Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
5Jc3rTI2h9.elf

Overview

General Information

Sample name:5Jc3rTI2h9.elf
renamed because original name is a hash value
Original sample name:a457e8bec7cbd9210a688eef3889d640.elf
Analysis ID:1430968
MD5:a457e8bec7cbd9210a688eef3889d640
SHA1:5c37287bb0da4717d63c44984912db9252ae3a5a
SHA256:b6434db457e493b4030c1c610af544cc9f4dcede9e3de2846d56f51e06e59b31
Tags:64elfmirai
Infos:

Detection

Mirai, Okiru
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Yara detected Okiru
Machine Learning detection for sample
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Yara signature match

Classification

Analysis Advice

All domains contacted by the sample do not resolve. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430968
Start date and time:2024-04-24 12:37:16 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 27s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:5Jc3rTI2h9.elf
renamed because original name is a hash value
Original Sample Name:a457e8bec7cbd9210a688eef3889d640.elf
Detection:MAL
Classification:mal92.troj.linELF@0/0@95/0

Runtime Messages

Command:/tmp/5Jc3rTI2h9.elf
PID:5428
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
5Jc3rTI2h9.elfJoeSecurity_OkiruYara detected OkiruJoe Security
    5Jc3rTI2h9.elfJoeSecurity_Mirai_3Yara detected MiraiJoe Security
      5Jc3rTI2h9.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5Jc3rTI2h9.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x17480:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x17494:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x174a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x174bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x174d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x174e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x174f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1750c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x17520:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x17534:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x17548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1755c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x17570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x17584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x17598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x175ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x175c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x175d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x175e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x175fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x17610:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        5Jc3rTI2h9.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
        • 0xd9e0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
        Click to see the 14 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        5428.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
          5428.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_Mirai_3Yara detected MiraiJoe Security
            5428.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
              5428.1.0000000000400000.000000000041b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
              • 0x17480:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x17494:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x174a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x174bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x174d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x174e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x174f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1750c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x17520:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x17534:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x17548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x1755c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x17570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x17584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x17598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x175ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x175c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x175d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x175e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x175fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x17610:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              5428.1.0000000000400000.000000000041b000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
              • 0xd9e0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
              Click to see the 18 entries

              Snort Signatures

              No Snort rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: 5Jc3rTI2h9.elfAvira: detected
              Multi AV Scanner detection for submitted file
              Source: 5Jc3rTI2h9.elfReversingLabs: Detection: 52%
              Source: 5Jc3rTI2h9.elfVirustotal: Detection: 43%Perma Link
              Machine Learning detection for sample
              Source: 5Jc3rTI2h9.elfJoe Sandbox ML: detected
              Source: 5Jc3rTI2h9.elfString: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f
              Source: unknownDNS traffic detected: query: rVgserver.ddns replaycode: Name error (3)
              Source: unknownDNS traffic detected: queries for: rVgserver.ddns

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
              Source: Process Memory Space: 5Jc3rTI2h9.elf PID: 5428, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: 5Jc3rTI2h9.elf PID: 5428, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Initial sampleString containing 'busybox' found: /bin/busybox
              Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
              Source: 5Jc3rTI2h9.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
              Source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
              Source: Process Memory Space: 5Jc3rTI2h9.elf PID: 5428, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: 5Jc3rTI2h9.elf PID: 5428, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: classification engineClassification label: mal92.troj.linELF@0/0@95/0
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/230/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/110/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/231/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/111/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/232/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/112/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/233/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/113/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/234/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/114/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/235/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/115/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/236/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/116/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/237/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/117/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/238/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/118/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/239/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/119/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/914/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/10/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/917/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/11/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/12/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/13/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/14/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/15/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/16/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/17/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/18/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/19/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/240/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/3095/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/120/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/241/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/5271/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/121/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/242/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/1/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/122/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/243/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/2/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/123/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/244/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/3/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/124/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/245/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/1588/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/125/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/4/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/246/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/126/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/5/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/247/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/127/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/6/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/248/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/128/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/7/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/249/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/129/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/8/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/800/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/9/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/1906/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/802/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/803/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/20/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/21/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/22/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/23/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/24/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/25/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/26/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/27/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/28/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/29/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/3420/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/1482/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/490/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/1480/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/250/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/371/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/130/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/251/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/131/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/252/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/132/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/253/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/254/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/1238/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/134/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/255/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/256/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/257/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/378/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/3413/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/258/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/259/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/1475/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/936/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/30/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/816/cmdlineJump to behavior
              Source: /tmp/5Jc3rTI2h9.elf (PID: 5430)File opened: /proc/35/cmdlineJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Mirai
              Source: Yara matchFile source: 5Jc3rTI2h9.elf, type: SAMPLE
              Source: Yara matchFile source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 5Jc3rTI2h9.elf PID: 5428, type: MEMORYSTR
              Yara detected Okiru
              Source: Yara matchFile source: 5Jc3rTI2h9.elf, type: SAMPLE
              Source: Yara matchFile source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 5Jc3rTI2h9.elf PID: 5428, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Mirai
              Source: Yara matchFile source: 5Jc3rTI2h9.elf, type: SAMPLE
              Source: Yara matchFile source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 5Jc3rTI2h9.elf PID: 5428, type: MEMORYSTR
              Yara detected Okiru
              Source: Yara matchFile source: 5Jc3rTI2h9.elf, type: SAMPLE
              Source: Yara matchFile source: 5428.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 5Jc3rTI2h9.elf PID: 5428, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information1
              Scripting              		Valid AccountsWindows Management Instrumentation1
              Scripting              		Path InterceptionDirect Volume Access1
              OS Credential Dumping              		System Service DiscoveryRemote ServicesData from Local System1
              Non-Application Layer Protocol              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
              Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service

