Edit tour

Linux Analysis Report
zerx86.elf

Overview

General Information

Sample name:zerx86.elf
Analysis ID:1633211
MD5:c17843bdb7476299eaf606d81b7388c8
SHA1:85d0bc55f005963f79ff74cf1c165526f4c14f21
SHA256:54b6884ce916a7fb61d580246410112f100e40fd4a799cafe7de0e1f26c293c6
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1633211
Start date and time:2025-03-10 02:59:51 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 15s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zerx86.elf
Detection:MAL
Classification:mal60.troj.linELF@0/0@35/0
Command:/tmp/zerx86.elf
PID:6265
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:
  • system is lnxubuntu20
  • zerx86.elf (PID: 6265, Parent: 6193, MD5: c17843bdb7476299eaf606d81b7388c8) Arguments: /tmp/zerx86.elf
  • cleanup
SourceRuleDescriptionAuthorStrings
zerx86.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
  • 0x3fd0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
zerx86.elfLinux_Trojan_Mirai_88de437funknownunknown
  • 0x7aa2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
zerx86.elfLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x84f5:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
zerx86.elfLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x7a72:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
SourceRuleDescriptionAuthorStrings
6265.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
  • 0x3fd0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6265.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
  • 0x7aa2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6265.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x84f5:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6265.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x7a72:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zerx86.elfVirustotal: Detection: 42%Perma Link
Source: zerx86.elfReversingLabs: Detection: 44%

Networking

barindex
Source: global trafficDNS traffic detected: malformed DNS query: watchmepull.dyn. [malformed]
Source: global trafficTCP traffic: 192.168.2.23:41832 -> 185.220.204.227:1945
Source: global trafficTCP traffic: 192.168.2.23:54370 -> 45.147.251.145:1440
Source: global trafficTCP traffic: 192.168.2.23:36764 -> 159.89.101.70:1990
Source: global trafficTCP traffic: 192.168.2.23:53968 -> 64.227.79.152:1945
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: global trafficDNS traffic detected: DNS query: ohlookthereismyboats.geek
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn. [malformed]
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6265.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6265.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6265.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6265.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: ELF static info symbol of initial sample.symtab present: no
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6265.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6265.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6265.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6265.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: classification engineClassification label: mal60.troj.linELF@0/0@35/0
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1582/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/3088/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/230/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/110/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/231/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/111/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/232/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1579/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/112/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/233/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1699/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/113/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/234/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1335/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1698/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/114/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/235/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1334/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1576/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/2302/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/115/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/236/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/116/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/237/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/117/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/118/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/910/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/119/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/912/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/10/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/2307/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/11/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/918/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/12/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/13/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/14/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/15/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/16/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/17/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/18/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1594/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/120/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/121/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1349/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/122/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/243/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/123/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/2/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/124/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/3/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/4/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/125/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/126/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1344/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1465/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1586/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/127/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/6/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/248/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/128/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/249/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1463/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/800/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/9/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/801/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/20/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/21/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1900/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/22/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/23/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/6251/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/24/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/25/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/26/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/27/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/28/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/29/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/491/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/250/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/130/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