Edit tour

Linux Analysis Report
zermips.elf

Overview

General Information

Sample name:zermips.elf
Analysis ID:1633213
MD5:c0492cb1b02faeed6398f126687869ad
SHA1:277d2b75702b1260157f59d405860fd6ea7f24b5
SHA256:427a626825c9571592a7818802230afde85043377f8f84dd9202df910e99f0f4
Tags:elfuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1633213
Start date and time:2025-03-10 03:00:00 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 9s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zermips.elf
Detection:MAL
Classification:mal56.troj.linELF@0/0@31/0
Command:/tmp/zermips.elf
PID:5580
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:
  • system is lnxubuntu20
  • zermips.elf (PID: 5580, Parent: 5500, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/zermips.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zermips.elfVirustotal: Detection: 25%Perma Link
Source: zermips.elfReversingLabs: Detection: 34%

Networking

barindex
Source: global trafficTCP traffic: 159.89.101.70 ports 1440,0,2,4,2840,8
Source: global trafficDNS traffic detected: malformed DNS query: watchmepull.dyn. [malformed]
Source: global trafficTCP traffic: 192.168.2.14:52056 -> 64.227.79.152:1440
Source: global trafficTCP traffic: 192.168.2.14:48388 -> 159.89.101.70:2840
Source: global trafficTCP traffic: 192.168.2.14:47252 -> 185.220.204.227:911
Source: /tmp/zermips.elf (PID: 5580)Socket: 127.0.0.1:39148Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: global trafficDNS traffic detected: DNS query: ohlookthereismyboats.geek
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn. [malformed]
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal56.troj.linELF@0/0@31/0
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3760/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3761/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/1583/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/2672/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/110/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3759/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/111/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/112/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/113/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/234/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/1577/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/114/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/235/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/115/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/116/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/117/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/118/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/119/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3877/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/10/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/917/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/11/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/12/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/13/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/14/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/15/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/16/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/17/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/18/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/19/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/1593/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/240/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/120/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3094/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/121/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/242/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3406/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/1/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/122/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/243/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/2/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/123/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/244/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/1589/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/124/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/245/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/1588/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/125/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/4/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/246/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3402/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/126/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/5/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/247/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/127/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/6/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/248/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/128/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/7/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/249/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/8/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/129/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/800/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3762/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/9/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/801/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/803/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/20/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/806/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/21/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/807/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/928/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/22/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/23/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/24/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/25/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/26/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/27/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/28/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/29/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3420/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/490/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/250/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/130/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/251/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/131/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/252/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/132/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/253/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/254/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/255/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/135/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/256/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/1599/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/257/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/378/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/258/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/3412/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/259/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/30/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/35/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/1371/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/260/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)File opened: /proc/261/commJump to behavior
Source: /tmp/zermips.elf (PID: 5580)Queries kernel information via 'uname': Jump to behavior
Source: zermips.elf, 5580.1.000055c122e5d000.000055c122f05000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
Source: zermips.elf, 5580.1.000055c122e5d000.000055c122f05000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: zermips.elf, 5580.1.00007ffc59edf000.00007ffc59f00000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
Source: zermips.elf, 5580.1.00007ffc59edf000.00007ffc59f00000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/zermips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zermips.elf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1633213 Sample: zermips.elf Startdate: 10/03/2025 Architecture: LINUX Score: 56 14 watchmepull.dyn. [malformed] 2->14 16 ohlookthereismyboats.geek 159.89.101.70, 1440, 2840, 48388 DIGITALOCEAN-ASNUS United States 2->16 18 2 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 Connects to many ports of the same IP (likely port scanning) 2->22 8 zermips.elf 2->8         started        signatures3 24 Sends malformed DNS queries 14->24 process4 process5 10 zermips.elf 8->10         started        process6 12 zermips.elf 10->12         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