              Malware Configuration

              No configs have been found

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430968 Sample: 5Jc3rTI2h9.elf Startdate: 24/04/2024 Architecture: LINUX Score: 92 14 rVgserver.ddns 2->14 16 Malicious sample detected (through community Yara rule) 2->16 18 Antivirus / Scanner detection for submitted sample 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 3 other signatures 2->22 8 5Jc3rTI2h9.elf 2->8         started        signatures3 process4 process5 10 5Jc3rTI2h9.elf 8->10         started        process6 12 5Jc3rTI2h9.elf 10->12         started       

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              5Jc3rTI2h9.elf53%ReversingLabsLinux.Trojan.Mirai
              5Jc3rTI2h9.elf43%VirustotalBrowse
              5Jc3rTI2h9.elf100%AviraEXP/ELF.Mirai.Z.A
              5Jc3rTI2h9.elf100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              rVgserver.ddns
              		unknown
              		unknowntrue
                		unknown

                World Map of Contacted IPs

                No contacted IP infos

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                General

                File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                Entropy (8bit):5.28516570062648
                TrID:
                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                File name:5Jc3rTI2h9.elf
                File size:143'832 bytes
                MD5:a457e8bec7cbd9210a688eef3889d640
                SHA1:5c37287bb0da4717d63c44984912db9252ae3a5a
                SHA256:b6434db457e493b4030c1c610af544cc9f4dcede9e3de2846d56f51e06e59b31
                SHA512:ffbcc830e16cc12ee5d3af8456f064ed228246e992400ef231b3d0320441134cd4aca3b86426a8dafe07faaec4ddb36952702cb4b0bab5fab48cb90599d313ff
                SSDEEP:3072:mTUTfCdO6FFtoqH6EwKhc/t/ekNaogMewcgsK027uPOlL:mTUTfCdO6FFtoqowwQdAL
                TLSH:72E34B07B4C184FDC4DAC1B44B9FF53AED32B0AD1238B16B27D4AE222E59E205F1DA54
                File Content Preview:.ELF..............>.......@.....@.......X/..........@.8...@.......................@.......@...............................................Q.......Q.....p.......................Q.td....................................................H...._....zk..H........

                Static ELF Info

                ELF header

                Class:ELF64
                Data:2's complement, little endian
                Version:1 (current)
                Machine:Advanced Micro Devices X86-64
                Version Number:0x1
                Type:EXEC (Executable file)
                OS/ABI:UNIX - System V
                ABI Version:0
                Entry Point Address:0x400194
                Flags:0x0
                ELF Header Size:64
                Program Header Offset:64
                Program Header Size:56
                Number of Program Headers:3
                Section Header Offset:143192
                Section Header Size:64
                Number of Section Headers:10
                Header String Table Index:9

                Sections

                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                NULL0x00x00x00x00x0000
                .initPROGBITS0x4000e80xe80x130x00x6AX001
                .textPROGBITS0x4001000x1000x16ba60x00x6AX0016
                .finiPROGBITS0x416ca60x16ca60xe0x00x6AX001
                .rodataPROGBITS0x416cc00x16cc00x33e00x00x2A0032
                .ctorsPROGBITS0x51a0a80x1a0a80x180x00x3WA008
                .dtorsPROGBITS0x51a0c00x1a0c00x100x00x3WA008
                .dataPROGBITS0x51a0e00x1a0e00x8e380x00x3WA0032
                .bssNOBITS0x522f200x22f180x72a00x00x3WA0032
                .shstrtabSTRTAB0x00x22f180x3e0x00x0001

                Program Segments

                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x4000000x4000000x1a0a00x1a0a06.41970x5R E0x100000.init .text .fini .rodata
                LOAD0x1a0a80x51a0a80x51a0a80x8e700x101180.22800x6RW 0x100000.ctors .dtors .data .bss
                GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                Network Behavior