/251/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/6250/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/252/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/132/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/253/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/254/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/255/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/256/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1599/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/257/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1477/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/379/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/258/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1476/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/259/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1475/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/936/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/30/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/2208/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/35/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/6265/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1809/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/1494/commJump to behavior
Source: /tmp/zerx86.elf (PID: 6265)File opened: /proc/260/commJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
System Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol
Traffic DuplicationData Destruction
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1633211 Sample: zerx86.elf Startdate: 10/03/2025 Architecture: LINUX Score: 60 14 watchmepull.dyn. [malformed] 2->14 16 45.147.251.145, 1440, 54370, 54372 RACKMARKTES Germany 2->16 18 6 other IPs or domains 2->18 20 Malicious sample detected (through community Yara rule) 2->20 22 Multi AV Scanner detection for submitted file 2->22 8 zerx86.elf 2->8         started        signatures3 24 Sends malformed DNS queries 14->24 process4 process5 10 zerx86.elf 8->10         started        process6 12 zerx86.elf 10->12         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
zerx86.elf43%VirustotalBrowse
zerx86.elf45%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
ohlookthereismyboats.geek
159.89.101.70
truefalse
    high
    watchmepull.dyn. [malformed]
    unknown
    unknownfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      159.89.101.70
      ohlookthereismyboats.geekUnited States
      14061DIGITALOCEAN-ASNUSfalse
      109.202.202.202
      unknownSwitzerland
      13030INIT7CHfalse
      45.147.251.145
      unknownGermany
      197518RACKMARKTESfalse
      64.227.79.152
      unknownUnited States
      14061DIGITALOCEAN-ASNUSfalse
      185.220.204.227
      unknownIsrael
      41436CLOUDWEBMANAGE-EUGBfalse
      91.189.91.43
      unknownUnited Kingdom
      41231CANONICAL-ASGBfalse
      91.189.91.42
      unknownUnited Kingdom
      41231CANONICAL-ASGBfalse
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      64.227.79.152zerspc.elfGet hashmaliciousUnknownBrowse
        zerppc.elfGet hashmaliciousUnknownBrowse
          zermpsl.elfGet hashmaliciousUnknownBrowse
            zerm68k.elfGet hashmaliciousUnknownBrowse
              zerarm7.elfGet hashmaliciousUnknownBrowse
                zerarm7.elfGet hashmaliciousUnknownBrowse
                  185.220.204.227zerppc.elfGet hashmaliciousUnknownBrowse
                    zermpsl.elfGet hashmaliciousUnknownBrowse
                      zerm68k.elfGet hashmaliciousUnknownBrowse
                        zersh4.elfGet hashmaliciousUnknownBrowse
                          zerarm7.elfGet hashmaliciousUnknownBrowse
                            159.89.101.70zerspc.elfGet hashmaliciousUnknownBrowse
                              zerppc.elfGet hashmaliciousUnknownBrowse
                                zermpsl.elfGet hashmaliciousUnknownBrowse
                                  zerm68k.elfGet hashmaliciousUnknownBrowse
                                    zersh4.elfGet hashmaliciousUnknownBrowse
                                      zerarm7.elfGet hashmaliciousUnknownBrowse
                                        109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                                        • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                                        45.147.251.145zerspc.elfGet hashmaliciousUnknownBrowse
                                          zerppc.elfGet hashmaliciousUnknownBrowse
                                            zermpsl.elfGet hashmaliciousUnknownBrowse
                                              zerm68k.elfGet hashmaliciousUnknownBrowse
                                                zersh4.elfGet hashmaliciousUnknownBrowse
                                                  zerarm7.elfGet hashmaliciousUnknownBrowse
                                                    zerarm7.elfGet hashmaliciousUnknownBrowse
                                                      zerx86.elfGet hashmaliciousUnknownBrowse
                                                        zerarm.elfGet hashmaliciousUnknownBrowse
                                                          zermpsl.elfGet hashmaliciousUnknownBrowse
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            ohlookthereismyboats.geeknklmpsl.elfGet hashmaliciousUnknownBrowse
                                                            • 185.220.204.227
                                                            zerspc.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            zerppc.elfGet hashmaliciousUnknownBrowse
                                                            • 64.227.79.152
                                                            zermpsl.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            nklppc.elfGet hashmaliciousUnknownBrowse
                                                            • 64.227.79.152
                                                            zerm68k.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            nklsh4.elfGet hashmaliciousUnknownBrowse
                                                            • 64.227.79.152
                                                            nklarm5.elfGet hashmaliciousUnknownBrowse
                                                            • 64.227.79.152
                                                            nklm68k.elfGet hashmaliciousUnknownBrowse
                                                            • 185.220.204.227
                                                            zersh4.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            RACKMARKTESzerspc.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            zerppc.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            zermpsl.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            zerm68k.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            zersh4.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            zerarm7.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            i686.elfGet hashmaliciousUnknownBrowse
                                                            • 185.194.179.220
                                                            zerarm7.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            zerx86.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            zerarm.elfGet hashmaliciousUnknownBrowse
                                                            • 45.147.251.145
                                                            CLOUDWEBMANAGE-EUGBzerppc.elfGet hashmaliciousUnknownBrowse
                                                            • 185.220.204.227
                                                            zermpsl.elfGet hashmaliciousUnknownBrowse
