Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
7TgP3VbC81

Overview

General Information

Sample Name:7TgP3VbC81
Analysis ID:679614
MD5:6b953ba2d7e62577777ffa13fda7672a
SHA1:8b40a086aab5a866c9f003c9700cd24adb19d1c1
SHA256:f1385883753c291d880e82d3abb6e91beaf067bc554da378e67a812fcd568b9e
Tags:32elfmipsmirai
Infos:

Detection

Mirai
Score:68
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.
Joe Sandbox Version:35.0.0 Citrine
Analysis ID:679614
Start date and time: 06/08/202206:20:082022-08-06 06:20:08 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 40s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:7TgP3VbC81
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal68.troj.lin@0/0@47/0
  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
Command:/tmp/7TgP3VbC81
PID:6227
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:
  • system is lnxubuntu20
  • 7TgP3VbC81 (PID: 6227, Parent: 6119, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/7TgP3VbC81
  • cleanup
SourceRuleDescriptionAuthorStrings
7TgP3VbC81JoeSecurity_Mirai_8Yara detected MiraiJoe Security
    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security
      SourceRuleDescriptionAuthorStrings
      6227.1.00007f191c400000.00007f191c41c000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        6326.1.00007f191c400000.00007f191c41c000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6239.1.00007f191c400000.00007f191c41c000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
            No Snort rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: 7TgP3VbC81Virustotal: Detection: 43%Perma Link
            Source: 7TgP3VbC81ReversingLabs: Detection: 42%

            Networking

            barindex
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52460
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52462
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52466
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52470
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52472
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52474
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52478
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52480
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52486
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52490
            Source: global trafficTCP traffic: 192.168.2.23:53436 -> 46.23.109.40:1312
            Source: /tmp/7TgP3VbC81 (PID: 6227)Socket: 127.0.0.1::1312
            Source: /tmp/7TgP3VbC81 (PID: 6238)Socket: 0.0.0.0::0
            Source: /tmp/7TgP3VbC81 (PID: 6238)Socket: 0.0.0.0::23
            Source: /tmp/7TgP3VbC81 (PID: 6238)Socket: 0.0.0.0::53413
            Source: /tmp/7TgP3VbC81 (PID: 6238)Socket: 0.0.0.0::80
            Source: /tmp/7TgP3VbC81 (PID: 6238)Socket: 0.0.0.0::52869
            Source: /tmp/7TgP3VbC81 (PID: 6238)Socket: 0.0.0.0::37215
            Source: unknownDNS traffic detected: queries for: arcticboatz.cz
            Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44774
            Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
            Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
            Source: unknownTCP traffic detected without corresponding DNS query: 84.221.69.244
            Source: unknownTCP traffic detected without corresponding DNS query: 84.105.87.244
            Source: unknownTCP traffic detected without corresponding DNS query: 100.214.218.245
            Source: unknownTCP traffic detected without corresponding DNS query: 211.236.205.88
            Source: unknownTCP traffic detected without corresponding DNS query: 97.70.203.200
            Source: unknownTCP traffic detected without corresponding DNS query: 222.141.120.232
            Source: unknownTCP traffic detected without corresponding DNS query: 184.200.194.159
            Source: unknownTCP traffic detected without corresponding DNS query: 31.105.92.140
            Source: unknownTCP traffic detected without corresponding DNS query: 242.212.51.93
            Source: unknownTCP traffic detected without corresponding DNS query: 196.228.6.113
            Source: unknownTCP traffic detected without corresponding DNS query: 100.54.62.142
            Source: unknownTCP traffic detected without corresponding DNS query: 209.119.35.243
            Source: unknownTCP traffic detected without corresponding DNS query: 112.90.209.217
            Source: unknownTCP traffic detected without corresponding DNS query: 53.50.134.169
            Source: unknownTCP traffic detected without corresponding DNS query: 248.164.36.56
            Source: unknownTCP traffic detected without corresponding DNS query: 182.214.62.130
            Source: unknownTCP traffic detected without corresponding DNS query: 213.57.8.137
            Source: unknownTCP traffic detected without corresponding DNS query: 145.141.187.220
            Source: unknownTCP traffic detected without corresponding DNS query: 74.35.100.10
            Source: unknownTCP traffic detected without corresponding DNS query: 89.113.27.180
            Source: unknownTCP traffic detected without corresponding DNS query: 96.116.212.82
            Source: unknownTCP traffic detected without corresponding DNS query: 248.230.197.154
            Source: unknownTCP traffic detected without corresponding DNS query: 68.131.232.57
            Source: unknownTCP traffic detected without corresponding DNS query: 102.161.192.90
            Source: unknownTCP traffic detected without corresponding DNS query: 200.25.236.36
            Source: unknownTCP traffic detected without corresponding DNS query: 135.186.179.99
            Source: unknownTCP traffic detected without corresponding DNS query: 107.72.120.192
            Source: unknownTCP traffic detected without corresponding DNS query: 123.197.32.86