                Network Port Distribution

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Apr 24, 2024 12:38:05.485233068 CEST5812253192.168.2.138.8.8.8
                Apr 24, 2024 12:38:05.654951096 CEST53581228.8.8.8192.168.2.13
                Apr 24, 2024 12:38:05.655042887 CEST3468953192.168.2.138.8.8.8
                Apr 24, 2024 12:38:05.825977087 CEST53346898.8.8.8192.168.2.13
                Apr 24, 2024 12:38:05.826097965 CEST4577953192.168.2.138.8.8.8
                Apr 24, 2024 12:38:05.996026039 CEST53457798.8.8.8192.168.2.13
                Apr 24, 2024 12:38:05.996213913 CEST4872653192.168.2.138.8.8.8
                Apr 24, 2024 12:38:06.166995049 CEST53487268.8.8.8192.168.2.13
                Apr 24, 2024 12:38:06.167150021 CEST3795153192.168.2.138.8.8.8
                Apr 24, 2024 12:38:06.337182999 CEST53379518.8.8.8192.168.2.13
                Apr 24, 2024 12:38:15.337506056 CEST5888353192.168.2.138.8.8.8
                Apr 24, 2024 12:38:15.507556915 CEST53588838.8.8.8192.168.2.13
                Apr 24, 2024 12:38:15.507730007 CEST5766353192.168.2.138.8.8.8
                Apr 24, 2024 12:38:15.678471088 CEST53576638.8.8.8192.168.2.13
                Apr 24, 2024 12:38:15.678630114 CEST3710853192.168.2.138.8.8.8
                Apr 24, 2024 12:38:15.849689007 CEST53371088.8.8.8192.168.2.13
                Apr 24, 2024 12:38:15.849809885 CEST3292653192.168.2.138.8.8.8
                Apr 24, 2024 12:38:16.019658089 CEST53329268.8.8.8192.168.2.13
                Apr 24, 2024 12:38:16.019846916 CEST4690553192.168.2.138.8.8.8
                Apr 24, 2024 12:38:16.191910982 CEST53469058.8.8.8192.168.2.13
                Apr 24, 2024 12:38:17.192265034 CEST3932053192.168.2.138.8.8.8
                Apr 24, 2024 12:38:17.362183094 CEST53393208.8.8.8192.168.2.13
                Apr 24, 2024 12:38:17.362376928 CEST3529953192.168.2.138.8.8.8
                Apr 24, 2024 12:38:17.532162905 CEST53352998.8.8.8192.168.2.13
                Apr 24, 2024 12:38:17.532392979 CEST5062053192.168.2.138.8.8.8
                Apr 24, 2024 12:38:17.703270912 CEST53506208.8.8.8192.168.2.13
                Apr 24, 2024 12:38:17.703433990 CEST5453653192.168.2.138.8.8.8
                Apr 24, 2024 12:38:17.873197079 CEST53545368.8.8.8192.168.2.13
                Apr 24, 2024 12:38:17.873384953 CEST4893053192.168.2.138.8.8.8
                Apr 24, 2024 12:38:18.043704987 CEST53489308.8.8.8192.168.2.13
                Apr 24, 2024 12:38:23.044053078 CEST3351253192.168.2.138.8.8.8
                Apr 24, 2024 12:38:23.214004993 CEST53335128.8.8.8192.168.2.13
                Apr 24, 2024 12:38:23.214278936 CEST5370453192.168.2.138.8.8.8
                Apr 24, 2024 12:38:23.384181023 CEST53537048.8.8.8192.168.2.13
                Apr 24, 2024 12:38:23.384427071 CEST3590953192.168.2.138.8.8.8
                Apr 24, 2024 12:38:23.554198027 CEST53359098.8.8.8192.168.2.13
                Apr 24, 2024 12:38:23.554392099 CEST3334653192.168.2.138.8.8.8
                Apr 24, 2024 12:38:23.724531889 CEST53333468.8.8.8192.168.2.13
                Apr 24, 2024 12:38:23.724761009 CEST5980953192.168.2.138.8.8.8
                Apr 24, 2024 12:38:23.894659042 CEST53598098.8.8.8192.168.2.13
                Apr 24, 2024 12:38:33.895111084 CEST5313653192.168.2.138.8.8.8
                Apr 24, 2024 12:38:34.064948082 CEST53531368.8.8.8192.168.2.13
                Apr 24, 2024 12:38:34.065176964 CEST4656753192.168.2.138.8.8.8
                Apr 24, 2024 12:38:34.235323906 CEST53465678.8.8.8192.168.2.13
                Apr 24, 2024 12:38:34.235635042 CEST4081853192.168.2.138.8.8.8
                Apr 24, 2024 12:38:34.405891895 CEST53408188.8.8.8192.168.2.13
                Apr 24, 2024 12:38:34.406246901 CEST4170853192.168.2.138.8.8.8
                Apr 24, 2024 12:38:34.576316118 CEST53417088.8.8.8192.168.2.13
                Apr 24, 2024 12:38:34.576503038 CEST3564653192.168.2.138.8.8.8
                Apr 24, 2024 12:38:34.747759104 CEST53356468.8.8.8192.168.2.13
                Apr 24, 2024 12:38:41.748277903 CEST5238253192.168.2.138.8.8.8
                Apr 24, 2024 12:38:41.918018103 CEST53523828.8.8.8192.168.2.13
                Apr 24, 2024 12:38:41.918267012 CEST5787053192.168.2.138.8.8.8
                Apr 24, 2024 12:38:42.088987112 CEST53578708.8.8.8192.168.2.13
                Apr 24, 2024 12:38:42.089186907 CEST5201153192.168.2.138.8.8.8
                Apr 24, 2024 12:38:42.259947062 CEST53520118.8.8.8192.168.2.13
                Apr 24, 2024 12:38:42.260128975 CEST3912153192.168.2.138.8.8.8
                Apr 24, 2024 12:38:42.429977894 CEST53391218.8.8.8192.168.2.13
                Apr 24, 2024 12:38:42.430128098 CEST5767053192.168.2.138.8.8.8
                Apr 24, 2024 12:38:42.599915028 CEST53576708.8.8.8192.168.2.13
                Apr 24, 2024 12:38:51.600322962 CEST4833553192.168.2.138.8.8.8
                Apr 24, 2024 12:38:51.770246983 CEST53483358.8.8.8192.168.2.13
                Apr 24, 2024 12:38:51.770400047 CEST6050453192.168.2.138.8.8.8