                                                            • 185.220.204.227
                                                            zerm68k.elfGet hashmaliciousUnknownBrowse
                                                            • 185.220.204.227
                                                            zersh4.elfGet hashmaliciousUnknownBrowse
                                                            • 185.220.204.227
                                                            zerarm7.elfGet hashmaliciousUnknownBrowse
                                                            • 185.220.204.227
                                                            https://basvur-acildenizv2denizkredi.site/Get hashmaliciousHTMLPhisherBrowse
                                                            • 5.180.183.64
                                                            https://basvur-acildenizv2denizkredi.xyz/Get hashmaliciousHTMLPhisherBrowse
                                                            • 5.180.183.64
                                                            4gMmUx86OA.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            • 5.180.183.1
                                                            o5fQSrt5Ds.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            • 5.180.183.1
                                                            pvuhl7xszp.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            • 5.180.183.1
                                                            INIT7CHzerppc.elfGet hashmaliciousUnknownBrowse
                                                            • 109.202.202.202
                                                            zerm68k.elfGet hashmaliciousUnknownBrowse
                                                            • 109.202.202.202
                                                            .i.elfGet hashmaliciousUnknownBrowse
                                                            • 109.202.202.202
                                                            splarm6.elfGet hashmaliciousUnknownBrowse
                                                            • 109.202.202.202
                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                            • 109.202.202.202
                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                            • 109.202.202.202
                                                            .i.elfGet hashmaliciousUnknownBrowse
                                                            • 109.202.202.202
                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                            • 109.202.202.202
                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                            • 109.202.202.202
                                                            debug.dbg.elfGet hashmaliciousUnknownBrowse
                                                            • 109.202.202.202
                                                            DIGITALOCEAN-ASNUSzerspc.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            zerppc.elfGet hashmaliciousUnknownBrowse
                                                            • 64.227.79.152
                                                            zermpsl.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            zerm68k.elfGet hashmaliciousUnknownBrowse
                                                            • 64.227.79.152
                                                            zersh4.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            arm.elfGet hashmaliciousUnknownBrowse
                                                            • 162.243.214.160
                                                            nabsh4.elfGet hashmaliciousUnknownBrowse
                                                            • 188.226.156.47
                                                            splarm5.elfGet hashmaliciousUnknownBrowse
                                                            • 178.128.131.24
                                                            splppc.elfGet hashmaliciousUnknownBrowse
                                                            • 167.174.154.137
                                                            zerarm7.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            DIGITALOCEAN-ASNUSzerspc.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            zerppc.elfGet hashmaliciousUnknownBrowse
                                                            • 64.227.79.152
                                                            zermpsl.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            zerm68k.elfGet hashmaliciousUnknownBrowse
                                                            • 64.227.79.152
                                                            zersh4.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            arm.elfGet hashmaliciousUnknownBrowse
                                                            • 162.243.214.160
                                                            nabsh4.elfGet hashmaliciousUnknownBrowse
                                                            • 188.226.156.47
                                                            splarm5.elfGet hashmaliciousUnknownBrowse
                                                            • 178.128.131.24
                                                            splppc.elfGet hashmaliciousUnknownBrowse
                                                            • 167.174.154.137
                                                            zerarm7.elfGet hashmaliciousUnknownBrowse
                                                            • 159.89.101.70
                                                            No context
                                                            No context
                                                            No created / dropped files found
                                                            File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                                                            Entropy (8bit):6.3655900791559
                                                            TrID:
                                                            • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                            • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                            File name:zerx86.elf
                                                            File size:46'172 bytes
                                                            MD5:c17843bdb7476299eaf606d81b7388c8
                                                            SHA1:85d0bc55f005963f79ff74cf1c165526f4c14f21
                                                            SHA256:54b6884ce916a7fb61d580246410112f100e40fd4a799cafe7de0e1f26c293c6
                                                            SHA512:2e3b6547cc07912aaec377b07e5dcd5bc60caeb11b5027c229cc80a295e7d163cb5ca261a5b6a9132d55196fbec104b457b2803c0270f6b515acd930579b6ce2
                                                            SSDEEP:768:qK9Q8sbsAUkwsUnUZx0+xBrx0NrVk/0aW5Ag+yGQZz6PPjzrKw/YJt31Dxe0/F:L9Q8sbsAUkwsUnCx0+xBrx0Fy875Ag+W
                                                            TLSH:9D232AC1A843DAF4D82505707477FB325A73E53F511DEA83E3999A33AC62601E60B2DE
                                                            File Content Preview:.ELF....................d...4...........4. ...(.....................`...`...............d...dA..dA......<...........Q.td............................U..S............h....s...[]...$.............U......=`B...t..5.....A......A......u........t....h`1..........

