Linux
Analysis Report
debug.dbg.elf
Overview
General Information
Sample name: | debug.dbg.elf |
Analysis ID: | 1634284 |
MD5: | 994546ec709cd259d26572c6c648ff3c |
SHA1: | 14eb6fb10abc34568901ed6dc5a8100cad229639 |
SHA256: | 3a87f9a9f0ac2407e7b413926cc23d47c5e17d4ab554bcbb221661dbc0feab9a |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Mirai
Score: | 76 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Uses dynamic DNS services
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1634284 |
Start date and time: | 2025-03-10 21:36:10 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 36s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | debug.dbg.elf |
Detection: | MAL |
Classification: | mal76.troj.linELF@0/0@20/0 |
Command: | /tmp/debug.dbg.elf |
PID: | 5424 |
Exit Code: | |
Exit Code Info: | |
Killed: | True |
Standard Output: | unstable_is_the_history_of_universe [magician] debug mode, pid: 5424 [magician] we are the only process on this system! [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select (unstable/resolver) found ipv4 address: 98f5bfa0 (unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses [magician] resolved domain [magician] connected to cnc successfully [magician] attempting to connect to cnc (unstable/resolver) got response from select |
Standard Error: |
- system is lnxubuntu20
- dash New Fork (PID: 5409, Parent: 3577)
- dash New Fork (PID: 5410, Parent: 3577)
- debug.dbg.elf New Fork (PID: 5425, Parent: 5424)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Mirai_b14f4c5d | unknown | unknown |
| |
Linux_Trojan_Mirai_88de437f | unknown | unknown |
| |
Linux_Trojan_Mirai_389ee3e9 | unknown | unknown |
| |
Click to see the 2 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Mirai_b14f4c5d | unknown | unknown |
| |
Linux_Trojan_Mirai_88de437f | unknown | unknown |
| |
Linux_Trojan_Mirai_389ee3e9 | unknown | unknown |
| |
Click to see the 3 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Networking |
---|
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | 1 OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 12 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
53% | ReversingLabs | Linux.Trojan.Mirai | ||
55% | Virustotal | Browse | ||
100% | Avira | EXP/ELF.Mirai.Z.A |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.24 | true | false | high | |
huyhoangluvnhi.duckdns.org | 160.191.245.152 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
160.191.245.152 | huyhoangluvnhi.duckdns.org | unknown | 2907 | SINET-ASResearchOrganizationofInformationandSystemsN | false | |
185.125.190.26 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
160.191.245.152 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
185.125.190.26 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Fog | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
huyhoangluvnhi.duckdns.org | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
SINET-ASResearchOrganizationofInformationandSystemsN | Get hash | malicious | Mirai, Moobot | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.542475008334571 |
TrID: |
|
File name: | debug.dbg.elf |
File size: | 55'504 bytes |
MD5: | 994546ec709cd259d26572c6c648ff3c |
SHA1: | 14eb6fb10abc34568901ed6dc5a8100cad229639 |
SHA256: | 3a87f9a9f0ac2407e7b413926cc23d47c5e17d4ab554bcbb221661dbc0feab9a |
SHA512: | b56b64cad9c3401fc173970f61705abcae5d58fa33ab6af3dff3407c75084c5fb6778a10662dae69eb749e3653ed7fa8609c200270cc89ba91df207c7ade02fe |
SSDEEP: | 1536:uITW3WsRUK1ZgQohZGvSM0vTwGF5TTSlai:uIK3lRUK1ZgH/GvSVvMaTUH |
TLSH: | FB436CD4E643D8F5D8071AB1113AF7375E31F1F92218EA93D3A4EA32BC53641E546A8C |
File Content Preview: | .ELF....................d...4...@.......4. ...(.....................|...|....................d...d.......'..........Q.td............................U..S............h........[]...$.............U......=.g...t..5.....d......d......u........t....h|T.......... |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 55104 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8048094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x80480b0 | 0xb0 | 0xaef6 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x8052fa6 | 0xafa6 | 0x17 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x8052fc0 | 0xafc0 | 0x24bc | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x8056480 | 0xd480 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x8056488 | 0xd488 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x80564a0 | 0xd4a0 | 0x260 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x8056700 | 0xd700 | 0x2480 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0xd700 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8048000 | 0x8048000 | 0xd47c | 0xd47c | 6.5803 | 0x5 | R E | 0x1000 | .init .text .fini .rodata | |
LOAD | 0xd480 | 0x8056480 | 0x8056480 | 0x280 | 0x2700 | 3.4890 | 0x6 | RW | 0x1000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 134
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 10, 2025 21:36:48.820678949 CET | 45070 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:48.825539112 CET | 56999 | 45070 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:48.825592041 CET | 45070 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:48.825624943 CET | 45070 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:48.831299067 CET | 56999 | 45070 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:48.831358910 CET | 45070 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:48.836724997 CET | 56999 | 45070 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:49.773530006 CET | 56999 | 45070 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:49.773658037 CET | 45070 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:49.773658037 CET | 45070 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:49.780960083 CET | 45072 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:49.785861969 