192.168.2.13
                  Feb 17, 2025 08:51:03.521840096 CET404622222192.168.2.13103.35.190.176
                  Feb 17, 2025 08:51:03.527595997 CET222240462103.35.190.176192.168.2.13
                  Feb 17, 2025 08:51:03.527848959 CET404622222192.168.2.13103.35.190.176
                  Feb 17, 2025 08:51:03.527959108 CET404622222192.168.2.13103.35.190.176
                  Feb 17, 2025 08:51:03.532804012 CET222240462103.35.190.176192.168.2.13
                  Feb 17, 2025 08:51:10.219680071 CET222240462103.35.190.176192.168.2.13
                  Feb 17, 2025 08:51:10.220015049 CET404622222192.168.2.13103.35.190.176
                  Feb 17, 2025 08:51:13.869065046 CET19153499828.8.8.8192.168.2.13
                  Feb 17, 2025 08:51:13.869254112 CET4998219153192.168.2.138.8.8.8
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 17, 2025 08:50:16.706321955 CET30913478192.168.2.13172.217.192.127
                  Feb 17, 2025 08:50:17.272252083 CET34783091172.217.192.127192.168.2.13
                  Feb 17, 2025 08:50:17.425178051 CET5607953192.168.2.13217.160.70.42
                  Feb 17, 2025 08:50:17.453327894 CET5356079217.160.70.42192.168.2.13
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Feb 17, 2025 08:50:17.425178051 CET192.168.2.13217.160.70.420x4ec5Standard query (0)iranistrash.libre16IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Feb 17, 2025 08:50:17.453327894 CET217.160.70.42192.168.2.130x4ec5No error (0)iranistrash.libreTXT (Text strings)IN (0x0001)false

                  System Behavior

                  Start time (UTC):07:50:14
                  Start date (UTC):17/02/2025
                  Path:/tmp/mips.elf
                  Arguments:/tmp/mips.elf
                  File size:5777432 bytes
                  MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                  Start time (UTC):07:50:17
                  Start date (UTC):17/02/2025
                  Path:/tmp/mips.elf
                  Arguments:-
                  File size:5777432 bytes
                  MD5 hash:0083f1f0e77be34ad27f849842bbb00c