zermips.elf26%VirustotalBrowse
zermips.elf34%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
ohlookthereismyboats.geek
159.89.101.70
truefalse
    high
    watchmepull.dyn. [malformed]
    unknown
    unknownfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      64.227.79.152
      unknownUnited States
      14061DIGITALOCEAN-ASNUSfalse
      185.220.204.227
      unknownIsrael
      41436CLOUDWEBMANAGE-EUGBfalse
      159.89.101.70
      ohlookthereismyboats.geekUnited States
      14061DIGITALOCEAN-ASNUSfalse
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      64.227.79.152zerspc.elfGet hashmaliciousUnknownBrowse
        zerppc.elfGet hashmaliciousUnknownBrowse
          zermpsl.elfGet hashmaliciousUnknownBrowse
            zerm68k.elfGet hashmaliciousUnknownBrowse
              zerarm7.elfGet hashmaliciousUnknownBrowse
                zerarm7.elfGet hashmaliciousUnknownBrowse
                  185.220.204.227zerppc.elfGet hashmaliciousUnknownBrowse
                    zermpsl.elfGet hashmaliciousUnknownBrowse
                      zerm68k.elfGet hashmaliciousUnknownBrowse
                        zersh4.elfGet hashmaliciousUnknownBrowse
                          zerarm7.elfGet hashmaliciousUnknownBrowse
                            159.89.101.70zerspc.elfGet hashmaliciousUnknownBrowse
                              zerppc.elfGet hashmaliciousUnknownBrowse
                                zermpsl.elfGet hashmaliciousUnknownBrowse
                                  zerm68k.elfGet hashmaliciousUnknownBrowse
                                    zersh4.elfGet hashmaliciousUnknownBrowse
                                      zerarm7.elfGet hashmaliciousUnknownBrowse
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        ohlookthereismyboats.geeknklmpsl.elfGet hashmaliciousUnknownBrowse
                                        • 185.220.204.227
                                        zerspc.elfGet hashmaliciousUnknownBrowse
                                        • 45.147.251.145
                                        zerppc.elfGet hashmaliciousUnknownBrowse
                                        • 64.227.79.152
                                        zermpsl.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        nklppc.elfGet hashmaliciousUnknownBrowse
                                        • 64.227.79.152
                                        zerm68k.elfGet hashmaliciousUnknownBrowse
                                        • 45.147.251.145
                                        nklsh4.elfGet hashmaliciousUnknownBrowse
                                        • 64.227.79.152
                                        nklarm5.elfGet hashmaliciousUnknownBrowse
                                        • 64.227.79.152
                                        nklm68k.elfGet hashmaliciousUnknownBrowse
                                        • 185.220.204.227
                                        zersh4.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        CLOUDWEBMANAGE-EUGBzerppc.elfGet hashmaliciousUnknownBrowse
                                        • 185.220.204.227
                                        zermpsl.elfGet hashmaliciousUnknownBrowse
                                        • 185.220.204.227
                                        zerm68k.elfGet hashmaliciousUnknownBrowse
                                        • 185.220.204.227
                                        zersh4.elfGet hashmaliciousUnknownBrowse
                                        • 185.220.204.227
                                        zerarm7.elfGet hashmaliciousUnknownBrowse
                                        • 185.220.204.227
                                        https://basvur-acildenizv2denizkredi.site/Get hashmaliciousHTMLPhisherBrowse
                                        • 5.180.183.64
                                        https://basvur-acildenizv2denizkredi.xyz/Get hashmaliciousHTMLPhisherBrowse
                                        • 5.180.183.64
                                        4gMmUx86OA.elfGet hashmaliciousGafgyt, MiraiBrowse
                                        • 5.180.183.1
                                        o5fQSrt5Ds.elfGet hashmaliciousGafgyt, MiraiBrowse
                                        • 5.180.183.1
                                        pvuhl7xszp.elfGet hashmaliciousGafgyt, MiraiBrowse
                                        • 5.180.183.1
                                        DIGITALOCEAN-ASNUSzerspc.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        zerppc.elfGet hashmaliciousUnknownBrowse
                                        • 64.227.79.152
                                        zermpsl.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        zerm68k.elfGet hashmaliciousUnknownBrowse
                                        • 64.227.79.152
                                        zersh4.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        arm.elfGet hashmaliciousUnknownBrowse
                                        • 162.243.214.160
                                        nabsh4.elfGet hashmaliciousUnknownBrowse
                                        • 188.226.156.47
                                        splarm5.elfGet hashmaliciousUnknownBrowse
                                        • 178.128.131.24
                                        splppc.elfGet hashmaliciousUnknownBrowse
                                        • 167.174.154.137
                                        zerarm7.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        DIGITALOCEAN-ASNUSzerspc.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        zerppc.elfGet hashmaliciousUnknownBrowse
                                        • 64.227.79.152
                                        zermpsl.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        zerm68k.elfGet hashmaliciousUnknownBrowse
                                        • 64.227.79.152
                                        zersh4.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        arm.elfGet hashmaliciousUnknownBrowse
                                        • 162.243.214.160
                                        nabsh4.elfGet hashmaliciousUnknownBrowse
                                        • 188.226.156.47
                                        splarm5.elfGet hashmaliciousUnknownBrowse
                                        • 178.128.131.24
                                        splppc.elfGet hashmaliciousUnknownBrowse
                                        • 167.174.154.137
                                        zerarm7.elfGet hashmaliciousUnknownBrowse
                                        • 159.89.101.70
                                        No context
                                        No context
                                        No created / dropped files found
                                        File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                                        Entropy (8bit):5.346608727186837
                                        TrID:
                                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                        File name:zermips.elf
                                        File size:67'712 bytes
                                        MD5:c0492cb1b02faeed6398f126687869ad
                                        SHA1:277d2b75702b1260157f59d405860fd6ea7f24b5
                                        SHA256:427a626825c9571592a7818802230afde85043377f8f84dd9202df910e99f0f4
                                        SHA512:bed9cbefe173bc58065ee82071ec918731ce16a5d83c3819ed9b060562e2d201cefb7d3e7462879d7d32765a6cc50e9196f06d3355b99ebbfd9c1e7389995c00
                                        SSDEEP:1536:F8YRDkvHm7ecR+GzkD3Bc57Fi8kn5wYbsa:zRDIHmtR/zkT6FKnOYIa
                                        TLSH:9363B81E2E228FACFBAC823547B78F31964833D536E1C685E15CE9015EB034D645FBA9
                                        File Content Preview:.ELF.....................@.`...4...(.....4. ...(.............@...@...........................E...E..................dt.Q............................<...'..\...!'.......................<...'..8...!... ....'9... ......................<...'......!........'9.