CET | 56999 | 45072 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:49.785940886 CET | 45072 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:49.785940886 CET | 45072 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:49.790839911 CET | 56999 | 45072 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:49.794131994 CET | 45072 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:49.799014091 CET | 56999 | 45072 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:50.740382910 CET | 56999 | 45072 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:50.740515947 CET | 45072 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:50.743666887 CET | 45072 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:50.838113070 CET | 45074 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:50.842983007 CET | 56999 | 45074 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:50.843947887 CET | 45074 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:50.843947887 CET | 45074 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:50.848750114 CET | 56999 | 45074 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:50.848833084 CET | 45074 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:50.853741884 CET | 56999 | 45074 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:51.780983925 CET | 56999 | 45074 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:51.781192064 CET | 45074 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:51.781275034 CET | 45074 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:51.878019094 CET | 45076 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:51.882900000 CET | 56999 | 45076 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:51.882949114 CET | 45076 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:51.882962942 CET | 45076 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:51.887818098 CET | 56999 | 45076 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:51.887865067 CET | 45076 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:51.892736912 CET | 56999 | 45076 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:53.266194105 CET | 56999 | 45076 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:53.266448021 CET | 45076 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:53.266474009 CET | 45076 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:53.267654896 CET | 56999 | 45076 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:53.267710924 CET | 45076 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:53.269931078 CET | 56999 | 45076 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:53.269975901 CET | 45076 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:53.365411043 CET | 45078 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:53.370249033 CET | 56999 | 45078 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:53.370379925 CET | 45078 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:53.370395899 CET | 45078 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:53.375191927 CET | 56999 | 45078 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:53.375247955 CET | 45078 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:53.380042076 CET | 56999 | 45078 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:54.348808050 CET | 56999 | 45078 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:54.348942041 CET | 45078 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:54.348942041 CET | 45078 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:56.447351933 CET | 45080 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:56.452444077 CET | 56999 | 45080 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:56.452569962 CET | 45080 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:56.452611923 CET | 45080 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:56.457442999 CET | 56999 | 45080 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:56.457506895 CET | 45080 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:56.463300943 CET | 56999 | 45080 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:57.404176950 CET | 56999 | 45080 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:57.404325962 CET | 45080 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:57.404365063 CET | 45080 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:57.512315989 CET | 45082 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:57.517163038 CET | 56999 | 45082 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:57.517227888 CET | 45082 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:57.517256975 CET | 45082 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:57.522021055 CET | 56999 | 45082 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:57.522067070 CET | 45082 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:57.526807070 CET | 56999 | 45082 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:58.494503975 CET | 56999 | 45082 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:58.494824886 CET | 45082 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:58.494826078 CET | 45082 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:58.501774073 CET | 45084 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:58.506580114 CET | 56999 | 45084 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:58.506669998 CET | 45084 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:58.506728888 CET | 45084 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:58.511477947 CET | 56999 | 45084 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:58.511533022 CET | 45084 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:58.517364025 CET | 56999 | 45084 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:59.371402025 CET | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Mar 10, 2025 21:36:59.437571049 