Edit tour

Linux Analysis Report
zerspc.elf

Overview

General Information

Sample name:zerspc.elf
Analysis ID:1628708
MD5:dcbcc097951aeb29929569bd5d8e992e
SHA1:177f68a3dbbabf286c11638fc078eaf0a0056524
SHA256:53f9cda28d0063032152a724349521a61f5ee7942e123a720ec15148c2a72d2f
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1628708
Start date and time:2025-03-04 03:46:15 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 43s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zerspc.elf
Detection:MAL
Classification:mal52.troj.linELF@0/0@40/0
Command:/tmp/zerspc.elf
PID:5552
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:
  • system is lnxubuntu20
  • zerspc.elf (PID: 5552, Parent: 5478, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/zerspc.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zerspc.elfVirustotal: Detection: 38%Perma Link
Source: zerspc.elfReversingLabs: Detection: 36%

Networking

barindex
Source: global trafficDNS traffic detected: malformed DNS query: watchmepull.dyn. [malformed]
Source: global trafficTCP traffic: 192.168.2.15:52260 -> 46.19.143.10:1440
Source: global trafficTCP traffic: 192.168.2.15:34222 -> 185.159.74.127:1440
Source: /tmp/zerspc.elf (PID: 5552)Socket: 127.0.0.1:39148Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn
Source: global trafficDNS traffic detected: DNS query: ohlookthereismyboats.geek
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn. [malformed]
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal52.troj.linELF@0/0@40/0
Source: /tmp/zerspc.elf (PID: 5552)Queries kernel information via 'uname': Jump to behavior
Source: zerspc.elf, 5552.1.0000557650a96000.0000557650b1b000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
Source: zerspc.elf, 5552.1.0000557650a96000.0000557650b1b000.rw-.sdmpBinary or memory string: PvU!/etc/qemu-binfmt/sparc
Source: zerspc.elf, 5552.1.00007ffec0dec000.00007ffec0e0d000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/zerspc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zerspc.elf
Source: zerspc.elf, 5552.1.00007ffec0dec000.00007ffec0e0d000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1628708 Sample: zerspc.elf Startdate: 04/03/2025 Architecture: LINUX Score: 52 14 watchmepull.dyn. [malformed] 2->14 16 185.159.74.127, 1440, 34222 SAYFANETTR Georgia 2->16 18 2 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 8 zerspc.elf 2->8         started        signatures3 22 Sends malformed DNS queries 14->22 process4 process5 10 zerspc.elf 8->10         started        process6 12 zerspc.elf 10->12         started       
SourceDetectionScannerLabelLink
zerspc.elf38%VirustotalBrowse
zerspc.elf37%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
watchmepull.dyn
46.19.143.10
truefalse
    high
    ohlookthereismyboats.geek
    46.19.143.10
    truefalse
      high
      watchmepull.dyn. [malformed]
      unknown
      unknownfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        46.19.143.10
        watchmepull.dynSwitzerland
        51852PLI-ASCHfalse
        185.159.74.127
        unknownGeorgia
        59447SAYFANETTRfalse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        46.19.143.10zerarm7.elfGet hashmaliciousUnknownBrowse
          zerarm7.elfGet hashmaliciousUnknownBrowse
            zerx86.elfGet hashmaliciousUnknownBrowse
              zerspc.elfGet hashmaliciousUnknownBrowse
                zerarm5.elfGet hashmaliciousUnknownBrowse
                  zerm68k.elfGet hashmaliciousUnknownBrowse
                    zermips.elfGet hashmaliciousUnknownBrowse
                      zerppc.elfGet hashmaliciousUnknownBrowse
                        zerarm.elfGet hashmaliciousUnknownBrowse
                          zermpsl.elfGet hashmaliciousUnknownBrowse
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            ohlookthereismyboats.geeknabarm5.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            nabmpsl.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            nklmips.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            mpsl.elfGet hashmaliciousUnknownBrowse
                            • 1.2.3.4
                            jklarm7.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            nabppc.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            nabarm7.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            nklmpsl.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zerarm7.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            splspc.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            PLI-ASCHzerarm7.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zerarm7.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zerx86.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zerspc.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zerarm5.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zerm68k.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zermips.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zerppc.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zerarm.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            zermpsl.elfGet hashmaliciousUnknownBrowse