                                        ELF header

                                        Class:ELF32
                                        Data:2's complement, big endian
                                        Version:1 (current)
                                        Machine:MIPS R3000
                                        Version Number:0x1
                                        Type:EXEC (Executable file)
                                        OS/ABI:UNIX - System V
                                        ABI Version:0
                                        Entry Point Address:0x400260
                                        Flags:0x1007
                                        ELF Header Size:52
                                        Program Header Offset:52
                                        Program Header Size:32
                                        Number of Program Headers:3
                                        Section Header Offset:67112
                                        Section Header Size:40
                                        Number of Section Headers:15
                                        Header String Table Index:14
                                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                        NULL0x00x00x00x00x0000
                                        .initPROGBITS0x4000940x940x8c0x00x6AX004
                                        .textPROGBITS0x4001200x1200xf0f00x00x6AX0016
                                        .finiPROGBITS0x40f2100xf2100x5c0x00x6AX004
                                        .rodataPROGBITS0x40f2700xf2700x8800x00x2A0016
                                        .ctorsPROGBITS0x4500000x100000x80x00x3WA004
                                        .dtorsPROGBITS0x4500080x100080x80x00x3WA004
                                        .jcrPROGBITS0x4500100x100100x40x00x3WA004
                                        .data.rel.roPROGBITS0x4500140x100140x100x00x3WA004
                                        .dataPROGBITS0x4500300x100300x1d00x00x3WA0016
                                        .gotPROGBITS0x4502000x102000x3bc0x40x10000003WAp0016
                                        .sbssNOBITS0x4505bc0x105bc0x1c0x00x10000003WAp004
                                        .bssNOBITS0x4505e00x105bc0x2d00x00x3WA0016
                                        .mdebug.abi32PROGBITS0x73e0x105bc0x00x00x0001
                                        .shstrtabSTRTAB0x00x105bc0x690x00x0001
                                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                        LOAD0x00x4000000x4000000xfaf00xfaf05.44510x5R E0x10000.init .text .fini .rodata
                                        LOAD0x100000x4500000x4500000x5bc0x8b03.58120x6RW 0x10000.ctors .dtors .jcr .data.rel.ro .data .got .sbss .bss
                                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                        Download Network PCAP: filteredfull