                Apr 24, 2024 12:38:51.940450907 CEST53605048.8.8.8192.168.2.13
                Apr 24, 2024 12:38:51.940685034 CEST4521153192.168.2.138.8.8.8
                Apr 24, 2024 12:38:52.111157894 CEST53452118.8.8.8192.168.2.13
                Apr 24, 2024 12:38:52.111331940 CEST5164853192.168.2.138.8.8.8
                Apr 24, 2024 12:38:52.281100035 CEST53516488.8.8.8192.168.2.13
                Apr 24, 2024 12:38:52.281431913 CEST3720953192.168.2.138.8.8.8
                Apr 24, 2024 12:38:52.451426983 CEST53372098.8.8.8192.168.2.13
                Apr 24, 2024 12:39:02.451953888 CEST5041353192.168.2.138.8.8.8
                Apr 24, 2024 12:39:02.622807026 CEST53504138.8.8.8192.168.2.13
                Apr 24, 2024 12:39:02.622925997 CEST4099753192.168.2.138.8.8.8
                Apr 24, 2024 12:39:02.797998905 CEST53409978.8.8.8192.168.2.13
                Apr 24, 2024 12:39:02.798286915 CEST3489853192.168.2.138.8.8.8
                Apr 24, 2024 12:39:02.969264984 CEST53348988.8.8.8192.168.2.13
                Apr 24, 2024 12:39:02.969460011 CEST4275253192.168.2.138.8.8.8
                Apr 24, 2024 12:39:03.139055967 CEST53427528.8.8.8192.168.2.13
                Apr 24, 2024 12:39:03.139359951 CEST3735953192.168.2.138.8.8.8
                Apr 24, 2024 12:39:03.310380936 CEST53373598.8.8.8192.168.2.13
                Apr 24, 2024 12:39:04.310852051 CEST3876553192.168.2.138.8.8.8
                Apr 24, 2024 12:39:04.481848001 CEST53387658.8.8.8192.168.2.13
                Apr 24, 2024 12:39:04.481964111 CEST3980253192.168.2.138.8.8.8
                Apr 24, 2024 12:39:04.652667046 CEST53398028.8.8.8192.168.2.13
                Apr 24, 2024 12:39:04.652815104 CEST5614753192.168.2.138.8.8.8
                Apr 24, 2024 12:39:04.824001074 CEST53561478.8.8.8192.168.2.13
                Apr 24, 2024 12:39:04.824117899 CEST4910153192.168.2.138.8.8.8
                Apr 24, 2024 12:39:04.994050026 CEST53491018.8.8.8192.168.2.13
                Apr 24, 2024 12:39:04.994142056 CEST3984853192.168.2.138.8.8.8
                Apr 24, 2024 12:39:05.164114952 CEST53398488.8.8.8192.168.2.13
                Apr 24, 2024 12:39:14.164386988 CEST4256753192.168.2.138.8.8.8
                Apr 24, 2024 12:39:14.335133076 CEST53425678.8.8.8192.168.2.13
                Apr 24, 2024 12:39:14.335258961 CEST5573853192.168.2.138.8.8.8
                Apr 24, 2024 12:39:14.505271912 CEST53557388.8.8.8192.168.2.13
                Apr 24, 2024 12:39:14.505384922 CEST5436753192.168.2.138.8.8.8
                Apr 24, 2024 12:39:14.675529003 CEST53543678.8.8.8192.168.2.13
                Apr 24, 2024 12:39:14.675685883 CEST5047353192.168.2.138.8.8.8
                Apr 24, 2024 12:39:14.846458912 CEST53504738.8.8.8192.168.2.13
                Apr 24, 2024 12:39:14.846587896 CEST4339853192.168.2.138.8.8.8
                Apr 24, 2024 12:39:15.016205072 CEST53433988.8.8.8192.168.2.13
                Apr 24, 2024 12:39:24.016635895 CEST3852153192.168.2.138.8.8.8
                Apr 24, 2024 12:39:24.187704086 CEST53385218.8.8.8192.168.2.13
                Apr 24, 2024 12:39:24.187941074 CEST4631153192.168.2.138.8.8.8
                Apr 24, 2024 12:39:24.358882904 CEST53463118.8.8.8192.168.2.13
                Apr 24, 2024 12:39:24.359199047 CEST5282153192.168.2.138.8.8.8
                Apr 24, 2024 12:39:24.529136896 CEST53528218.8.8.8192.168.2.13
                Apr 24, 2024 12:39:24.529335022 CEST4569553192.168.2.138.8.8.8
                Apr 24, 2024 12:39:24.700131893 CEST53456958.8.8.8192.168.2.13
                Apr 24, 2024 12:39:24.700340986 CEST5723553192.168.2.138.8.8.8
                Apr 24, 2024 12:39:24.870482922 CEST53572358.8.8.8192.168.2.13
                Apr 24, 2024 12:39:25.870987892 CEST5376953192.168.2.138.8.8.8
                Apr 24, 2024 12:39:26.040941000 CEST53537698.8.8.8192.168.2.13
                Apr 24, 2024 12:39:26.041155100 CEST3354553192.168.2.138.8.8.8
                Apr 24, 2024 12:39:26.211275101 CEST53335458.8.8.8192.168.2.13
                Apr 24, 2024 12:39:26.211622953 CEST5782053192.168.2.138.8.8.8
                Apr 24, 2024 12:39:26.381529093 CEST53578208.8.8.8192.168.2.13
                Apr 24, 2024 12:39:26.381701946 CEST3853053192.168.2.138.8.8.8
                Apr 24, 2024 12:39:26.551558018 CEST53385308.8.8.8192.168.2.13
                Apr 24, 2024 12:39:26.551733971 CEST4986353192.168.2.138.8.8.8
                Apr 24, 2024 12:39:26.721563101 CEST53498638.8.8.8192.168.2.13
                Apr 24, 2024 12:39:28.722037077 CEST3695153192.168.2.138.8.8.8
                Apr 24, 2024 12:39:28.893692017 CEST53369518.8.8.8192.168.2.13
                Apr 24, 2024 12:39:28.893908978 CEST6085553192.168.2.138.8.8.8
                Apr 24, 2024 12:39:29.063927889 CEST53608558.8.8.8192.168.2.13
                Apr 24, 2024 12:39:29.064096928 CEST4717353192.168.2.138.8.8.8
                Apr 24, 2024 12:39:29.233870029 CEST53471738.8.8.8192.168.2.13