                                                            ELF header

                                                            Class:ELF32
                                                            Data:2's complement, little endian
                                                            Version:1 (current)
                                                            Machine:Intel 80386
                                                            Version Number:0x1
                                                            Type:EXEC (Executable file)
                                                            OS/ABI:UNIX - System V
                                                            ABI Version:0
                                                            Entry Point Address:0x8048164
                                                            Flags:0x0
                                                            ELF Header Size:52
                                                            Program Header Offset:52
                                                            Program Header Size:32
                                                            Number of Program Headers:3
                                                            Section Header Offset:45732
                                                            Section Header Size:40
                                                            Number of Section Headers:11
                                                            Header String Table Index:10
                                                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                            NULL0x00x00x00x00x0000
                                                            .initPROGBITS0x80480940x940x1c0x00x6AX001
                                                            .textPROGBITS0x80480b00xb00xa6960x00x6AX0016
                                                            .finiPROGBITS0x80527460xa7460x170x00x6AX001
                                                            .rodataPROGBITS0x80527600xa7600xa000x00x2A0032
                                                            .ctorsPROGBITS0x80541640xb1640x80x00x3WA004
                                                            .dtorsPROGBITS0x805416c0xb16c0x80x00x3WA004
                                                            .jcrPROGBITS0x80541740xb1740x40x00x3WA004
                                                            .dataPROGBITS0x80541a00xb1a00xc00x00x3WA0032
                                                            .bssNOBITS0x80542600xb2600x6400x00x3WA0032
                                                            .shstrtabSTRTAB0x00xb2600x430x00x0001
                                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                            LOAD0x00x80480000x80480000xb1600xb1606.39260x5R E0x1000.init .text .fini .rodata
                                                            LOAD0xb1640x80541640x80541640xfc0x73c3.56910x6RW 0x1000.ctors .dtors .jcr .data .bss
                                                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                            Download Network PCAP: filteredfull

                                                            • Total Packets: 98
                                                            • 1990 undefined
                                                            • 1945 undefined
                                                            • 1440 undefined
                                                            • 443 (HTTPS)
                                                            • 80 (HTTP)
                                                            • 53 (DNS)
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Mar 10, 2025 03:01:00.543106079 CET418321945192.168.2.23185.220.204.227
                                                            Mar 10, 2025 03:01:00.548275948 CET194541832185.220.204.227192.168.2.23
                                                            Mar 10, 2025 03:01:00.548329115 CET418321945192.168.2.23185.220.204.227
                                                            Mar 10, 2025 03:01:00.548366070 CET418321945192.168.2.23185.220.204.227
                                                            Mar 10, 2025 03:01:00.553361893 CET194541832185.220.204.227192.168.2.23
                                                            Mar 10, 2025 03:01:00.553452969 CET418321945192.168.2.23185.220.204.227
                                                            Mar 10, 2025 03:01:00.559314966 CET194541832185.220.204.227192.168.2.23
                                                            Mar 10, 2025 03:01:00.715573072 CET43928443192.168.2.2391.189.91.42
                                                            Mar 10, 2025 03:01:06.090842962 CET42836443192.168.2.2391.189.91.43
                                                            Mar 10, 2025 03:01:10.557140112 CET418321945192.168.2.23185.220.204.227
                                                            Mar 10, 2025 03:01:10.562242031 CET194541832185.220.204.227192.168.2.23
                                                            Mar 10, 2025 03:01:10.751715899 CET194541832185.220.204.227192.168.2.23
                                                            Mar 10, 2025 03:01:10.751939058 CET418321945192.168.2.23185.220.204.227
                                                            Mar 10, 2025 03:01:10.756958961 CET194541832185.220.204.227192.168.2.23
                                                            Mar 10, 2025 03:01:11.784071922 CET543701440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:11.789197922 CET14405437045.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:11.789287090 CET543701440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:11.789361954 CET543701440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:11.794329882 CET14405437045.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:11.794393063 CET543701440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:11.799418926 CET14405437045.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:21.704638004 CET43928443192.168.2.2391.189.91.42
                                                            Mar 10, 2025 03:01:22.412535906 CET14405437045.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:22.412777901 CET543701440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:22.418365955 CET14405437045.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:23.752315998 CET4251680192.168.2.23109.202.202.202