CET | 56999 | 45084 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:59.437704086 CET | 45084 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:59.437815905 CET | 45084 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:59.446747065 CET | 45086 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:59.451992989 CET | 56999 | 45086 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:59.452059031 CET | 45086 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:59.452131033 CET | 45086 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:59.457305908 CET | 56999 | 45086 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:36:59.457357883 CET | 45086 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:36:59.462177038 CET | 56999 | 45086 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:00.386605978 CET | 56999 | 45086 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:00.386723995 CET | 45086 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:00.386765957 CET | 45086 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:00.394311905 CET | 45088 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:00.399133921 CET | 56999 | 45088 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:00.399188995 CET | 45088 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:00.399225950 CET | 45088 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:00.404025078 CET | 56999 | 45088 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:00.404072046 CET | 45088 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:00.408898115 CET | 56999 | 45088 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:01.331213951 CET | 56999 | 45088 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:01.331356049 CET | 45088 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:01.331394911 CET | 45088 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:01.338485956 CET | 45090 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:01.343456030 CET | 56999 | 45090 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:01.343569040 CET | 45090 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:01.343569040 CET | 45090 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:01.348417997 CET | 56999 | 45090 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:01.348481894 CET | 45090 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:01.353266954 CET | 56999 | 45090 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:02.277445078 CET | 56999 | 45090 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:02.277695894 CET | 45090 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:02.277765989 CET | 45090 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:02.284898043 CET | 45092 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:02.289766073 CET | 56999 | 45092 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:02.289877892 CET | 45092 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:02.289947033 CET | 45092 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:02.294761896 CET | 56999 | 45092 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:02.294862032 CET | 45092 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:02.299631119 CET | 56999 | 45092 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:03.263415098 CET | 56999 | 45092 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:03.263534069 CET | 45092 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:03.263571978 CET | 45092 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:03.270904064 CET | 45094 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:03.275789976 CET | 56999 | 45094 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:03.275883913 CET | 45094 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:03.275907993 CET | 45094 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:03.280744076 CET | 56999 | 45094 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:03.280798912 CET | 45094 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:03.288104057 CET | 56999 | 45094 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:04.230654955 CET | 56999 | 45094 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:04.230783939 CET | 45094 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:04.230812073 CET | 45094 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:04.238226891 CET | 45096 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:04.243033886 CET | 56999 | 45096 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:04.243232965 CET | 45096 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:04.243232965 CET | 45096 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:04.258558989 CET | 56999 | 45096 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:04.258673906 CET | 45096 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:04.263575077 CET | 56999 | 45096 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:05.239974976 CET | 56999 | 45096 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:05.240087986 CET | 45096 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:05.240144014 CET | 45096 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:05.340162992 CET | 45098 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:05.345112085 CET | 56999 | 45098 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:05.345227957 CET | 45098 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:05.345227957 CET | 45098 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:05.350111008 CET | 56999 | 45098 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:05.350168943 CET | 45098 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:05.354983091 CET | 56999 | 45098 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:06.282017946 CET | 56999 | 45098 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:06.282255888 CET | 45098 