                            • 46.19.143.10
                            SAYFANETTRnklmips.elfGet hashmaliciousUnknownBrowse
                            • 167.162.208.146
                            yakov.m68k.elfGet hashmaliciousMiraiBrowse
                            • 167.168.143.126
                            cbr.m68k.elfGet hashmaliciousMiraiBrowse
                            • 167.170.223.105
                            cbr.mips.elfGet hashmaliciousMiraiBrowse
                            • 167.161.40.196
                            cbr.arm7.elfGet hashmaliciousMiraiBrowse
                            • 167.170.67.41
                            owari.ppc.elfGet hashmaliciousUnknownBrowse
                            • 167.166.48.91
                            res.arm.elfGet hashmaliciousMiraiBrowse
                            • 167.183.111.191
                            sh4.elfGet hashmaliciousUnknownBrowse
                            • 167.164.124.192
                            ppc.elfGet hashmaliciousUnknownBrowse
                            • 167.164.124.192
                            res.mips.elfGet hashmaliciousUnknownBrowse
                            • 167.164.242.1
                            No context
                            No context
                            No created / dropped files found
                            File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
                            Entropy (8bit):6.033384667884947
                            TrID:
                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                            File name:zerspc.elf
                            File size:53'712 bytes
                            MD5:dcbcc097951aeb29929569bd5d8e992e
                            SHA1:177f68a3dbbabf286c11638fc078eaf0a0056524
                            SHA256:53f9cda28d0063032152a724349521a61f5ee7942e123a720ec15148c2a72d2f
                            SHA512:4d5728886229766ef66a44d8b81fca368ed4107fffdb6630a3ee1551b25284b45cb7e08159383af9b3fc9968ccd665876edceea8e12be0235210e4eeacea5ea4
                            SSDEEP:768:gnodq9NbwosyoynH9C0KjIa8fel9irO+3xwRitdFv:gn8SNbbUynH9C0Kjf8fxvP
                            TLSH:16335B21BE792E17C0D5B8BA22F34728F3E5560E25A8CB1E7DB20E8DFF1594451076B2
                            File Content Preview:.ELF...........................4.........4. ...(..........................................................%.........dt.Q................................@..(....@.0.................#.....c...`.....!..... ...@.....".........`......$ ... ...@...........`....

                            ELF header

                            Class:ELF32
                            Data:2's complement, big endian
                            Version:1 (current)
                            Machine:Sparc
                            Version Number:0x1
                            Type:EXEC (Executable file)
                            OS/ABI:UNIX - System V
                            ABI Version:0
                            Entry Point Address:0x101a4
                            Flags:0x0
                            ELF Header Size:52
                            Program Header Offset:52
                            Program Header Size:32
                            Number of Program Headers:3
                            Section Header Offset:53272
                            Section Header Size:40
                            Number of Section Headers:11
                            Header String Table Index:10
                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                            NULL0x00x00x00x00x0000
                            .initPROGBITS0x100940x940x1c0x00x6AX004
                            .textPROGBITS0x100b00xb00xc2f40x00x6AX004
                            .finiPROGBITS0x1c3a40xc3a40x140x00x6AX004
                            .rodataPROGBITS0x1c3b80xc3b80x9180x00x2A008
                            .ctorsPROGBITS0x2ccd40xccd40x80x00x3WA004
                            .dtorsPROGBITS0x2ccdc0xccdc0x80x00x3WA004
                            .jcrPROGBITS0x2cce40xcce40x40x00x3WA004
                            .dataPROGBITS0x2cce80xcce80x2ec0x00x3WA008
                            .bssNOBITS0x2cfd80xcfd40x22900x00x3WA008
                            .shstrtabSTRTAB0x00xcfd40x430x00x0001
                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                            LOAD0x00x100000x100000xccd00xccd06.07750x5R E0x10000.init .text .fini .rodata
                            LOAD0xccd40x2ccd40x2ccd40x3000x25942.15530x6RW 0x10000.ctors .dtors .jcr .data .bss
                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                            Download Network PCAP: filteredfull

                            • Total Packets: 101
                            • 1440 undefined
                            • 53 (DNS)