                                                            Mar 10, 2025 03:01:23.878299952 CET543721440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:23.884026051 CET14405437245.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:23.884104967 CET543721440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:23.884192944 CET543721440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:23.889451981 CET14405437245.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:23.889509916 CET543721440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:23.894603968 CET14405437245.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:31.943223953 CET42836443192.168.2.2391.189.91.43
                                                            Mar 10, 2025 03:01:34.492078066 CET14405437245.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:34.492321968 CET543721440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:01:34.497328997 CET14405437245.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:01:35.588968039 CET367641990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:35.594598055 CET199036764159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:35.594712973 CET367641990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:35.594784021 CET367641990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:35.599818945 CET199036764159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:35.600035906 CET367641990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:35.605135918 CET199036764159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:46.181210995 CET199036764159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:46.181682110 CET367641990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:46.186861038 CET199036764159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:47.270962954 CET367661990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:47.275979996 CET199036766159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:47.276201010 CET367661990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:47.276448965 CET367661990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:47.281471014 CET199036766159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:47.281584024 CET367661990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:47.286647081 CET199036766159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:57.880923033 CET199036766159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:57.881544113 CET367661990192.168.2.23159.89.101.70
                                                            Mar 10, 2025 03:01:57.886995077 CET199036766159.89.101.70192.168.2.23
                                                            Mar 10, 2025 03:01:58.920831919 CET539681945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:01:58.925975084 CET19455396864.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:01:58.926054955 CET539681945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:01:58.926135063 CET539681945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:01:58.931142092 CET19455396864.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:01:58.931196928 CET539681945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:01:58.936270952 CET19455396864.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:02.658962965 CET43928443192.168.2.2391.189.91.42
                                                            Mar 10, 2025 03:02:09.498133898 CET19455396864.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:09.498563051 CET539681945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:09.503652096 CET19455396864.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:10.583589077 CET539701945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:10.588793993 CET19455397064.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:10.588922024 CET539701945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:10.589009047 CET539701945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:10.594093084 CET19455397064.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:10.594305038 CET539701945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:10.599356890 CET19455397064.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:20.597753048 CET539701945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:20.602899075 CET19455397064.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:20.808501959 CET19455397064.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:20.808816910 CET539701945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:20.813966036 CET19455397064.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:21.993627071 CET539721945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:21.998754978 CET19455397264.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:21.998888016 CET539721945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:21.998929977 CET539721945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:22.003954887 CET19455397264.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:22.004041910 CET539721945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:22.010025024 CET19455397264.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:23.136064053 CET42836443192.168.2.2391.189.91.43
                                                            Mar 10, 2025 03:02:32.577745914 CET19455397264.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:32.577960968 CET539721945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:32.583048105 CET19455397264.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:33.659432888 CET539741945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:33.664484978 CET19455397464.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:33.664556026 CET539741945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:33.664608002 CET539741945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:33.669648886 CET19455397464.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:33.669707060 CET539741945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:33.674726009 CET19455397464.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:44.230691910 CET19455397464.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:44.230882883 CET539741945192.168.2.2364.227.79.152
                                                            Mar 10, 2025 03:02:44.239038944 CET19455397464.227.79.152192.168.2.23
                                                            Mar 10, 2025 03:02:45.262077093 CET543861440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:02:45.267198086 CET14405438645.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:02:45.267266989 CET543861440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:02:45.267287970 CET543861440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:02:45.272355080 CET14405438645.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:02:45.272406101 CET543861440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:02:45.277506113 CET14405438645.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:02:55.875539064 CET14405438645.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:02:55.875802994 CET543861440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:02:55.880985022 CET14405438645.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:02:56.979351997 CET543881440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:02:56.986182928 CET14405438845.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:02:56.986335993 CET543881440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:02:56.986411095 CET543881440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:02:56.992894888 CET14405438845.147.251.145192.168.2.23