                Apr 24, 2024 12:39:29.234056950 CEST3575353192.168.2.138.8.8.8
                Apr 24, 2024 12:39:29.403994083 CEST53357538.8.8.8192.168.2.13
                Apr 24, 2024 12:39:29.404186964 CEST5325453192.168.2.138.8.8.8
                Apr 24, 2024 12:39:29.573980093 CEST53532548.8.8.8192.168.2.13
                Apr 24, 2024 12:39:34.574362993 CEST4488353192.168.2.138.8.8.8
                Apr 24, 2024 12:39:34.744601011 CEST53448838.8.8.8192.168.2.13
                Apr 24, 2024 12:39:34.744784117 CEST3554553192.168.2.138.8.8.8
                Apr 24, 2024 12:39:34.915054083 CEST53355458.8.8.8192.168.2.13
                Apr 24, 2024 12:39:34.915209055 CEST4962353192.168.2.138.8.8.8
                Apr 24, 2024 12:39:35.086242914 CEST53496238.8.8.8192.168.2.13
                Apr 24, 2024 12:39:35.086456060 CEST5165953192.168.2.138.8.8.8
                Apr 24, 2024 12:39:35.257318020 CEST53516598.8.8.8192.168.2.13
                Apr 24, 2024 12:39:35.257488966 CEST3342553192.168.2.138.8.8.8
                Apr 24, 2024 12:39:35.428368092 CEST53334258.8.8.8192.168.2.13
                Apr 24, 2024 12:39:36.428714991 CEST4655353192.168.2.138.8.8.8
                Apr 24, 2024 12:39:36.598670959 CEST53465538.8.8.8192.168.2.13
                Apr 24, 2024 12:39:36.598840952 CEST5632653192.168.2.138.8.8.8
                Apr 24, 2024 12:39:36.768762112 CEST53563268.8.8.8192.168.2.13
                Apr 24, 2024 12:39:36.768949032 CEST3294053192.168.2.138.8.8.8
                Apr 24, 2024 12:39:36.939131975 CEST53329408.8.8.8192.168.2.13
                Apr 24, 2024 12:39:36.939340115 CEST4969453192.168.2.138.8.8.8
                Apr 24, 2024 12:39:37.109117031 CEST53496948.8.8.8192.168.2.13
                Apr 24, 2024 12:39:37.109316111 CEST3706253192.168.2.138.8.8.8
                Apr 24, 2024 12:39:37.280551910 CEST53370628.8.8.8192.168.2.13
                Apr 24, 2024 12:39:47.280936003 CEST3518253192.168.2.138.8.8.8
                Apr 24, 2024 12:39:47.451071978 CEST53351828.8.8.8192.168.2.13
                Apr 24, 2024 12:39:47.451359987 CEST4245753192.168.2.138.8.8.8
                Apr 24, 2024 12:39:47.632484913 CEST53424578.8.8.8192.168.2.13
                Apr 24, 2024 12:39:47.632848024 CEST3344253192.168.2.138.8.8.8
                Apr 24, 2024 12:39:47.803689003 CEST53334428.8.8.8192.168.2.13
                Apr 24, 2024 12:39:47.803812027 CEST5341553192.168.2.138.8.8.8
                Apr 24, 2024 12:39:47.974942923 CEST53534158.8.8.8192.168.2.13
                Apr 24, 2024 12:39:47.975094080 CEST4982953192.168.2.138.8.8.8
                Apr 24, 2024 12:39:48.144932032 CEST53498298.8.8.8192.168.2.13
                Apr 24, 2024 12:39:55.145390987 CEST5631453192.168.2.138.8.8.8
                Apr 24, 2024 12:39:55.317482948 CEST53563148.8.8.8192.168.2.13
                Apr 24, 2024 12:39:55.317642927 CEST5627153192.168.2.138.8.8.8
                Apr 24, 2024 12:39:55.487394094 CEST53562718.8.8.8192.168.2.13
                Apr 24, 2024 12:39:55.487510920 CEST5746953192.168.2.138.8.8.8
                Apr 24, 2024 12:39:55.658365011 CEST53574698.8.8.8192.168.2.13
                Apr 24, 2024 12:39:55.658628941 CEST3690353192.168.2.138.8.8.8
                Apr 24, 2024 12:39:55.829363108 CEST53369038.8.8.8192.168.2.13
                Apr 24, 2024 12:39:55.829598904 CEST4607853192.168.2.138.8.8.8
                Apr 24, 2024 12:39:55.999814987 CEST53460788.8.8.8192.168.2.13
                Apr 24, 2024 12:40:05.000205994 CEST3349353192.168.2.138.8.8.8
                Apr 24, 2024 12:40:05.170063972 CEST53334938.8.8.8192.168.2.13
                Apr 24, 2024 12:40:05.170260906 CEST4520553192.168.2.138.8.8.8
                Apr 24, 2024 12:40:05.340105057 CEST53452058.8.8.8192.168.2.13
                Apr 24, 2024 12:40:05.340586901 CEST4033853192.168.2.138.8.8.8
                Apr 24, 2024 12:40:05.510343075 CEST53403388.8.8.8192.168.2.13
                Apr 24, 2024 12:40:05.510689020 CEST3691853192.168.2.138.8.8.8
                Apr 24, 2024 12:40:05.680454969 CEST53369188.8.8.8192.168.2.13
                Apr 24, 2024 12:40:05.680913925 CEST5831853192.168.2.138.8.8.8
                Apr 24, 2024 12:40:05.850667000 CEST53583188.8.8.8192.168.2.13
                Apr 24, 2024 12:40:09.851011992 CEST4926053192.168.2.138.8.8.8
                Apr 24, 2024 12:40:10.021372080 CEST53492608.8.8.8192.168.2.13
                Apr 24, 2024 12:40:10.021539927 CEST5827053192.168.2.138.8.8.8
                Apr 24, 2024 12:40:10.191077948 CEST53582708.8.8.8192.168.2.13
                Apr 24, 2024 12:40:10.191252947 CEST4536153192.168.2.138.8.8.8
                Apr 24, 2024 12:40:10.361008883 CEST53453618.8.8.8192.168.2.13
                Apr 24, 2024 12:40:10.361161947 CEST3928253192.168.2.138.8.8.8
                Apr 24, 2024 12:40:10.530864954 CEST53392828.8.8.8192.168.2.13
                Apr 24, 2024 12:40:10.530999899 CEST5859653192.168.2.138.8.8.8
                Apr 24, 2024 12:40:10.701656103 CEST53585968.8.8.8192.168.2.13