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 4, 2025 03:47:13.855627060 CET522601440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:13.860702991 CET14405226046.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:13.860753059 CET522601440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:13.873411894 CET522601440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:13.878458023 CET14405226046.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:13.878500938 CET522601440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:13.883536100 CET14405226046.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:23.883862972 CET522601440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:23.890997887 CET14405226046.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:24.084822893 CET14405226046.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:24.085608959 CET522601440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:24.092479944 CET14405226046.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:24.107275963 CET342221440192.168.2.15185.159.74.127
                            Mar 4, 2025 03:47:24.112504959 CET144034222185.159.74.127192.168.2.15
                            Mar 4, 2025 03:47:24.112580061 CET342221440192.168.2.15185.159.74.127
                            Mar 4, 2025 03:47:24.113498926 CET342221440192.168.2.15185.159.74.127
                            Mar 4, 2025 03:47:24.120558023 CET144034222185.159.74.127192.168.2.15
                            Mar 4, 2025 03:47:24.120619059 CET342221440192.168.2.15185.159.74.127
                            Mar 4, 2025 03:47:24.127686024 CET144034222185.159.74.127192.168.2.15
                            Mar 4, 2025 03:47:34.900449038 CET144034222185.159.74.127192.168.2.15
                            Mar 4, 2025 03:47:34.900751114 CET342221440192.168.2.15185.159.74.127
                            Mar 4, 2025 03:47:34.905911922 CET144034222185.159.74.127192.168.2.15
                            Mar 4, 2025 03:47:34.926783085 CET522641440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:34.932009935 CET14405226446.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:34.932080030 CET522641440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:34.933325052 CET522641440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:34.938395023 CET14405226446.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:34.938556910 CET522641440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:34.943635941 CET14405226446.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:45.488172054 CET14405226446.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:45.488527060 CET522641440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:45.495085001 CET14405226446.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:45.660968065 CET522661440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:45.667686939 CET14405226646.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:45.667792082 CET522661440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:45.669049978 CET522661440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:45.675545931 CET14405226646.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:45.675633907 CET522661440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:45.682230949 CET14405226646.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:56.247838974 CET14405226646.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:56.248446941 CET522661440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:56.253468990 CET14405226646.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:56.289484024 CET522681440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:56.294600964 CET14405226846.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:56.294686079 CET522681440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:56.296269894 CET522681440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:56.301314116 CET14405226846.19.143.10192.168.2.15
                            Mar 4, 2025 03:47:56.301389933 CET522681440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:47:56.306476116 CET14405226846.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:06.842907906 CET14405226846.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:06.843271971 CET522681440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:06.848819017 CET14405226846.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:06.945168018 CET522701440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:06.950491905 CET14405227046.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:06.950601101 CET522701440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:06.952049017 CET522701440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:06.958489895 CET14405227046.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:06.958559036 CET522701440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:06.966922045 CET14405227046.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:17.506669044 CET14405227046.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:17.507353067 CET522701440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:17.512408018 CET14405227046.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:17.705450058 CET522721440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:17.710583925 CET14405227246.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:17.710719109 CET522721440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:17.712367058 CET522721440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:17.717497110 CET14405227246.