                                                            Mar 10, 2025 03:02:56.992973089 CET543881440192.168.2.2345.147.251.145
                                                            Mar 10, 2025 03:02:56.999635935 CET14405438845.147.251.145192.168.2.23
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Mar 10, 2025 03:01:00.519440889 CET4027453192.168.2.23152.53.15.127
                                                            Mar 10, 2025 03:01:00.542906046 CET5340274152.53.15.127192.168.2.23
                                                            Mar 10, 2025 03:01:11.753518105 CET5503853192.168.2.2381.169.136.222
                                                            Mar 10, 2025 03:01:11.783737898 CET535503881.169.136.222192.168.2.23
                                                            Mar 10, 2025 03:01:23.414428949 CET5759253192.168.2.23168.235.111.72
                                                            Mar 10, 2025 03:01:23.506261110 CET5357592168.235.111.72192.168.2.23
                                                            Mar 10, 2025 03:01:23.506486893 CET4709853192.168.2.23168.235.111.72
                                                            Mar 10, 2025 03:01:23.597347021 CET5347098168.235.111.72192.168.2.23
                                                            Mar 10, 2025 03:01:23.597462893 CET4404253192.168.2.23168.235.111.72
                                                            Mar 10, 2025 03:01:23.688644886 CET5344042168.235.111.72192.168.2.23
                                                            Mar 10, 2025 03:01:23.688761950 CET5269253192.168.2.23168.235.111.72
                                                            Mar 10, 2025 03:01:23.783483028 CET5352692168.235.111.72192.168.2.23
                                                            Mar 10, 2025 03:01:23.783756971 CET4803153192.168.2.23168.235.111.72
                                                            Mar 10, 2025 03:01:23.877942085 CET5348031168.235.111.72192.168.2.23
                                                            Mar 10, 2025 03:01:35.493983030 CET4841153192.168.2.23168.235.111.72
                                                            Mar 10, 2025 03:01:35.588515043 CET5348411168.235.111.72192.168.2.23
                                                            Mar 10, 2025 03:01:47.183588028 CET3791253192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:01:47.201478004 CET533791251.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:01:47.201626062 CET4687553192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:01:47.219643116 CET534687551.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:01:47.219851017 CET5300753192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:01:47.237082958 CET535300751.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:01:47.237464905 CET4274053192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:01:47.253566027 CET534274051.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:01:47.253896952 CET5761753192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:01:47.270793915 CET535761751.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:01:58.883987904 CET5229953192.168.2.23185.181.61.24
                                                            Mar 10, 2025 03:01:58.920444012 CET5352299185.181.61.24192.168.2.23
                                                            Mar 10, 2025 03:02:10.501543999 CET4923453192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:10.517529964 CET534923451.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:10.518007040 CET3602253192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:10.533895969 CET533602251.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:10.534275055 CET4004253192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:10.550081015 CET534004251.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:10.550546885 CET4374153192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:10.566720009 CET534374151.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:10.567023039 CET3600053192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:10.583264112 CET533600051.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:21.810693979 CET3995353192.168.2.23185.181.61.24
                                                            Mar 10, 2025 03:02:21.846838951 CET5339953185.181.61.24192.168.2.23
                                                            Mar 10, 2025 03:02:21.847105026 CET5402153192.168.2.23185.181.61.24
                                                            Mar 10, 2025 03:02:21.883975983 CET5354021185.181.61.24192.168.2.23
                                                            Mar 10, 2025 03:02:21.884205103 CET4027553192.168.2.23185.181.61.24
                                                            Mar 10, 2025 03:02:21.920780897 CET5340275185.181.61.24192.168.2.23
                                                            Mar 10, 2025 03:02:21.921017885 CET4278353192.168.2.23185.181.61.24
                                                            Mar 10, 2025 03:02:21.957089901 CET5342783185.181.61.24192.168.2.23
                                                            Mar 10, 2025 03:02:21.957305908 CET4940553192.168.2.23185.181.61.24
                                                            Mar 10, 2025 03:02:21.993315935 CET5349405185.181.61.24192.168.2.23
                                                            Mar 10, 2025 03:02:33.579741001 CET4112453192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:33.595669031 CET534112451.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:33.595822096 CET3378053192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:33.611466885 CET533378051.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:33.611586094 CET5524553192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:33.627372980 CET535524551.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:33.627482891 CET4520453192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:33.643354893 CET534520451.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:33.643451929 CET4420953192.168.2.2351.158.108.203
                                                            Mar 10, 2025 03:02:33.659312963 CET534420951.158.108.203192.168.2.23
                                                            Mar 10, 2025 03:02:45.232012987 CET4600353192.168.2.2381.169.136.222
                                                            Mar 10, 2025 03:02:45.261977911 CET534600381.169.136.222192.168.2.23