            Source: unknownTCP traffic detected without corresponding DNS query: 183.46.18.91
            Source: unknownTCP traffic detected without corresponding DNS query: 176.175.245.201
            Source: unknownTCP traffic detected without corresponding DNS query: 251.223.235.211
            Source: unknownTCP traffic detected without corresponding DNS query: 122.244.221.239
            Source: unknownTCP traffic detected without corresponding DNS query: 212.167.131.232
            Source: unknownTCP traffic detected without corresponding DNS query: 187.121.26.209
            Source: unknownTCP traffic detected without corresponding DNS query: 41.199.184.103
            Source: unknownTCP traffic detected without corresponding DNS query: 203.125.101.143
            Source: unknownTCP traffic detected without corresponding DNS query: 20.26.239.230
            Source: unknownTCP traffic detected without corresponding DNS query: 103.151.33.50
            Source: unknownTCP traffic detected without corresponding DNS query: 184.221.208.252
            Source: unknownTCP traffic detected without corresponding DNS query: 74.221.53.179
            Source: unknownTCP traffic detected without corresponding DNS query: 126.108.229.114
            Source: unknownTCP traffic detected without corresponding DNS query: 206.7.225.130
            Source: unknownTCP traffic detected without corresponding DNS query: 27.194.213.84
            Source: unknownTCP traffic detected without corresponding DNS query: 221.152.212.135
            Source: unknownTCP traffic detected without corresponding DNS query: 42.184.100.43
            Source: unknownTCP traffic detected without corresponding DNS query: 180.224.9.213
            Source: unknownTCP traffic detected without corresponding DNS query: 71.154.97.121
            Source: unknownTCP traffic detected without corresponding DNS query: 92.98.27.209
            Source: ELF static info symbol of initial sample.symtab present: no
            Source: /tmp/7TgP3VbC81 (PID: 6238)SIGKILL sent: pid: 936, result: successful
            Source: Initial sampleString containing 'busybox' found: /bin/busybox AK1K2
            Source: Initial sampleString containing 'busybox' found: /bin/busybox cp /bin/busybox retrieve && >retrieve && /bin/busybox chmod 777 retrieve && /bin/busybox cp /bin/busybox .t && >.t && /bin/busybox chmod 777 .t
            Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -en '%s' %s %s && /bin/busybox echo -en '\x45\x43\x48\x4f\x44\x4f\x4e\x45'
            Source: Initial sampleString containing 'busybox' found: >%st && cd %s && >retrieve; >.t/bin/busybox cp /bin/busybox retrieve && >retrieve && /bin/busybox chmod 777 retrieve && /bin/busybox cp /bin/busybox .t && >.t && /bin/busybox chmod 777 .t
            Source: Initial sampleString containing 'busybox' found: >>>/bin/busybox echo -en '%s' %s %s && /bin/busybox echo -en '\x45\x43\x48\x4f\x44\x4f\x4e\x45'
            Source: classification engineClassification label: mal68.troj.lin@0/0@47/0
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/491/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/793/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/772/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/796/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/774/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/797/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/777/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/799/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/658/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/912/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/759/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/936/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/918/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/1/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/761/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/785/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/884/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/720/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/721/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/788/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/789/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/800/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/801/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/847/fd
            Source: /tmp/7TgP3VbC81 (PID: 6238)File opened: /proc/904/fd

            Hooking and other Techniques for Hiding and Protection

            barindex
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52460
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52462
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52466
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52470
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52472
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52474
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52478
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52480
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52486
            Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52490
            Source: /tmp/7TgP3VbC81 (PID: 6227)Queries kernel information via 'uname':
            Source: 7TgP3VbC81, 6227.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp, 7TgP3VbC81, 6326.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp, 7TgP3VbC81, 6239.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/7TgP3VbC81SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/7TgP3VbC81
            Source: 7TgP3VbC81, 6227.1.000055c657728000.000055c6577af000.rw-.sdmp, 7TgP3VbC81, 6326.1.000055c657728000.000055c6577af000.rw-.sdmp, 7TgP3VbC81, 6239.1.000055c657728000.000055c6577af000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