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:17.717572927 CET522721440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:17.722661018 CET14405227246.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:27.722299099 CET522721440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:27.727354050 CET14405227246.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:27.915122986 CET14405227246.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:27.915443897 CET522721440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:27.920555115 CET14405227246.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:28.369541883 CET522741440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:28.374607086 CET14405227446.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:28.374664068 CET522741440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:28.376068115 CET522741440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:28.381112099 CET14405227446.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:28.381164074 CET522741440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:28.386200905 CET14405227446.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:38.939337015 CET14405227446.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:38.940320015 CET522741440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:38.945462942 CET14405227446.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:39.139496088 CET522761440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:39.144598007 CET14405227646.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:39.144676924 CET522761440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:39.145962000 CET522761440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:39.150928974 CET14405227646.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:39.150998116 CET522761440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:39.156265974 CET14405227646.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:49.737819910 CET14405227646.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:49.738035917 CET522761440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:49.743096113 CET14405227646.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:49.901581049 CET522781440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:49.906609058 CET14405227846.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:49.906686068 CET522781440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:49.907669067 CET522781440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:49.912724972 CET14405227846.19.143.10192.168.2.15
                            Mar 4, 2025 03:48:49.912775040 CET522781440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:48:49.917853117 CET14405227846.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:00.470617056 CET14405227846.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:00.470815897 CET522781440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:00.475986004 CET14405227846.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:00.932667017 CET522801440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:00.937946081 CET14405228046.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:00.938268900 CET522801440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:00.940306902 CET522801440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:00.945414066 CET14405228046.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:00.945563078 CET522801440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:00.950651884 CET14405228046.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:11.501929045 CET14405228046.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:11.502500057 CET522801440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:11.508357048 CET14405228046.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:11.522588968 CET522821440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:11.527679920 CET14405228246.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:11.527760983 CET522821440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:11.528723955 CET522821440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:11.533729076 CET14405228246.19.143.10192.168.2.15
                            Mar 4, 2025 03:49:11.533807039 CET522821440192.168.2.1546.19.143.10
                            Mar 4, 2025 03:49:11.538955927 CET14405228246.19.143.10192.168.2.15
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 4, 2025 03:47:13.836800098 CET5883553192.168.2.15152.53.15.127
                            Mar 4, 2025 03:47:13.854707003 CET5358835152.53.15.127192.168.2.15
                            Mar 4, 2025 03:47:24.088044882 CET4603353192.168.2.15202.61.197.122
                            Mar 4, 2025 03:47:24.106555939 CET5346033202.61.197.122192.168.2.15
                            Mar 4, 2025 03:47:34.902545929 CET5342053192.168.2.15194.36.144.87
                            Mar 4, 2025 03:47:34.925882101 CET5353420194.36.144.87192.168.2.15
                            Mar 4, 2025 03:47:45.490015984 CET4675553192.168.2.1581.169.136.222