                                                            Mar 10, 2025 03:02:56.877315998 CET3352253192.168.2.23202.61.197.122
                                                            Mar 10, 2025 03:02:56.897525072 CET5333522202.61.197.122192.168.2.23
                                                            Mar 10, 2025 03:02:56.897670984 CET5749753192.168.2.23202.61.197.122
                                                            Mar 10, 2025 03:02:56.919440031 CET5357497202.61.197.122192.168.2.23
                                                            Mar 10, 2025 03:02:56.919559956 CET4877153192.168.2.23202.61.197.122
                                                            Mar 10, 2025 03:02:56.939389944 CET5348771202.61.197.122192.168.2.23
                                                            Mar 10, 2025 03:02:56.939527988 CET4032053192.168.2.23202.61.197.122
                                                            Mar 10, 2025 03:02:56.959321022 CET5340320202.61.197.122192.168.2.23
                                                            Mar 10, 2025 03:02:56.959462881 CET5061553192.168.2.23202.61.197.122
                                                            Mar 10, 2025 03:02:56.979185104 CET5350615202.61.197.122192.168.2.23
                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Mar 10, 2025 03:01:00.519440889 CET192.168.2.23152.53.15.1270xf43aStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:11.753518105 CET192.168.2.2381.169.136.2220xde7dStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:23.414428949 CET192.168.2.23168.235.111.720xf753Standard query (0)watchmepull.dyn. [malformed]256499false
                                                            Mar 10, 2025 03:01:23.506486893 CET192.168.2.23168.235.111.720xf753Standard query (0)watchmepull.dyn. [malformed]256499false
                                                            Mar 10, 2025 03:01:23.597462893 CET192.168.2.23168.235.111.720xf753Standard query (0)watchmepull.dyn. [malformed]256499false
                                                            Mar 10, 2025 03:01:23.688761950 CET192.168.2.23168.235.111.720xf753Standard query (0)watchmepull.dyn. [malformed]256499false
                                                            Mar 10, 2025 03:01:23.783756971 CET192.168.2.23168.235.111.720xf753Standard query (0)watchmepull.dyn. [malformed]256499false
                                                            Mar 10, 2025 03:01:35.493983030 CET192.168.2.23168.235.111.720x4760Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:47.183588028 CET192.168.2.2351.158.108.2030xc595Standard query (0)watchmepull.dyn. [malformed]256267false
                                                            Mar 10, 2025 03:01:47.201626062 CET192.168.2.2351.158.108.2030xc595Standard query (0)watchmepull.dyn. [malformed]256267false
                                                            Mar 10, 2025 03:01:47.219851017 CET192.168.2.2351.158.108.2030xc595Standard query (0)watchmepull.dyn. [malformed]256267false
                                                            Mar 10, 2025 03:01:47.237464905 CET192.168.2.2351.158.108.2030xc595Standard query (0)watchmepull.dyn. [malformed]256267false
                                                            Mar 10, 2025 03:01:47.253896952 CET192.168.2.2351.158.108.2030xc595Standard query (0)watchmepull.dyn. [malformed]256267false
                                                            Mar 10, 2025 03:01:58.883987904 CET192.168.2.23185.181.61.240x27d9Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:02:10.501543999 CET192.168.2.2351.158.108.2030x5d9aStandard query (0)watchmepull.dyn. [malformed]256290false
                                                            Mar 10, 2025 03:02:10.518007040 CET192.168.2.2351.158.108.2030x5d9aStandard query (0)watchmepull.dyn. [malformed]256290false
                                                            Mar 10, 2025 03:02:10.534275055 CET192.168.2.2351.158.108.2030x5d9aStandard query (0)watchmepull.dyn. [malformed]256290false
                                                            Mar 10, 2025 03:02:10.550546885 CET192.168.2.2351.158.108.2030x5d9aStandard query (0)watchmepull.dyn. [malformed]256290false
                                                            Mar 10, 2025 03:02:10.567023039 CET192.168.2.2351.158.108.2030x5d9aStandard query (0)watchmepull.dyn. [malformed]256290false
                                                            Mar 10, 2025 03:02:21.810693979 CET192.168.2.23185.181.61.240x62d0Standard query (0)watchmepull.dyn. [malformed]256301false
                                                            Mar 10, 2025 03:02:21.847105026 CET192.168.2.23185.181.61.240x62d0Standard query (0)watchmepull.dyn. [malformed]256301false
                                                            Mar 10, 2025 03:02:21.884205103 CET192.168.2.23185.181.61.240x62d0Standard query (0)watchmepull.dyn. [malformed]256301false
                                                            Mar 10, 2025 03:02:21.921017885 CET192.168.2.23185.181.61.240x62d0Standard query (0)watchmepull.dyn. [malformed]256301false
                                                            Mar 10, 2025 03:02:21.957305908 CET192.168.2.23185.181.61.240x62d0Standard query (0)watchmepull.dyn. [malformed]256301false
                                                            Mar 10, 2025 03:02:33.579741001 CET192.168.2.2351.158.108.2030x5704Standard query (0)watchmepull.dyn. [malformed]256313false
                                                            Mar 10, 2025 03:02:33.595822096 CET192.168.2.2351.158.108.2030x5704Standard query (0)watchmepull.dyn. [malformed]256313false
                                                            Mar 10, 2025 03:02:33.611586094 CET192.168.2.2351.158.108.2030x5704Standard query (0)watchmepull.dyn. [malformed]256313false
                                                            Mar 10, 2025 03:02:33.627482891 CET192.168.2.2351.158.108.2030x5704Standard query (0)watchmepull.dyn. [malformed]256313false
                                                            Mar 10, 2025 03:02:33.643451929 CET192.168.2.2351.158.108.2030x5704Standard query (0)watchmepull.dyn. [malformed]256313false
                                                            Mar 10, 2025 03:02:45.232012987 CET192.168.2.2381.169.136.2220xee31Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:02:56.877315998 CET192.168.2.23202.61.197.1220x3bcStandard query (0)watchmepull.dyn. [malformed]256336false
                                                            Mar 10, 2025 03:02:56.897670984 CET192.168.2.23202.61.197.1220x3bcStandard query (0)watchmepull.dyn. [malformed]256336false
                                                            Mar 10, 2025 03:02:56.919559956 CET192.168.2.23202.61.197.1220x3bcStandard query (0)watchmepull.dyn. [malformed]256336false