            Source: 7TgP3VbC81, 6227.1.000055c657728000.000055c6577af000.rw-.sdmp, 7TgP3VbC81, 6326.1.000055c657728000.000055c6577af000.rw-.sdmp, 7TgP3VbC81, 6239.1.000055c657728000.000055c6577af000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mipsel
            Source: 7TgP3VbC81, 6227.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp, 7TgP3VbC81, 6326.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp, 7TgP3VbC81, 6239.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: dump.pcap, type: PCAP
            Source: Yara matchFile source: 7TgP3VbC81, type: SAMPLE
            Source: Yara matchFile source: 6227.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6326.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6239.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: dump.pcap, type: PCAP
            Source: Yara matchFile source: 7TgP3VbC81, type: SAMPLE
            Source: Yara matchFile source: 6227.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6326.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6239.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY
            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
            OS Credential Dumping
            11
            Security Software Discovery
            Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
            Encrypted Channel
            Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
            Non-Standard Port
            Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
            Non-Application Layer Protocol
            Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer2
            Application Layer Protocol
            SIM Card SwapCarrier Billing Fraud
            No configs have been found
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Number of created Files
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 679614 Sample: 7TgP3VbC81 Startdate: 06/08/2022 Architecture: LINUX Score: 68 25 arcticboatz.cz 2->25 27 212.23.3.92 ZEN-ASZenInternet-UKGB United Kingdom 2->27 29 99 other IPs or domains 2->29 31 Multi AV Scanner detection for submitted file 2->31 33 Yara detected Mirai 2->33 35 Uses known network protocols on non-standard ports 2->35 9 7TgP3VbC81 2->9         started        signatures3 process4 process5 11 7TgP3VbC81 9->11         started        13 7TgP3VbC81 9->13         started        15 7TgP3VbC81 9->15         started        17 7TgP3VbC81 9->17         started        process6 19 7TgP3VbC81 11->19         started        21 7TgP3VbC81 11->21         started        process7 23 7TgP3VbC81 19->23         started       
            SourceDetectionScannerLabelLink
            7TgP3VbC8144%VirustotalBrowse
            7TgP3VbC8142%ReversingLabsLinux.Trojan.Mirai
            No Antivirus matches
            SourceDetectionScannerLabelLink
            arcticboatz.cz12%VirustotalBrowse
            No Antivirus matches
            NameIPActiveMaliciousAntivirus DetectionReputation
            arcticboatz.cz
            46.23.109.40
            truetrueunknown
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            17.159.246.11
            unknownUnited States
            714APPLE-ENGINEERINGUSfalse
            62.150.37.215
            unknownKuwait
            9155QNETKuwaitKWfalse
            78.168.208.227
            unknownTurkey
            9121TTNETTRfalse
            77.204.100.77
            unknownFrance
            15557LDCOMNETFRfalse
            212.23.3.92
            unknownUnited Kingdom
            13037ZEN-ASZenInternet-UKGBfalse
            201.141.217.207
            unknownMexico
            28548CablevisionSAdeCVMXfalse
            244.19.18.128
            unknownReserved
            unknownunknownfalse
            223.162.231.54
            unknownChina
            7641CHINABTNChinaBroadcastingTVNetCNfalse
            117.82.145.160
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            165.166.17.220
            unknownUnited States
            2711SPIRITTEL-ASUSfalse
            106.189.251.218
            unknownJapan2516KDDIKDDICORPORATIONJPfalse
            223.124.111.175
            unknownChina
            58453CMI-INT-HKLevel30Tower1HKfalse
            86.75.116.7
            unknownFrance
            15557LDCOMNETFRfalse
            124.177.22.131
            unknownAustralia
            1221ASN-TELSTRATelstraCorporationLtdAUfalse
            182.176.253.238
            unknownPakistan
            45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKfalse
            217.204.250.90
            unknownUnited Kingdom
            4589EASYNETEasynetGlobalServicesEUfalse
            169.115.139.77
            unknownUnited States
            37611AfrihostZAfalse
            13.241.78.232
            unknownUnited States
            16509AMAZON-02USfalse
            154.159.56.192
            unknownKenya
            36926CKL1-ASNKEfalse
            57.72.103.249
            unknownBelgium
            4862EQUANT-ASIAOrangeBusinessASforAsiaHKfalse
            62.63.234.103
            unknownSweden
            8473BAHNHOFhttpwwwbahnhofnetSEfalse
            94.82.90.48
            unknownItaly
            3269ASN-IBSNAZITfalse
            212.246.13.206
            unknownFinland
            719ELISA-ASHelsinkiFinlandEUfalse
            48.205.4.172
            unknownUnited States
            2686ATGS-MMD-ASUSfalse
            67.36.232.196
            unknownUnited States
            7018ATT-INTERNET4USfalse
            152.78.134.107
            unknownUnited Kingdom
            786JANETJiscServicesLimitedGBfalse
            60.14.98.46
            unknownChina
            4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
            59.33.173.191
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            175.233.21.253
            unknownKorea Republic of
            4766KIXS-AS-KRKoreaTelecomKRfalse