                            Mar 4, 2025 03:47:45.524311066 CET534675581.169.136.222192.168.2.15
                            Mar 4, 2025 03:47:45.526027918 CET4998853192.168.2.1581.169.136.222
                            Mar 4, 2025 03:47:45.557591915 CET534998881.169.136.222192.168.2.15
                            Mar 4, 2025 03:47:45.559231997 CET4777653192.168.2.1581.169.136.222
                            Mar 4, 2025 03:47:45.591871023 CET534777681.169.136.222192.168.2.15
                            Mar 4, 2025 03:47:45.593441963 CET3922653192.168.2.1581.169.136.222
                            Mar 4, 2025 03:47:45.625277996 CET533922681.169.136.222192.168.2.15
                            Mar 4, 2025 03:47:45.626944065 CET5195253192.168.2.1581.169.136.222
                            Mar 4, 2025 03:47:45.660013914 CET535195281.169.136.222192.168.2.15
                            Mar 4, 2025 03:47:56.250716925 CET4219553192.168.2.15185.181.61.24
                            Mar 4, 2025 03:47:56.288199902 CET5342195185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:06.845238924 CET5586553192.168.2.15152.53.15.127
                            Mar 4, 2025 03:48:06.863373995 CET5355865152.53.15.127192.168.2.15
                            Mar 4, 2025 03:48:06.865091085 CET5701953192.168.2.15152.53.15.127
                            Mar 4, 2025 03:48:06.883708000 CET5357019152.53.15.127192.168.2.15
                            Mar 4, 2025 03:48:06.885323048 CET3883753192.168.2.15152.53.15.127
                            Mar 4, 2025 03:48:06.904256105 CET5338837152.53.15.127192.168.2.15
                            Mar 4, 2025 03:48:06.905776024 CET3405453192.168.2.15152.53.15.127
                            Mar 4, 2025 03:48:06.923927069 CET5334054152.53.15.127192.168.2.15
                            Mar 4, 2025 03:48:06.925708055 CET4737453192.168.2.15152.53.15.127
                            Mar 4, 2025 03:48:06.944479942 CET5347374152.53.15.127192.168.2.15
                            Mar 4, 2025 03:48:17.509505033 CET3338553192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:17.546992064 CET5333385185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:17.548887968 CET3638753192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:17.586466074 CET5336387185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:17.588501930 CET5198353192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:17.626080036 CET5351983185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:17.627696037 CET4184053192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:17.665205002 CET5341840185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:17.667190075 CET5415453192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:17.704550028 CET5354154185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:27.917573929 CET4828953192.168.2.15168.235.111.72
                            Mar 4, 2025 03:48:28.005429983 CET5348289168.235.111.72192.168.2.15
                            Mar 4, 2025 03:48:28.007334948 CET3570653192.168.2.15168.235.111.72
                            Mar 4, 2025 03:48:28.094758987 CET5335706168.235.111.72192.168.2.15
                            Mar 4, 2025 03:48:28.096786022 CET3592953192.168.2.15168.235.111.72
                            Mar 4, 2025 03:48:28.187994957 CET5335929168.235.111.72192.168.2.15
                            Mar 4, 2025 03:48:28.189831018 CET6091253192.168.2.15168.235.111.72
                            Mar 4, 2025 03:48:28.279175997 CET5360912168.235.111.72192.168.2.15
                            Mar 4, 2025 03:48:28.280502081 CET3355353192.168.2.15168.235.111.72
                            Mar 4, 2025 03:48:28.368906975 CET5333553168.235.111.72192.168.2.15
                            Mar 4, 2025 03:48:38.942591906 CET5501753192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:38.980079889 CET5355017185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:38.982171059 CET5229653192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:39.019689083 CET5352296185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:39.021752119 CET4026653192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:39.059221029 CET5340266185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:39.061196089 CET3828553192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:39.098578930 CET5338285185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:39.100663900 CET4811853192.168.2.15185.181.61.24
                            Mar 4, 2025 03:48:39.138292074 CET5348118185.181.61.24192.168.2.15
                            Mar 4, 2025 03:48:49.739145041 CET3826753192.168.2.1581.169.136.222
                            Mar 4, 2025 03:48:49.770539999 CET533826781.169.136.222192.168.2.15
                            Mar 4, 2025 03:48:49.771635056 CET5368453192.168.2.1581.169.136.222
                            Mar 4, 2025 03:48:49.803081989 CET535368481.169.136.222192.168.2.15
                            Mar 4, 2025 03:48:49.804106951 CET4202153192.168.2.1581.169.136.222
                            Mar 4, 2025 03:48:49.835093021 CET534202181.169.136.222192.168.2.15
                            Mar 4, 2025 03:48:49.836479902 CET4073153192.168.2.1581.169.136.222