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Apr 24, 2024 12:38:05.485233068 CEST192.168.2.138.8.8.80x42a8Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:05.655042887 CEST192.168.2.138.8.8.80x42a8Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:05.826097965 CEST192.168.2.138.8.8.80x42a8Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:05.996213913 CEST192.168.2.138.8.8.80x42a8Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:06.167150021 CEST192.168.2.138.8.8.80x42a8Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:15.337506056 CEST192.168.2.138.8.8.80x118Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:15.507730007 CEST192.168.2.138.8.8.80x118Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:15.678630114 CEST192.168.2.138.8.8.80x118Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:15.849809885 CEST192.168.2.138.8.8.80x118Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:16.019846916 CEST192.168.2.138.8.8.80x118Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:17.192265034 CEST192.168.2.138.8.8.80xbf3fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:17.362376928 CEST192.168.2.138.8.8.80xbf3fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:17.532392979 CEST192.168.2.138.8.8.80xbf3fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:17.703433990 CEST192.168.2.138.8.8.80xbf3fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:17.873384953 CEST192.168.2.138.8.8.80xbf3fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.044053078 CEST192.168.2.138.8.8.80x93b7Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.214278936 CEST192.168.2.138.8.8.80x93b7Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.384427071 CEST192.168.2.138.8.8.80x93b7Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.554392099 CEST192.168.2.138.8.8.80x93b7Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.724761009 CEST192.168.2.138.8.8.80x93b7Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:33.895111084 CEST192.168.2.138.8.8.80x11fcStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:34.065176964 CEST192.168.2.138.8.8.80x11fcStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:34.235635042 CEST192.168.2.138.8.8.80x11fcStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:34.406246901 CEST192.168.2.138.8.8.80x11fcStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:34.576503038 CEST192.168.2.138.8.8.80x11fcStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:41.748277903 CEST192.168.2.138.8.8.80x6d2eStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:41.918267012 CEST192.168.2.138.8.8.80x6d2eStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:42.089186907 CEST192.168.2.138.8.8.80x6d2eStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:42.260128975 CEST192.168.2.138.8.8.80x6d2eStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:42.430128098 CEST192.168.2.138.8.8.80x6d2eStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:51.600322962 CEST192.168.2.138.8.8.80xfd47Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:51.770400047 CEST192.168.2.138.8.8.80xfd47Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:51.940685034 CEST192.168.2.138.8.8.80xfd47Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:52.111331940 CEST192.168.2.138.8.8.80xfd47Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:52.281431913 CEST192.168.2.138.8.8.80xfd47Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:02.451953888 CEST192.168.2.138.8.8.80x9d7fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:02.622925997 CEST192.168.2.138.8.8.80x9d7fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:02.798286915 CEST192.168.2.138.8.8.80x9d7fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:02.969460011 CEST192.168.2.138.8.8.80x9d7fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:03.139359951 CEST192.168.2.138.8.8.80x9d7fStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:04.310852051 CEST192.168.2.138.8.8.80x6ebStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:04.481964111 CEST192.168.2.138.8.8.80x6ebStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:04.652815104 CEST192.168.2.138.8.8.80x6ebStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:04.824117899 CEST192.168.2.138.8.8.80x6ebStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:04.994142056 CEST192.168.2.138.8.8.80x6ebStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:14.164386988 CEST192.168.2.138.8.8.80x9b44Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:14.335258961 CEST192.168.2.138.8.8.80x9b44Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:14.505384922 CEST192.168.2.138.8.8.80x9b44Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:14.675685883 CEST192.168.2.138.8.8.80x9b44Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:14.846587896 CEST192.168.2.138.8.8.80x9b44Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.016635895 CEST192.168.2.138.8.8.80x65aaStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.187941074 CEST192.168.2.138.8.8.80x65aaStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.359199047 CEST192.168.2.138.8.8.80x65aaStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.529335022 CEST192.168.2.138.8.8.80x65aaStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.700340986 CEST192.168.2.138.8.8.80x65aaStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:25.870987892 CEST192.168.2.138.8.8.80x1fdbStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:26.041155100 CEST192.168.2.138.8.8.80x1fdbStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:26.211622953 CEST192.168.2.138.8.8.80x1fdbStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:26.381701946 CEST192.168.2.138.8.8.80x1fdbStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:26.551733971 CEST192.168.2.138.8.8.80x1fdbStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:28.722037077 CEST192.168.2.138.8.8.80xe85cStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:28.893908978 CEST192.168.2.138.8.8.80xe85cStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:29.064096928 CEST192.168.2.138.8.8.80xe85cStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:29.234056950 CEST192.168.2.138.8.8.80xe85cStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:29.404186964 CEST192.168.2.138.8.8.80xe85cStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:34.574362993 CEST192.168.2.138.8.8.80x4616Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:34.744784117 CEST192.168.2.138.8.8.80x4616Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:34.915209055 