            107.239.190.125
            unknownUnited States
            20057ATT-MOBILITY-LLC-AS20057USfalse
            206.33.161.60
            unknownUnited States
            3356LEVEL3USfalse
            45.133.252.66
            unknownNetherlands
            39855MOD-EUNLfalse
            201.233.213.59
            unknownColombia
            13489EPMTelecomunicacionesSAESPCOfalse
            66.199.253.54
            unknownUnited States
            15149EZZI-101-BGPUSfalse
            69.48.43.242
            unknownUnited States
            7029WINDSTREAMUSfalse
            196.19.248.151
            unknownSeychelles
            134451NME-INDONESIA-AS-APNewMediaExpressPteLtdIDfalse
            205.126.90.244
            unknownUnited States
            210WEST-NET-WESTUSfalse
            167.247.32.221
            unknownUnited States
            22808RESOURCES-22808USfalse
            213.214.202.178
            unknownSweden
            2119TELENOR-NEXTELTelenorNorgeASNOfalse
            172.130.165.136
            unknownUnited States
            7018ATT-INTERNET4USfalse
            156.50.126.194
            unknownAustralia
            7474OPTUSCOM-AS01-AUSingTelOptusPtyLtdAUfalse
            70.19.140.120
            unknownUnited States
            701UUNETUSfalse
            222.77.88.125
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            70.9.41.41
            unknownUnited States
            10507SPCSUSfalse
            40.47.32.119
            unknownUnited States
            4249LILLY-ASUSfalse
            44.75.155.206
            unknownUnited States
            7377UCSDUSfalse
            84.14.172.232
            unknownFrance
            8220COLTCOLTTechnologyServicesGroupLimitedGBfalse
            173.206.218.17
            unknownCanada
            6407PRIMUS-AS6407CAfalse
            98.169.64.222
            unknownUnited States
            22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
            120.37.237.252
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            46.214.56.192
            unknownRomania
            48161NG-ASSosBucuresti-Ploiestinr42-44ROfalse
            202.218.0.138
            unknownJapan4694IDCFIDCFrontierIncJPfalse
            166.78.21.96
            unknownUnited States
            33070RMH-14USfalse
            149.182.164.178
            unknownUnited Kingdom
            87INDIANA-ASUSfalse
            172.199.5.143
            unknownAustralia
            18747IFX18747USfalse
            71.170.191.70
            unknownUnited States
            5650FRONTIER-FRTRUSfalse
            152.10.107.193
            unknownUnited States
            81NCRENUSfalse
            160.218.217.91
            unknownCzech Republic
            5610O2-CZECH-REPUBLICCZfalse
            138.196.204.99
            unknownUnited States
            21727HAMLINE-EDUUSfalse
            148.185.181.95
            unknownEuropean Union
            3423ATTIS-ASN3423USfalse
            198.202.36.252
            unknownUnited States
            19631TRAVELPORTUSfalse
            121.213.76.151
            unknownAustralia
            1221ASN-TELSTRATelstraCorporationLtdAUfalse
            120.49.195.34
            unknownChina
            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            159.140.225.110
            unknownUnited States
            17264CERNER-COMUSfalse
            19.30.101.119
            unknownUnited States
            3MIT-GATEWAYSUSfalse
            62.187.201.147
            unknownEuropean Union
            34456RIALCOM-ASRUfalse
            146.175.71.245
            unknownBelgium
            2611BELNETBEfalse
            253.187.143.75
            unknownReserved
            unknownunknownfalse
            99.190.37.164
            unknownUnited States
            7018ATT-INTERNET4USfalse
            107.38.10.186
            unknownUnited States
            16567NETRIX-16567USfalse
            95.225.107.143
            unknownItaly
            3269ASN-IBSNAZITfalse
            82.139.56.71
            unknownPoland
            29314VECTRANET-ASAlZwyciestwa25381-525GdyniaPolandPLfalse
            80.146.251.45
            unknownGermany
            3320DTAGInternetserviceprovideroperationsDEfalse
            119.93.5.1
            unknownPhilippines
            9299IPG-AS-APPhilippineLongDistanceTelephoneCompanyPHfalse
            148.251.220.122
            unknownGermany
            24940HETZNER-ASDEfalse
            59.170.157.125
            unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
            18.73.47.59
            unknownUnited States
            3MIT-GATEWAYSUSfalse
            83.174.246.4
            unknownRussian Federation
            28812JSCBIS-ASRUfalse
            80.88.60.229
            unknownRussian Federation
            12389ROSTELECOM-ASRUfalse
            179.32.239.37
            unknownColombia
            3816COLOMBIATELECOMUNICACIONESSAESPCOfalse
            45.39.118.65
            unknownUnited States
            18779EGIHOSTINGUSfalse
            184.2.144.241
            unknownUnited States
            14905CENTURYLINK-LEGACY-EMBARQ-VACHVLUSfalse
            242.158.175.117
            unknownReserved
            unknownunknownfalse
            62.40.163.77
            unknownAustria
            8339KABSI-ASATfalse
            67.136.85.220
            unknownUnited States
            7385ALLSTREAMUSfalse
            66.96.2.234
            unknownUnited States
            13337EVWI-NET-01USfalse
            163.156.1.252
            unknownUnited Kingdom
            9452KUNET-ASKoreaUniversityKRfalse
            70.181.229.167
            unknownUnited States
            22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
            145.243.97.219
            unknownGermany
            8792ASVNETDEfalse