                            Mar 4, 2025 03:48:49.867887020 CET534073181.169.136.222192.168.2.15
                            Mar 4, 2025 03:48:49.869642019 CET5110353192.168.2.1581.169.136.222
                            Mar 4, 2025 03:48:49.900918007 CET535110381.169.136.222192.168.2.15
                            Mar 4, 2025 03:49:00.472552061 CET4602553192.168.2.15168.235.111.72
                            Mar 4, 2025 03:49:00.566097975 CET5346025168.235.111.72192.168.2.15
                            Mar 4, 2025 03:49:00.568698883 CET4712953192.168.2.15168.235.111.72
                            Mar 4, 2025 03:49:00.657872915 CET5347129168.235.111.72192.168.2.15
                            Mar 4, 2025 03:49:00.660152912 CET6056753192.168.2.15168.235.111.72
                            Mar 4, 2025 03:49:00.747507095 CET5360567168.235.111.72192.168.2.15
                            Mar 4, 2025 03:49:00.750189066 CET3596453192.168.2.15168.235.111.72
                            Mar 4, 2025 03:49:00.839553118 CET5335964168.235.111.72192.168.2.15
                            Mar 4, 2025 03:49:00.841995001 CET4276753192.168.2.15168.235.111.72
                            Mar 4, 2025 03:49:00.930934906 CET5342767168.235.111.72192.168.2.15
                            Mar 4, 2025 03:49:11.504659891 CET5989053192.168.2.15194.36.144.87
                            Mar 4, 2025 03:49:11.521759033 CET5359890194.36.144.87192.168.2.15
                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Mar 4, 2025 03:47:13.836800098 CET192.168.2.15152.53.15.1270xed34Standard query (0)watchmepull.dynA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:24.088044882 CET192.168.2.15202.61.197.1220xef7bStandard query (0)watchmepull.dynA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:34.902545929 CET192.168.2.15194.36.144.870x7d5aStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.490015984 CET192.168.2.1581.169.136.2220xcb37Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.526027918 CET192.168.2.1581.169.136.2220xcb37Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.559231997 CET192.168.2.1581.169.136.2220xcb37Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.593441963 CET192.168.2.1581.169.136.2220xcb37Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.626944065 CET192.168.2.1581.169.136.2220xcb37Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:56.250716925 CET192.168.2.15185.181.61.240x78c2Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:48:06.845238924 CET192.168.2.15152.53.15.1270xc172Standard query (0)watchmepull.dyn. [malformed]256486false
                            Mar 4, 2025 03:48:06.865091085 CET192.168.2.15152.53.15.1270xc172Standard query (0)watchmepull.dyn. [malformed]256486false
                            Mar 4, 2025 03:48:06.885323048 CET192.168.2.15152.53.15.1270xc172Standard query (0)watchmepull.dyn. [malformed]256486false
                            Mar 4, 2025 03:48:06.905776024 CET192.168.2.15152.53.15.1270xc172Standard query (0)watchmepull.dyn. [malformed]256486false
                            Mar 4, 2025 03:48:06.925708055 CET192.168.2.15152.53.15.1270xc172Standard query (0)watchmepull.dyn. [malformed]256486false
                            Mar 4, 2025 03:48:17.509505033 CET192.168.2.15185.181.61.240xeca3Standard query (0)watchmepull.dyn. [malformed]256497false
                            Mar 4, 2025 03:48:17.548887968 CET192.168.2.15185.181.61.240xeca3Standard query (0)watchmepull.dyn. [malformed]256497false
                            Mar 4, 2025 03:48:17.588501930 CET192.168.2.15185.181.61.240xeca3Standard query (0)watchmepull.dyn. [malformed]256497false
                            Mar 4, 2025 03:48:17.627696037 CET192.168.2.15185.181.61.240xeca3Standard query (0)watchmepull.dyn. [malformed]256497false
                            Mar 4, 2025 03:48:17.667190075 CET192.168.2.15185.181.61.240xeca3Standard query (0)watchmepull.dyn. [malformed]256497false
                            Mar 4, 2025 03:48:27.917573929 CET192.168.2.15168.235.111.720xe467Standard query (0)watchmepull.dyn. [malformed]256507false
                            Mar 4, 2025 03:48:28.007334948 CET192.168.2.15168.235.111.720xe467Standard query (0)watchmepull.dyn. [malformed]256508false
                            Mar 4, 2025 03:48:28.096786022 CET192.168.2.15168.235.111.720xe467Standard query (0)watchmepull.dyn. [malformed]256508false
                            Mar 4, 2025 03:48:28.189831018 CET192.168.2.15168.235.111.720xe467Standard query (0)watchmepull.dyn. [malformed]256508false
                            Mar 4, 2025 03:48:28.280502081 CET192.168.2.15168.235.111.720xe467Standard query (0)watchmepull.dyn. [malformed]256508false
                            Mar 4, 2025 03:48:38.942591906 CET192.168.2.15185.181.61.240x5fe6Standard query (0)watchmepull.dyn. [malformed]256262false
                            Mar 4, 2025 03:48:38.982171059 CET192.168.2.15185.181.61.240x5fe6Standard query (0)watchmepull.dyn. [malformed]256263false
                            Mar 4, 2025 03:48:39.021752119 CET192.168.2.15185.181.61.240x5fe6Standard query (0)watchmepull.dyn. [malformed]256263false