                                                            Mar 10, 2025 03:02:56.939527988 CET192.168.2.23202.61.197.1220x3bcStandard query (0)watchmepull.dyn. [malformed]256336false
                                                            Mar 10, 2025 03:02:56.959462881 CET192.168.2.23202.61.197.1220x3bcStandard query (0)watchmepull.dyn. [malformed]256336false
                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Mar 10, 2025 03:01:00.542906046 CET152.53.15.127192.168.2.230xf43aNo error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:00.542906046 CET152.53.15.127192.168.2.230xf43aNo error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:00.542906046 CET152.53.15.127192.168.2.230xf43aNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:00.542906046 CET152.53.15.127192.168.2.230xf43aNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:11.783737898 CET81.169.136.222192.168.2.230xde7dNo error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:11.783737898 CET81.169.136.222192.168.2.230xde7dNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:11.783737898 CET81.169.136.222192.168.2.230xde7dNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:11.783737898 CET81.169.136.222192.168.2.230xde7dNo error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:35.588515043 CET168.235.111.72192.168.2.230x4760No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:35.588515043 CET168.235.111.72192.168.2.230x4760No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:35.588515043 CET168.235.111.72192.168.2.230x4760No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:35.588515043 CET168.235.111.72192.168.2.230x4760No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:47.201478004 CET51.158.108.203192.168.2.230xc595Format error (1)watchmepull.dyn. [malformed]nonenone256267false
                                                            Mar 10, 2025 03:01:47.219643116 CET51.158.108.203192.168.2.230xc595Format error (1)watchmepull.dyn. [malformed]nonenone256267false
                                                            Mar 10, 2025 03:01:47.237082958 CET51.158.108.203192.168.2.230xc595Format error (1)watchmepull.dyn. [malformed]nonenone256267false
                                                            Mar 10, 2025 03:01:47.253566027 CET51.158.108.203192.168.2.230xc595Format error (1)watchmepull.dyn. [malformed]nonenone256267false
                                                            Mar 10, 2025 03:01:47.270793915 CET51.158.108.203192.168.2.230xc595Format error (1)watchmepull.dyn. [malformed]nonenone256267false
                                                            Mar 10, 2025 03:01:58.920444012 CET185.181.61.24192.168.2.230x27d9No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:58.920444012 CET185.181.61.24192.168.2.230x27d9No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:58.920444012 CET185.181.61.24192.168.2.230x27d9No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:01:58.920444012 CET185.181.61.24192.168.2.230x27d9No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:02:10.517529964 CET51.158.108.203192.168.2.230x5d9aFormat error (1)watchmepull.dyn. [malformed]nonenone256290false
                                                            Mar 10, 2025 03:02:10.533895969 CET51.158.108.203192.168.2.230x5d9aFormat error (1)watchmepull.dyn. [malformed]nonenone256290false
                                                            Mar 10, 2025 03:02:10.550081015 CET51.158.108.203192.168.2.230x5d9aFormat error (1)watchmepull.dyn. [malformed]nonenone256290false
                                                            Mar 10, 2025 03:02:10.566720009 CET51.158.108.203192.168.2.230x5d9aFormat error (1)watchmepull.dyn. [malformed]nonenone256290false
                                                            Mar 10, 2025 03:02:10.583264112 CET51.158.108.203192.168.2.230x5d9aFormat error (1)watchmepull.dyn. [malformed]nonenone256290false
                                                            Mar 10, 2025 03:02:33.595669031 CET51.158.108.203192.168.2.230x5704Format error (1)watchmepull.dyn. [malformed]nonenone256313false
                                                            Mar 10, 2025 03:02:33.611466885 CET51.158.108.203192.168.2.230x5704Format error (1)watchmepull.dyn. [malformed]nonenone256313false
                                                            Mar 10, 2025 03:02:33.627372980 CET51.158.108.203192.168.2.230x5704Format error (1)watchmepull.dyn. [malformed]nonenone256313false
                                                            Mar 10, 2025 03:02:33.643354893 CET51.158.108.203192.168.2.230x5704Format error (1)watchmepull.dyn. [malformed]nonenone256313false
                                                            Mar 10, 2025 03:02:33.659312963 CET51.158.108.203192.168.2.230x5704Format error (1)watchmepull.dyn. [malformed]nonenone256313false
                                                            Mar 10, 2025 03:02:45.261977911 CET81.169.136.222192.168.2.230xee31No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:02:45.261977911 CET81.169.136.222192.168.2.230xee31No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:02:45.261977911 CET81.169.136.222192.168.2.230xee31No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                            Mar 10, 2025 03:02:45.261977911 CET81.169.136.222192.168.2.230xee31No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false

                                                            System Behavior

                                                            Start time (UTC):02:00:58
                                                            Start date (UTC):10/03/2025
                                                            Path:/tmp/zerx86.elf
                                                            Arguments:/tmp/zerx86.elf
                                                            File size:46172 bytes
                                                            MD5 hash:c17843bdb7476299eaf606d81b7388c8

                                                            Start time (UTC):02:00:59
                                                            Start date (UTC):10/03/2025
                                                            Path:/tmp/zerx86.elf
                                                            Arguments:-
                                                            File size:46172 bytes
                                                            MD5 hash:c17843bdb7476299eaf606d81b7388c8

                                                            Start time (UTC):02:00:59
                                                            Start date (UTC):10/03/2025
                                                            Path:/tmp/zerx86.elf
                                                            Arguments:-
                                                            File size:46172 bytes
                                                            MD5 hash:c17843bdb7476299eaf606d81b7388c8