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:06.282288074 CET | 45098 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:06.290775061 CET | 45100 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:06.297566891 CET | 56999 | 45100 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:06.297669888 CET | 45100 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:06.297669888 CET | 45100 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:06.302556992 CET | 56999 | 45100 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:06.302628994 CET | 45100 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:06.307739019 CET | 56999 | 45100 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:07.280450106 CET | 56999 | 45100 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:07.280721903 CET | 45100 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:07.280775070 CET | 45100 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:07.288376093 CET | 45102 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:07.293308020 CET | 56999 | 45102 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:07.293399096 CET | 45102 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:07.293486118 CET | 45102 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:07.299511909 CET | 56999 | 45102 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:07.299593925 CET | 45102 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:07.304399014 CET | 56999 | 45102 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:08.239826918 CET | 56999 | 45102 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:08.239998102 CET | 45102 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:08.240052938 CET | 45102 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:08.247631073 CET | 45104 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:08.252473116 CET | 56999 | 45104 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:08.252542019 CET | 45104 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:08.252593040 CET | 45104 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:08.257406950 CET | 56999 | 45104 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:08.257473946 CET | 45104 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:08.262269974 CET | 56999 | 45104 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:18.262754917 CET | 45104 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:18.267817974 CET | 56999 | 45104 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:18.602377892 CET | 56999 | 45104 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:18.602570057 CET | 45104 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:31.627315998 CET | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Mar 10, 2025 21:37:32.711920977 CET | 45104 | 56999 | 192.168.2.13 | 160.191.245.152 |
Mar 10, 2025 21:37:32.717159033 CET | 56999 | 45104 | 160.191.245.152 | 192.168.2.13 |
Mar 10, 2025 21:37:32.717232943 CET | 45104 | 56999 | 192.168.2.13 | 160.191.245.152 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 10, 2025 21:36:48.723958969 CET | 51390 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:36:48.820571899 CET | 53 | 51390 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:36:49.773809910 CET | 51719 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:36:49.780771971 CET | 53 | 51719 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:36:50.740580082 CET | 36036 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:36:50.837979078 CET | 53 | 36036 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:36:51.781439066 CET | 50022 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:36:51.877886057 CET | 53 | 50022 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:36:53.266530991 CET | 60797 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:36:53.365124941 CET | 53 | 60797 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:36:54.348995924 CET | 59332 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:36:56.447132111 CET | 53 | 59332 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:36:57.404371023 CET | 44040 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:36:57.512002945 CET | 53 | 44040 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:36:58.494873047 CET | 40812 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:36:58.501646042 CET | 53 | 40812 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:36:59.438122034 CET | 49041 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:36:59.446614981 CET | 53 | 49041 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:37:00.386821032 CET | 52737 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:37:00.394227982 CET | 53 | 52737 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:37:01.331430912 CET | 49432 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:37:01.338395119 CET | 53 | 49432 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:37:02.277841091 CET | 57761 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:37:02.284676075 CET | 53 | 57761 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:37:03.263632059 CET | 49473 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:37:03.270797014 CET | 53 | 49473 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:37:04.230870008 CET | 42301 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:37:04.238018990 CET | 53 | 42301 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:37:05.240211010 CET | 43022 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:37:05.337013006 CET | 53 | 43022 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:37:06.282329082 CET | 46606 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:37:06.290694952 CET | 53 | 46606 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:37:07.280911922 CET | 36691 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:37:07.288216114 CET | 53 | 36691 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:37:08.240154028 CET | 40280 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 10, 2025 21:37:08.247486115 CET | 53 | 40280 | 8.8.8.8 | 192.168.2.13 |