            142.151.26.153
            unknownCanada
            239UTORONTO-ASCAfalse
            196.161.183.190
            unknownSouth Africa
            328065Vast-Networks-ASZAfalse
            175.137.214.129
            unknownMalaysia
            4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
            40.55.196.195
            unknownUnited States
            4249LILLY-ASUSfalse
            117.238.129.132
            unknownIndia
            9829BSNL-NIBNationalInternetBackboneINfalse
            146.137.69.139
            unknownUnited States
            683ARGONNE-ASUSfalse
            94.142.228.118
            unknownSweden
            48994GLOBALWIRESEfalse
            58.84.60.174
            unknownIndia
            134343OMSAI-ASOmSaiEntertainmentINfalse
            208.3.184.76
            unknownUnited States
            1239SPRINTLINKUSfalse
            255.113.239.159
            unknownReserved
            unknownunknownfalse
            246.241.203.232
            unknownReserved
            unknownunknownfalse
            No context
            No context
            No context
            No context
            No context
            No created / dropped files found
            File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
            Entropy (8bit):5.650969791181366
            TrID:
            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
            File name:7TgP3VbC81
            File size:115828
            MD5:6b953ba2d7e62577777ffa13fda7672a
            SHA1:8b40a086aab5a866c9f003c9700cd24adb19d1c1
            SHA256:f1385883753c291d880e82d3abb6e91beaf067bc554da378e67a812fcd568b9e
            SHA512:e2bf853fc4d92b10dd543cba097c169759312eecb9c3d5c61d101f752b59486bbfd3bb612b7c3dce63c702f5a597e9ca2fe7e7d2e7d483bd3cd756378e7df01b
            SSDEEP:1536:B7R1XPLChIeGkhEVw27/TVsVB3qZBGaBlDRserWIHEJYvhZ/8:B7rXP2+WYjlluQyQh+
            TLSH:8FB3F806BF614FFBD85FDD3749EA1B0528DC590622A97B367674D418F28B20F0AE3864
            File Content Preview:.ELF....................`.@.4...D.......4. ...(...............@...@...........................E...E......8..........Q.td...............................<|<.'!......'.......................<X<.'!... .........9'.. ........................<(<.'!...........0.9

            ELF header

            Class:ELF32
            Data:2's complement, little endian
            Version:1 (current)
            Machine:MIPS R3000
            Version Number:0x1
            Type:EXEC (Executable file)
            OS/ABI:UNIX - System V
            ABI Version:0
            Entry Point Address:0x400260
            Flags:0x1007
            ELF Header Size:52
            Program Header Offset:52
            Program Header Size:32
            Number of Program Headers:3
            Section Header Offset:115268
            Section Header Size:40
            Number of Section Headers:14
            Header String Table Index:13
            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
            NULL0x00x00x00x00x0000
            .initPROGBITS0x4000940x940x8c0x00x6AX004
            .textPROGBITS0x4001200x1200x191800x00x6AX0016
            .finiPROGBITS0x4192a00x192a00x5c0x00x6AX004
            .rodataPROGBITS0x4193000x193000x22c00x00x2A0016
            .ctorsPROGBITS0x45b5c40x1b5c40x80x00x3WA004
            .dtorsPROGBITS0x45b5cc0x1b5cc0x80x00x3WA004
            .data.rel.roPROGBITS0x45b5d80x1b5d80x80x00x3WA004
            .dataPROGBITS0x45b5e00x1b5e00x7400x00x3WA0016
            .gotPROGBITS0x45bd200x1bd200x4c00x40x10000003WAp0016
            .sbssNOBITS0x45c1e00x1c1e00x240x00x10000003WAp004
            .bssNOBITS0x45c2100x1c1e00x2c400x00x3WA0016
            .mdebug.abi32PROGBITS0x9360x1c1e00x00x00x0001
            .shstrtabSTRTAB0x00x1c1e00x640x00x0001
            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
            LOAD0x00x4000000x4000000x1b5c00x1b5c05.65260x5R E0x10000.init .text .fini .rodata
            LOAD0x1b5c40x45b5c40x45b5c40xc1c0x388c4.79800x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sbss .bss
            GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
            TimestampSource PortDest PortSource IPDest IP
            Aug 6, 2022 06:20:54.225052118 CEST42836443192.168.2.2391.189.91.43
            Aug 6, 2022 06:20:54.992819071 CEST4251680192.168.2.23109.202.202.202
            Aug 6, 2022 06:20:54.993361950 CEST3086823192.168.2.2384.221.69.244
            Aug 6, 2022 06:20:54.993453026 CEST3086823192.168.2.2384.105.87.244
            Aug 6, 2022 06:20:54.993474007 CEST3086823192.168.2.23100.214.218.245
            Aug 6, 2022 06:20:54.993490934 CEST3086823192.168.2.23211.236.205.88
            Aug 6, 2022 06:20:54.993514061 CEST3086823192.168.2.2397.70.203.200
            Aug 6, 2022 06:20:54.993520975 CEST3086823192.168.2.23222.141.120.232
            Aug 6, 2022 06:20:54.993535042 CEST3086823192.168.2.23184.200.194.159
            Aug 6, 2022 06:20:54.993539095 CEST3086823192.168.2.2331.105.92.140
            Aug 6, 2022 06:20:54.993571043 CEST3086823192.168.2.23242.212.51.93
            Aug 6, 2022 06:20:54.993582010 CEST3086823192.168.2.23196.228.6.113
            Aug 6, 2022 06:20:54.993588924 CEST3086823192.168.2.23100.54.62.142
            Aug 6, 2022 06:20:54.993592024 CEST3086823192.168.2.23209.119.35.243
            Aug 6, 2022 06:20:54.993614912 CEST3086823192.168.2.23112.90.209.217
            Aug 6, 2022 06:20:54.993642092 CEST3086823192.168.2.238.10.40.1
            Aug 6, 2022 06:20:54.993659019 CEST3086823192.168.2.2353.50.134.169
            Aug 6, 2022 06:20:54.993649006 CEST3086823192.168.2.23248.164.36.56
            Aug 6, 2022 06:20:54.993664980 CEST3086823192.168.2.23182.214.62.130
            Aug 6, 2022 06:20:54.993676901 CEST3086823192.168.2.23213.57.8.137
            Aug 6, 2022 06:20:54.993706942 CEST3086823192.168.2.23145.141.187.220