                                        • Total Packets: 87
                                        • 2840 undefined
                                        • 1440 undefined
                                        • 911 undefined
                                        • 53 (DNS)
                                        TimestampSource PortDest PortSource IPDest IP
                                        Mar 10, 2025 03:01:03.063941956 CET520561440192.168.2.1464.227.79.152
                                        Mar 10, 2025 03:01:03.069154978 CET14405205664.227.79.152192.168.2.14
                                        Mar 10, 2025 03:01:03.069993973 CET520561440192.168.2.1464.227.79.152
                                        Mar 10, 2025 03:01:03.087543964 CET520561440192.168.2.1464.227.79.152
                                        Mar 10, 2025 03:01:03.092612982 CET14405205664.227.79.152192.168.2.14
                                        Mar 10, 2025 03:01:03.092684984 CET520561440192.168.2.1464.227.79.152
                                        Mar 10, 2025 03:01:03.097762108 CET14405205664.227.79.152192.168.2.14
                                        Mar 10, 2025 03:01:13.097560883 CET520561440192.168.2.1464.227.79.152
                                        Mar 10, 2025 03:01:13.102699995 CET14405205664.227.79.152192.168.2.14
                                        Mar 10, 2025 03:01:13.291991949 CET14405205664.227.79.152192.168.2.14
                                        Mar 10, 2025 03:01:13.292534113 CET520561440192.168.2.1464.227.79.152
                                        Mar 10, 2025 03:01:13.297648907 CET14405205664.227.79.152192.168.2.14
                                        Mar 10, 2025 03:01:14.316382885 CET483882840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:14.321466923 CET284048388159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:14.321549892 CET483882840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:14.322714090 CET483882840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:14.327745914 CET284048388159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:14.327861071 CET483882840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:14.333142042 CET284048388159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:24.915041924 CET284048388159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:24.915482044 CET483882840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:24.921571970 CET284048388159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:26.017525911 CET483902840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:26.022763014 CET284048390159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:26.022911072 CET483902840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:26.024138927 CET483902840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:26.029156923 CET284048390159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:26.029213905 CET483902840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:26.034516096 CET284048390159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:36.665992022 CET284048390159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:36.666434050 CET483902840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:36.671526909 CET284048390159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:38.005064964 CET483922840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:38.010615110 CET284048392159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:38.010705948 CET483922840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:38.012103081 CET483922840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:38.017612934 CET284048392159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:38.017678022 CET483922840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:38.028024912 CET284048392159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:48.597588062 CET284048392159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:48.598397970 CET483922840192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:01:48.603532076 CET284048392159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:01:49.620882988 CET47252911192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:01:49.626171112 CET91147252185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:01:49.626251936 CET47252911192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:01:49.627446890 CET47252911192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:01:49.632469893 CET91147252185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:01:49.632574081 CET47252911192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:01:49.637659073 CET91147252185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:00.207722902 CET91147252185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:00.208139896 CET47252911192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:00.213263988 CET91147252185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:01.243448019 CET521081440192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:02:01.248615980 CET144052108159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:02:01.248676062 CET521081440192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:02:01.249871016 CET521081440192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:02:01.254995108 CET144052108159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:02:01.255065918 CET521081440192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:02:01.260205030 CET144052108159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:02:11.840985060 CET144052108159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:02:11.841281891 CET521081440192.168.2.14159.89.101.70
                                        Mar 10, 2025 03:02:11.846451998 CET144052108159.89.101.70192.168.2.14