Mar 10, 2025 21:39:33.502722025 CET | 57441 | 53 | 192.168.2.13 | 1.1.1.1 |
Mar 10, 2025 21:39:33.502791882 CET | 38583 | 53 | 192.168.2.13 | 1.1.1.1 |
Mar 10, 2025 21:39:33.509700060 CET | 53 | 57441 | 1.1.1.1 | 192.168.2.13 |
Mar 10, 2025 21:39:33.509955883 CET | 53 | 38583 | 1.1.1.1 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 10, 2025 21:36:48.723958969 CET | 192.168.2.13 | 8.8.8.8 | 0x4403 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:36:49.773809910 CET | 192.168.2.13 | 8.8.8.8 | 0x8636 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:36:50.740580082 CET | 192.168.2.13 | 8.8.8.8 | 0x856b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:36:51.781439066 CET | 192.168.2.13 | 8.8.8.8 | 0xfc7d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:36:53.266530991 CET | 192.168.2.13 | 8.8.8.8 | 0x45d6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:36:54.348995924 CET | 192.168.2.13 | 8.8.8.8 | 0xaabf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:36:57.404371023 CET | 192.168.2.13 | 8.8.8.8 | 0x9430 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:36:58.494873047 CET | 192.168.2.13 | 8.8.8.8 | 0xf1c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:36:59.438122034 CET | 192.168.2.13 | 8.8.8.8 | 0xb01d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:37:00.386821032 CET | 192.168.2.13 | 8.8.8.8 | 0xc024 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:37:01.331430912 CET | 192.168.2.13 | 8.8.8.8 | 0x7398 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:37:02.277841091 CET | 192.168.2.13 | 8.8.8.8 | 0x3e9b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:37:03.263632059 CET | 192.168.2.13 | 8.8.8.8 | 0xcaf7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:37:04.230870008 CET | 192.168.2.13 | 8.8.8.8 | 0x572a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:37:05.240211010 CET | 192.168.2.13 | 8.8.8.8 | 0xd6a9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:37:06.282329082 CET | 192.168.2.13 | 8.8.8.8 | 0xc2de | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:37:07.280911922 CET | 192.168.2.13 | 8.8.8.8 | 0x9ea7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:37:08.240154028 CET | 192.168.2.13 | 8.8.8.8 | 0x41e3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:39:33.502722025 CET | 192.168.2.13 | 1.1.1.1 | 0x3710 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 21:39:33.502791882 CET | 192.168.2.13 | 1.1.1.1 | 0xf5dd | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 10, 2025 21:36:48.820571899 CET | 8.8.8.8 | 192.168.2.13 | 0x4403 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:36:49.780771971 CET | 8.8.8.8 | 192.168.2.13 | 0x8636 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:36:50.837979078 CET | 8.8.8.8 | 192.168.2.13 | 0x856b | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:36:51.877886057 CET | 8.8.8.8 | 192.168.2.13 | 0xfc7d | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:36:53.365124941 CET | 8.8.8.8 | 192.168.2.13 | 0x45d6 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:36:56.447132111 CET | 8.8.8.8 | 192.168.2.13 | 0xaabf | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:36:57.512002945 CET | 8.8.8.8 | 192.168.2.13 | 0x9430 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:36:58.501646042 CET | 8.8.8.8 | 192.168.2.13 | 0xf1c7 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:36:59.446614981 CET | 8.8.8.8 | 192.168.2.13 | 0xb01d | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:37:00.394227982 CET | 8.8.8.8 | 192.168.2.13 | 0xc024 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:37:01.338395119 CET | 8.8.8.8 | 192.168.2.13 | 0x7398 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:37:02.284676075 CET | 8.8.8.8 | 192.168.2.13 | 0x3e9b | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:37:03.270797014 CET | 8.8.8.8 | 192.168.2.13 | 0xcaf7 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:37:04.238018990 CET | 8.8.8.8 | 192.168.2.13 | 0x572a | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:37:05.337013006 CET | 8.8.8.8 | 192.168.2.13 | 0xd6a9 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:37:06.290694952 CET | 8.8.8.8 | 192.168.2.13 | 0xc2de | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:37:07.288216114 CET | 8.8.8.8 | 192.168.2.13 | 0x9ea7 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:37:08.247486115 CET | 8.8.8.8 | 192.168.2.13 | 0x41e3 | No error (0) | 160.191.245.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:39:33.509700060 CET | 1.1.1.1 | 192.168.2.13 | 0x3710 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 21:39:33.509700060 CET | 1.1.1.1 | 192.168.2.13 | 0x3710 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 20:36:37 |
Start date (UTC): | 10/03/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 20:36:37 |
Start date (UTC): | 10/03/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.RBPxToCMAw /tmp/tmp.N9R1GNEKsk /tmp/tmp.8YRKlJ9iR2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 20:36:37 |
Start date (UTC): | 10/03/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 20:36:37 |
Start date (UTC): | 10/03/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.RBPxToCMAw /tmp/tmp.N9R1GNEKsk /tmp/tmp.8YRKlJ9iR2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 20:36:46 |
Start date (UTC): | 10/03/2025 |
Path: | /tmp/debug.dbg.elf |
Arguments: | /tmp/debug.dbg.elf |
File size: | 55504 bytes |
MD5 hash: | 994546ec709cd259d26572c6c648ff3c |
Start time (UTC): | 20:36:47 |
Start date (UTC): | 10/03/2025 |
Path: | /tmp/debug.dbg.elf |
Arguments: | - |
File size: | 55504 bytes |
MD5 hash: | 994546ec709cd259d26572c6c648ff3c |