CEST192.168.2.138.8.8.80x4616Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:35.086456060 CEST192.168.2.138.8.8.80x4616Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:35.257488966 CEST192.168.2.138.8.8.80x4616Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:36.428714991 CEST192.168.2.138.8.8.80x2918Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:36.598840952 CEST192.168.2.138.8.8.80x2918Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:36.768949032 CEST192.168.2.138.8.8.80x2918Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:36.939340115 CEST192.168.2.138.8.8.80x2918Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:37.109316111 CEST192.168.2.138.8.8.80x2918Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:47.280936003 CEST192.168.2.138.8.8.80xc835Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:47.451359987 CEST192.168.2.138.8.8.80xc835Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:47.632848024 CEST192.168.2.138.8.8.80xc835Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:47.803812027 CEST192.168.2.138.8.8.80xc835Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:47.975094080 CEST192.168.2.138.8.8.80xc835Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.145390987 CEST192.168.2.138.8.8.80x314aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.317642927 CEST192.168.2.138.8.8.80x314aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.487510920 CEST192.168.2.138.8.8.80x314aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.658628941 CEST192.168.2.138.8.8.80x314aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.829598904 CEST192.168.2.138.8.8.80x314aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.000205994 CEST192.168.2.138.8.8.80x5b9aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.170260906 CEST192.168.2.138.8.8.80x5b9aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.340586901 CEST192.168.2.138.8.8.80x5b9aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.510689020 CEST192.168.2.138.8.8.80x5b9aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.680913925 CEST192.168.2.138.8.8.80x5b9aStandard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:09.851011992 CEST192.168.2.138.8.8.80x8391Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:10.021539927 CEST192.168.2.138.8.8.80x8391Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:10.191252947 CEST192.168.2.138.8.8.80x8391Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:10.361161947 CEST192.168.2.138.8.8.80x8391Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:10.530999899 CEST192.168.2.138.8.8.80x8391Standard query (0)rVgserver.ddnsA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Apr 24, 2024 12:38:05.654951096 CEST8.8.8.8192.168.2.130x42a8Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:05.825977087 CEST8.8.8.8192.168.2.130x42a8Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:05.996026039 CEST8.8.8.8192.168.2.130x42a8Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:06.166995049 CEST8.8.8.8192.168.2.130x42a8Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:06.337182999 CEST8.8.8.8192.168.2.130x42a8Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:15.507556915 CEST8.8.8.8192.168.2.130x118Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:15.678471088 CEST8.8.8.8192.168.2.130x118Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:15.849689007 CEST8.8.8.8192.168.2.130x118Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:16.019658089 CEST8.8.8.8192.168.2.130x118Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:16.191910982 CEST8.8.8.8192.168.2.130x118Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:17.362183094 CEST8.8.8.8192.168.2.130xbf3fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:17.532162905 CEST8.8.8.8192.168.2.130xbf3fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:17.703270912 CEST8.8.8.8192.168.2.130xbf3fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:17.873197079 CEST8.8.8.8192.168.2.130xbf3fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:18.043704987 CEST8.8.8.8192.168.2.130xbf3fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.214004993 CEST8.8.8.8192.168.2.130x93b7Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.384181023 CEST8.8.8.8192.168.2.130x93b7Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.554198027 CEST8.8.8.8192.168.2.130x93b7Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.724531889 CEST8.8.8.8192.168.2.130x93b7Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:23.894659042 CEST8.8.8.8192.168.2.130x93b7Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:34.064948082 CEST8.8.8.8192.168.2.130x11fcName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:34.235323906 CEST8.8.8.8192.168.2.130x11fcName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:34.405891895 CEST8.8.8.8192.168.2.130x11fcName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:34.576316118 CEST8.8.8.8192.168.2.130x11fcName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:34.747759104 CEST8.8.8.8192.168.2.130x11fcName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:41.918018103 CEST8.8.8.8192.168.2.130x6d2eName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:42.088987112 CEST8.8.8.8192.168.2.130x6d2eName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:42.259947062 CEST8.8.8.8192.168.2.130x6d2eName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:42.429977894 CEST8.8.8.8192.168.2.130x6d2eName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:42.599915028 CEST8.8.8.8192.168.2.130x6d2eName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:51.770246983 CEST8.8.8.8192.168.2.130xfd47Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:51.940450907 CEST8.8.8.8192.168.2.130xfd47Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:52.111157894 CEST8.8.8.8192.168.2.130xfd47Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:52.281100035 CEST8.8.8.8192.168.2.130xfd47Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:38:52.451426983 CEST8.8.8.8192.168.2.130xfd47Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:02.622807026 CEST8.8.8.8192.168.2.130x9d7fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:02.797998905 CEST8.8.8.8192.168.2.130x9d7fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:02.969264984 CEST8.8.8.8192.168.2.130x9d7fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:03.139055967 CEST8.8.8.8192.168.2.130x9d7fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:03.310380936 