            Aug 6, 2022 06:20:54.993731022 CEST3086823192.168.2.2374.35.100.10
            Aug 6, 2022 06:20:54.993732929 CEST3086823192.168.2.2389.113.27.180
            Aug 6, 2022 06:20:54.993755102 CEST3086823192.168.2.2396.116.212.82
            Aug 6, 2022 06:20:54.993793011 CEST3086823192.168.2.23248.230.197.154
            Aug 6, 2022 06:20:54.993814945 CEST3086823192.168.2.2368.131.232.57
            Aug 6, 2022 06:20:54.993813992 CEST3086823192.168.2.23102.161.192.90
            Aug 6, 2022 06:20:54.993824005 CEST3086823192.168.2.23200.25.236.36
            Aug 6, 2022 06:20:54.993827105 CEST3086823192.168.2.23135.186.179.99
            Aug 6, 2022 06:20:54.993828058 CEST3086823192.168.2.23107.72.120.192
            Aug 6, 2022 06:20:54.993838072 CEST3086823192.168.2.23123.197.32.86
            Aug 6, 2022 06:20:54.993849039 CEST3086823192.168.2.23183.46.18.91
            Aug 6, 2022 06:20:54.993855953 CEST3086823192.168.2.23176.175.245.201
            Aug 6, 2022 06:20:54.993860960 CEST3086823192.168.2.23251.223.235.211
            Aug 6, 2022 06:20:54.993864059 CEST3086823192.168.2.23122.244.221.239
            Aug 6, 2022 06:20:54.993875027 CEST3086823192.168.2.23212.167.131.232
            Aug 6, 2022 06:20:54.993887901 CEST3086823192.168.2.23187.121.26.209
            Aug 6, 2022 06:20:54.993892908 CEST3086823192.168.2.2341.199.184.103
            Aug 6, 2022 06:20:54.993896008 CEST3086823192.168.2.23201.186.210.20
            Aug 6, 2022 06:20:54.993916035 CEST3086823192.168.2.23203.125.101.143
            Aug 6, 2022 06:20:54.993921041 CEST3086823192.168.2.2320.26.239.230
            Aug 6, 2022 06:20:54.993921041 CEST3086823192.168.2.23103.151.33.50
            Aug 6, 2022 06:20:54.993928909 CEST3086823192.168.2.23184.221.208.252
            Aug 6, 2022 06:20:54.993935108 CEST3086823192.168.2.2374.221.53.179
            Aug 6, 2022 06:20:54.993946075 CEST3086823192.168.2.23126.108.229.114
            Aug 6, 2022 06:20:54.993953943 CEST3086823192.168.2.23206.7.225.130
            Aug 6, 2022 06:20:54.993963957 CEST3086823192.168.2.2327.194.213.84
            Aug 6, 2022 06:20:54.993973970 CEST3086823192.168.2.23221.152.212.135
            Aug 6, 2022 06:20:54.993982077 CEST3086823192.168.2.2342.184.100.43
            Aug 6, 2022 06:20:54.993987083 CEST3086823192.168.2.23180.224.9.213
            Aug 6, 2022 06:20:54.994000912 CEST3086823192.168.2.2371.154.97.121
            Aug 6, 2022 06:20:54.994008064 CEST3086823192.168.2.2392.98.27.209
            Aug 6, 2022 06:20:54.994009972 CEST3086823192.168.2.2376.125.47.45
            Aug 6, 2022 06:20:54.994014978 CEST3086823192.168.2.23121.100.21.5
            Aug 6, 2022 06:20:54.994083881 CEST3086823192.168.2.23168.7.157.248
            Aug 6, 2022 06:20:54.994095087 CEST3086823192.168.2.2340.208.105.142
            Aug 6, 2022 06:20:54.994096041 CEST3086823192.168.2.2320.41.222.57
            Aug 6, 2022 06:20:54.994124889 CEST3086823192.168.2.23197.144.246.22
            Aug 6, 2022 06:20:54.994126081 CEST3086823192.168.2.23121.73.138.242
            Aug 6, 2022 06:20:54.994128942 CEST3086823192.168.2.23222.176.171.115
            Aug 6, 2022 06:20:54.994148016 CEST3086823192.168.2.2320.242.244.85
            Aug 6, 2022 06:20:54.994148016 CEST3086823192.168.2.23101.102.232.199
            Aug 6, 2022 06:20:54.994148970 CEST3086823192.168.2.2394.64.143.132
            Aug 6, 2022 06:20:54.994180918 CEST3086823192.168.2.23251.10.204.193
            Aug 6, 2022 06:20:54.994183064 CEST3086823192.168.2.2318.221.43.175
            Aug 6, 2022 06:20:54.994195938 CEST3086823192.168.2.23241.226.48.244
            Aug 6, 2022 06:20:54.994214058 CEST3086823192.168.2.23109.179.212.228
            Aug 6, 2022 06:20:54.994276047 CEST3086823192.168.2.2347.5.19.35
            Aug 6, 2022 06:20:54.994611979 CEST3086823192.168.2.23188.59.236.164
            Aug 6, 2022 06:20:54.994613886 CEST3086823192.168.2.2362.104.156.21
            Aug 6, 2022 06:20:54.994623899 CEST3086823192.168.2.23252.178.162.196
            Aug 6, 2022 06:20:54.994632959 CEST3086823192.168.2.2369.210.22.183
            Aug 6, 2022 06:20:54.994647026 CEST3086823192.168.2.23135.247.57.121
            Aug 6, 2022 06:20:54.994680882 CEST3086823192.168.2.23159.27.22.139
            Aug 6, 2022 06:20:54.994726896 CEST3086823192.168.2.23188.85.72.98
            Aug 6, 2022 06:20:54.994756937 CEST3086823192.168.2.23139.172.91.117
            Aug 6, 2022 06:20:54.994843006 CEST3086823192.168.2.23155.137.30.111
            Aug 6, 2022 06:20:54.994874954 CEST3086823192.168.2.23245.251.57.115
            Aug 6, 2022 06:20:54.994878054 CEST3086823192.168.2.2398.66.36.101
            Aug 6, 2022 06:20:54.994898081 CEST3086823192.168.2.2319.240.205.137
            Aug 6, 2022 06:20:54.994915009 CEST3086823192.168.2.23122.208.230.36
            Aug 6, 2022 06:20:54.994916916 CEST3086823192.168.2.23157.16.77.77
            Aug 6, 2022 06:20:54.994921923 CEST3086823192.168.2.23123.12.149.211
            Aug 6, 2022 06:20:54.994930983 CEST3086823192.168.2.2385.246.104.108
            Aug 6, 2022 06:20:54.994951010 CEST3086823192.168.2.2363.143.54.129
            Aug 6, 2022 06:20:54.994956970 CEST3086823192.168.2.23221.62.239.147
            Aug 6, 2022 06:20:54.994963884 CEST3086823192.168.2.23107.31.189.40
            Aug 6, 2022 06:20:54.994965076 CEST3086823192.168.2.23202.130.31.196
            Aug 6, 2022 06:20:54.994966030 CEST3086823192.168.2.23211.94.51.52
            Aug 6, 2022 06:20:54.994998932 CEST3086823192.168.2.23221.2.66.32
            Aug 6, 2022 06:20:54.995007038 CEST3086823192.168.2.2398.163.152.162
            Aug 6, 2022 06:20:54.995022058 CEST3086823192.168.2.23193.159.171.20
            Aug 6, 2022 06:20:54.995040894 CEST3086823192.168.2.2327.122.185.1
            Aug 6, 2022 06:20:54.995043039 CEST3086823192.168.2.23176.121.4.179