                            Mar 4, 2025 03:48:39.061196089 CET192.168.2.15185.181.61.240x5fe6Standard query (0)watchmepull.dyn. [malformed]256263false
                            Mar 4, 2025 03:48:39.100663900 CET192.168.2.15185.181.61.240x5fe6Standard query (0)watchmepull.dyn. [malformed]256263false
                            Mar 4, 2025 03:48:49.739145041 CET192.168.2.1581.169.136.2220xc916Standard query (0)watchmepull.dyn. [malformed]256273false
                            Mar 4, 2025 03:48:49.771635056 CET192.168.2.1581.169.136.2220xc916Standard query (0)watchmepull.dyn. [malformed]256273false
                            Mar 4, 2025 03:48:49.804106951 CET192.168.2.1581.169.136.2220xc916Standard query (0)watchmepull.dyn. [malformed]256273false
                            Mar 4, 2025 03:48:49.836479902 CET192.168.2.1581.169.136.2220xc916Standard query (0)watchmepull.dyn. [malformed]256273false
                            Mar 4, 2025 03:48:49.869642019 CET192.168.2.1581.169.136.2220xc916Standard query (0)watchmepull.dyn. [malformed]256273false
                            Mar 4, 2025 03:49:00.472552061 CET192.168.2.15168.235.111.720x47acStandard query (0)watchmepull.dyn. [malformed]256284false
                            Mar 4, 2025 03:49:00.568698883 CET192.168.2.15168.235.111.720x47acStandard query (0)watchmepull.dyn. [malformed]256284false
                            Mar 4, 2025 03:49:00.660152912 CET192.168.2.15168.235.111.720x47acStandard query (0)watchmepull.dyn. [malformed]256284false
                            Mar 4, 2025 03:49:00.750189066 CET192.168.2.15168.235.111.720x47acStandard query (0)watchmepull.dyn. [malformed]256284false
                            Mar 4, 2025 03:49:00.841995001 CET192.168.2.15168.235.111.720x47acStandard query (0)watchmepull.dyn. [malformed]256284false
                            Mar 4, 2025 03:49:11.504659891 CET192.168.2.15194.36.144.870xea47Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Mar 4, 2025 03:47:13.854707003 CET152.53.15.127192.168.2.150xed34No error (0)watchmepull.dyn46.19.143.10A (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:24.106555939 CET202.61.197.122192.168.2.150xef7bNo error (0)watchmepull.dyn185.159.74.127A (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:24.106555939 CET202.61.197.122192.168.2.150xef7bNo error (0)watchmepull.dyn46.19.143.10A (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:34.925882101 CET194.36.144.87192.168.2.150x7d5aNo error (0)ohlookthereismyboats.geek46.19.143.10A (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.524311066 CET81.169.136.222192.168.2.150xcb37Name error (3)ohlookthereismyboats.geeknonenoneA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.557591915 CET81.169.136.222192.168.2.150xcb37Name error (3)ohlookthereismyboats.geeknonenoneA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.591871023 CET81.169.136.222192.168.2.150xcb37Name error (3)ohlookthereismyboats.geeknonenoneA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.625277996 CET81.169.136.222192.168.2.150xcb37Name error (3)ohlookthereismyboats.geeknonenoneA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:45.660013914 CET81.169.136.222192.168.2.150xcb37Name error (3)ohlookthereismyboats.geeknonenoneA (IP address)IN (0x0001)false
                            Mar 4, 2025 03:47:56.288199902 CET185.181.61.24192.168.2.150x78c2No error (0)ohlookthereismyboats.geek46.19.143.10A (IP address)IN (0x0001)false
                            Mar 4, 2025 03:48:06.863373995 CET152.53.15.127192.168.2.150xc172Format error (1)watchmepull.dyn. [malformed]nonenone256486false
                            Mar 4, 2025 03:48:06.883708000 CET152.53.15.127192.168.2.150xc172Format error (1)watchmepull.dyn. [malformed]nonenone256486false
                            Mar 4, 2025 03:48:06.904256105 CET152.53.15.127192.168.2.150xc172Format error (1)watchmepull.dyn. [malformed]nonenone256486false
                            Mar 4, 2025 03:48:06.923927069 CET152.53.15.127192.168.2.150xc172Format error (1)watchmepull.dyn. [malformed]nonenone256486false
                            Mar 4, 2025 03:48:06.944479942 CET152.53.15.127192.168.2.150xc172Format error (1)watchmepull.dyn. [malformed]nonenone256486false
                            Mar 4, 2025 03:49:11.521759033 CET194.36.144.87192.168.2.150xea47No error (0)ohlookthereismyboats.geek46.19.143.10A (IP address)IN (0x0001)false

                            System Behavior

                            Start time (UTC):02:47:13
                            Start date (UTC):04/03/2025
                            Path:/tmp/zerspc.elf
                            Arguments:/tmp/zerspc.elf
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                            Start time (UTC):02:47:13
                            Start date (UTC):04/03/2025
                            Path:/tmp/zerspc.elf
                            Arguments:-
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                            Start time (UTC):02:47:13
                            Start date (UTC):04/03/2025
                            Path:/tmp/zerspc.elf
                            Arguments:-
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e