CEST8.8.8.8192.168.2.130x9d7fName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:04.481848001 CEST8.8.8.8192.168.2.130x6ebName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:04.652667046 CEST8.8.8.8192.168.2.130x6ebName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:04.824001074 CEST8.8.8.8192.168.2.130x6ebName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:04.994050026 CEST8.8.8.8192.168.2.130x6ebName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:05.164114952 CEST8.8.8.8192.168.2.130x6ebName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:14.335133076 CEST8.8.8.8192.168.2.130x9b44Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:14.505271912 CEST8.8.8.8192.168.2.130x9b44Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:14.675529003 CEST8.8.8.8192.168.2.130x9b44Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:14.846458912 CEST8.8.8.8192.168.2.130x9b44Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:15.016205072 CEST8.8.8.8192.168.2.130x9b44Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.187704086 CEST8.8.8.8192.168.2.130x65aaName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.358882904 CEST8.8.8.8192.168.2.130x65aaName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.529136896 CEST8.8.8.8192.168.2.130x65aaName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.700131893 CEST8.8.8.8192.168.2.130x65aaName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:24.870482922 CEST8.8.8.8192.168.2.130x65aaName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:26.040941000 CEST8.8.8.8192.168.2.130x1fdbName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:26.211275101 CEST8.8.8.8192.168.2.130x1fdbName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:26.381529093 CEST8.8.8.8192.168.2.130x1fdbName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:26.551558018 CEST8.8.8.8192.168.2.130x1fdbName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:26.721563101 CEST8.8.8.8192.168.2.130x1fdbName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:28.893692017 CEST8.8.8.8192.168.2.130xe85cName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:29.063927889 CEST8.8.8.8192.168.2.130xe85cName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:29.233870029 CEST8.8.8.8192.168.2.130xe85cName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:29.403994083 CEST8.8.8.8192.168.2.130xe85cName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:29.573980093 CEST8.8.8.8192.168.2.130xe85cName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:34.744601011 CEST8.8.8.8192.168.2.130x4616Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:34.915054083 CEST8.8.8.8192.168.2.130x4616Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:35.086242914 CEST8.8.8.8192.168.2.130x4616Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:35.257318020 CEST8.8.8.8192.168.2.130x4616Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:35.428368092 CEST8.8.8.8192.168.2.130x4616Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:36.598670959 CEST8.8.8.8192.168.2.130x2918Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:36.768762112 CEST8.8.8.8192.168.2.130x2918Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:36.939131975 CEST8.8.8.8192.168.2.130x2918Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:37.109117031 CEST8.8.8.8192.168.2.130x2918Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:37.280551910 CEST8.8.8.8192.168.2.130x2918Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:47.451071978 CEST8.8.8.8192.168.2.130xc835Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:47.632484913 CEST8.8.8.8192.168.2.130xc835Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:47.803689003 CEST8.8.8.8192.168.2.130xc835Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:47.974942923 CEST8.8.8.8192.168.2.130xc835Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:48.144932032 CEST8.8.8.8192.168.2.130xc835Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.317482948 CEST8.8.8.8192.168.2.130x314aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.487394094 CEST8.8.8.8192.168.2.130x314aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.658365011 CEST8.8.8.8192.168.2.130x314aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.829363108 CEST8.8.8.8192.168.2.130x314aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:39:55.999814987 CEST8.8.8.8192.168.2.130x314aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.170063972 CEST8.8.8.8192.168.2.130x5b9aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.340105057 CEST8.8.8.8192.168.2.130x5b9aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.510343075 CEST8.8.8.8192.168.2.130x5b9aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.680454969 CEST8.8.8.8192.168.2.130x5b9aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:05.850667000 CEST8.8.8.8192.168.2.130x5b9aName error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:10.021372080 CEST8.8.8.8192.168.2.130x8391Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:10.191077948 CEST8.8.8.8192.168.2.130x8391Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:10.361008883 CEST8.8.8.8192.168.2.130x8391Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:10.530864954 CEST8.8.8.8192.168.2.130x8391Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false
                Apr 24, 2024 12:40:10.701656103 CEST8.8.8.8192.168.2.130x8391Name error (3)rVgserver.ddnsnonenoneA (IP address)IN (0x0001)false

                System Behavior

                General

                Start time (UTC):10:38:04
                Start date (UTC):24/04/2024
                Path:/tmp/5Jc3rTI2h9.elf
                Arguments:/tmp/5Jc3rTI2h9.elf
                File size:143832 bytes
                MD5 hash:a457e8bec7cbd9210a688eef3889d640

                Chronological Activities


                General

                Start time (UTC):10:38:04
                Start date (UTC):24/04/2024
                Path:/tmp/5Jc3rTI2h9.elf
                Arguments:-
                File size:143832 bytes
                MD5 hash:a457e8bec7cbd9210a688eef3889d640

                Chronological Activities


                General

                Start time (UTC):10:38:04
                Start date (UTC):24/04/2024
                Path:/tmp/5Jc3rTI2h9.elf
                Arguments:-
                File size:143832 bytes
                MD5 hash:a457e8bec7cbd9210a688eef3889d640

                Chronological Activities