            Aug 6, 2022 06:20:54.995063066 CEST3086823192.168.2.2354.31.97.202
            Aug 6, 2022 06:20:54.995069981 CEST3086823192.168.2.23154.101.32.79
            Aug 6, 2022 06:20:54.995073080 CEST3086823192.168.2.23187.141.167.220
            Aug 6, 2022 06:20:54.995085955 CEST3086823192.168.2.2359.38.43.155
            Aug 6, 2022 06:20:54.995090961 CEST3086823192.168.2.2370.238.5.202
            Aug 6, 2022 06:20:54.995111942 CEST3086823192.168.2.23151.42.101.69
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
            Aug 6, 2022 06:20:55.054124117 CEST192.168.2.238.8.8.80xf9a3Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:01.118504047 CEST192.168.2.238.8.8.80x4e48Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:10.168927908 CEST192.168.2.238.8.8.80x40a1Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:12.227207899 CEST192.168.2.238.8.8.80x48edStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:22.275098085 CEST192.168.2.238.8.8.80xdd4eStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:27.322024107 CEST192.168.2.238.8.8.80xcdb4Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:33.371695995 CEST192.168.2.238.8.8.80x31b5Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:39.420341969 CEST192.168.2.238.8.8.80x2599Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:42.488002062 CEST192.168.2.238.8.8.80xa3ecStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:43.536468983 CEST192.168.2.238.8.8.80xd48aStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:49.587800980 CEST192.168.2.238.8.8.80xad34Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:21:58.636670113 CEST192.168.2.238.8.8.80xf063Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:08.683094978 CEST192.168.2.238.8.8.80x686cStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:14.733016968 CEST192.168.2.238.8.8.80xde39Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:16.780201912 CEST192.168.2.238.8.8.80xec17Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:17.827028036 CEST192.168.2.238.8.8.80x356cStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:26.923281908 CEST192.168.2.238.8.8.80xfec0Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:33.972594976 CEST192.168.2.238.8.8.80x2f9Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:41.020912886 CEST192.168.2.238.8.8.80x708aStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:49.069212914 CEST192.168.2.238.8.8.80x485aStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:54.119970083 CEST192.168.2.238.8.8.80x2eafStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:22:58.203330994 CEST192.168.2.238.8.8.80xcf8Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:08.251602888 CEST192.168.2.238.8.8.80xbb27Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:12.299897909 CEST192.168.2.238.8.8.80x7627Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:15.347408056 CEST192.168.2.238.8.8.80xe0b7Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:23.402803898 CEST192.168.2.238.8.8.80x3820Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:31.451904058 CEST192.168.2.238.8.8.80x4f03Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:34.501224041 CEST192.168.2.238.8.8.80xb85fStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:39.549057961 CEST192.168.2.238.8.8.80x1afeStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:40.597901106 CEST192.168.2.238.8.8.80xbd4fStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:43.043684959 CEST192.168.2.238.8.8.80xf9a3Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:47.644881964 CEST192.168.2.238.8.8.80xb53bStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:48.718522072 CEST192.168.2.238.8.8.80x5fbStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:49.138235092 CEST192.168.2.238.8.8.80x4e48Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:58.187613964 CEST192.168.2.238.8.8.80x40a1Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:23:58.782862902 CEST192.168.2.238.8.8.80x9d02Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:00.236366987 CEST192.168.2.238.8.8.80x48edStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:03.829914093 CEST192.168.2.238.8.8.80x9a72Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:05.878206968 CEST192.168.2.238.8.8.80x3442Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:10.285254955 CEST192.168.2.238.8.8.80xdd4eStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:10.924487114 CEST192.168.2.238.8.8.80x1d92Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:11.969971895 CEST192.168.2.238.8.8.80xbe30Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:15.337949991 CEST192.168.2.238.8.8.80xcdb4Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:19.017915964 CEST192.168.2.238.8.8.80xa87eStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:21.390042067 CEST192.168.2.238.8.8.80x31b5Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:26.094063997 CEST192.168.2.238.8.8.80x911eStandard query (0)arcticboatz.czA (IP address)IN (0x0001)
            Aug 6, 2022 06:24:27.439021111 CEST192.168.2.238.8.8.80x2599Standard query (0)arcticboatz.czA (IP address)IN (0x0001)
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
            Aug 6, 2022 06:20:55.073971987 CEST8.8.8.8192.168.2.230xf9a3No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:01.137649059 CEST8.8.8.8192.168.2.230x4e48No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:10.188059092 CEST8.8.8.8192.168.2.230x40a1No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:12.246836901 CEST8.8.8.8192.168.2.230x48edNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:22.292320967 CEST8.8.8.8192.168.2.230xdd4eNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:27.341434002 CEST8.8.8.8192.168.2.230xcdb4No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:33.391268015 CEST8.8.8.8192.168.2.230x31b5No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:39.439193964 CEST8.8.8.8192.168.2.230x2599No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:42.507453918 CEST8.8.8.8192.168.2.230xa3ecNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:43.557682037 CEST8.8.8.8192.168.2.230xd48aNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:49.607022047 CEST8.8.8.8192.168.2.230xad34No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:21:58.654369116 CEST8.8.8.8192.168.2.230xf063No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:08.702673912 CEST8.8.8.8192.168.2.230x686cNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:14.750861883 CEST8.8.8.8192.168.2.230xde39No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:16.798026085 CEST8.8.8.8192.168.2.230xec17No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:17.846694946 CEST8.8.8.8192.168.2.230x356cNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:26.942719936 CEST8.8.8.8192.168.2.230xfec0No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:33.991853952 CEST8.8.8.8192.168.2.230x2f9No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:41.041075945 CEST8.8.8.8192.168.2.230x708aNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:49.088829994 CEST8.8.8.8192.168.2.230x485aNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:54.139631987 CEST8.8.8.8192.168.2.230x2eafNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:22:58.222995996 CEST8.8.8.8192.168.2.230xcf8No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:08.271111965 CEST8.8.8.8192.168.2.230xbb27No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:12.317714930 CEST8.8.8.8192.168.2.230x7627No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:15.367042065 CEST8.8.8.8192.168.2.230xe0b7No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:23.422594070 CEST8.8.8.8192.168.2.230x3820No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:31.470913887 CEST8.8.8.8192.168.2.230x4f03No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:34.518801928 CEST8.8.8.8192.168.2.230xb85fNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:39.568897963 CEST8.8.8.8192.168.2.230x1afeNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:40.615494013 CEST8.8.8.8192.168.2.230xbd4fNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:43.062648058 CEST8.8.8.8192.168.2.230xf9a3No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:47.664321899 CEST8.8.8.8192.168.2.230xb53bNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:48.754725933 CEST8.8.8.8192.168.2.230x5fbNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:49.158003092 CEST8.8.8.8192.168.2.230x4e48No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:58.207087040 CEST8.8.8.8192.168.2.230x40a1No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:23:58.801214933 CEST8.8.8.8192.168.2.230x9d02No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:00.256150961 CEST8.8.8.8192.168.2.230x48edNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:03.849462986 CEST8.8.8.8192.168.2.230x9a72No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:05.896336079 CEST8.8.8.8192.168.2.230x3442No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:10.304522038 CEST8.8.8.8192.168.2.230xdd4eNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:10.941411972 CEST8.8.8.8192.168.2.230x1d92No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:11.989578009 CEST8.8.8.8192.168.2.230xbe30No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:15.358570099 CEST8.8.8.8192.168.2.230xcdb4No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:19.037736893 CEST8.8.8.8192.168.2.230xa87eNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:21.409496069 CEST8.8.8.8192.168.2.230x31b5No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:26.113811016 CEST8.8.8.8192.168.2.230x911eNo error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)
            Aug 6, 2022 06:24:27.456790924 CEST8.8.8.8192.168.2.230x2599No error (0)arcticboatz.cz46.23.109.40A (IP address)IN (0x0001)

            System Behavior

            Start time:06:20:54
            Start date:06/08/2022
            Path:/tmp/7TgP3VbC81
            Arguments:/tmp/7TgP3VbC81
            File size:5773336 bytes
            MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9
            Start time:06:20:54
            Start date:06/08/2022
            Path:/tmp/7TgP3VbC81
            Arguments:n/a
            File size:5773336 bytes
            MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9
            Start time:06:20:54
            Start date:06/08/2022
            Path:/tmp/7TgP3VbC81
            Arguments:n/a
            File size:5773336 bytes
            MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9
            Start time:06:20:54
            Start date:06/08/2022
            Path:/tmp/7TgP3VbC81
            Arguments:n/a
            File size:5773336 bytes
            MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9
            Start time:06:20:54
            Start date:06/08/2022
            Path:/tmp/7TgP3VbC81
            Arguments:n/a
            File size:5773336 bytes
            MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9
            Start time:06:20:54
            Start date:06/08/2022
            Path:/tmp/7TgP3VbC81
            Arguments:n/a
            File size:5773336 bytes
            MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9
            Start time:06:23:42
            Start date:06/08/2022
            Path:/tmp/7TgP3VbC81
            Arguments:n/a
            File size:5773336 bytes
            MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9
            Start time:06:20:54
            Start date:06/08/2022
            Path:/tmp/7TgP3VbC81
            Arguments:n/a
            File size:5773336 bytes
            MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9