                                        Mar 10, 2025 03:02:12.883815050 CET512381440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:12.889002085 CET144051238185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:12.889097929 CET512381440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:12.890270948 CET512381440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:12.895334005 CET144051238185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:12.895390987 CET512381440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:12.900499105 CET144051238185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:22.896135092 CET512381440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:22.901145935 CET144051238185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:23.088083029 CET144051238185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:23.088221073 CET512381440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:23.095628023 CET144051238185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:24.248897076 CET512401440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:24.253994942 CET144051240185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:24.254089117 CET512401440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:24.254884958 CET512401440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:24.259908915 CET144051240185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:24.259999037 CET512401440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:24.265079021 CET144051240185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:34.831017971 CET144051240185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:34.831197023 CET512401440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:34.836230040 CET144051240185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:35.953362942 CET512421440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:35.960707903 CET144051242185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:35.960796118 CET512421440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:35.962057114 CET512421440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:35.969361067 CET144051242185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:35.969429016 CET512421440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:35.977052927 CET144051242185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:46.542294979 CET144051242185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:46.542615891 CET512421440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:46.547750950 CET144051242185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:47.678134918 CET512441440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:47.683233023 CET144051244185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:47.683336020 CET512441440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:47.684773922 CET512441440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:47.689820051 CET144051244185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:47.689898014 CET512441440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:47.694996119 CET144051244185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:58.256944895 CET144051244185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:58.257335901 CET512441440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:58.262492895 CET144051244185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:59.279875994 CET512461440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:59.285012960 CET144051246185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:59.285144091 CET512461440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:59.286340952 CET512461440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:59.291683912 CET144051246185.220.204.227192.168.2.14
                                        Mar 10, 2025 03:02:59.291738987 CET512461440192.168.2.14185.220.204.227
                                        Mar 10, 2025 03:02:59.297025919 CET144051246185.220.204.227192.168.2.14
                                        TimestampSource PortDest PortSource IPDest IP
                                        Mar 10, 2025 03:01:03.041903973 CET5445053192.168.2.14202.61.197.122
                                        Mar 10, 2025 03:01:03.059962988 CET5354450202.61.197.122192.168.2.14
                                        Mar 10, 2025 03:01:14.296924114 CET5901053192.168.2.14202.61.197.122
                                        Mar 10, 2025 03:01:14.315452099 CET5359010202.61.197.122192.168.2.14
                                        Mar 10, 2025 03:01:25.919517994 CET4573053192.168.2.1451.158.108.203
                                        Mar 10, 2025 03:01:25.943895102 CET534573051.158.108.203192.168.2.14
                                        Mar 10, 2025 03:01:25.946266890 CET5374153192.168.2.1451.158.108.203
                                        Mar 10, 2025 03:01:25.962254047 CET535374151.158.108.203192.168.2.14
                                        Mar 10, 2025 03:01:25.963920116 CET4580653192.168.2.1451.158.108.203
                                        Mar 10, 2025 03:01:25.979959965 CET534580651.158.108.203192.168.2.14
                                        Mar 10, 2025 03:01:25.981829882 CET6076453192.168.2.1451.158.108.203
                                        Mar 10, 2025 03:01:25.997751951 CET536076451.158.108.203192.168.2.14
                                        Mar 10, 2025 03:01:26.000089884 CET4465053192.168.2.1451.158.108.203
                                        Mar 10, 2025 03:01:26.015990973 CET534465051.158.108.203192.168.2.14
                                        Mar 10, 2025 03:01:37.671972990 CET3850453192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:01:37.701713085 CET533850481.169.136.222192.168.2.14
                                        Mar 10, 2025 03:01:37.704639912 CET5848353192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:01:37.901942968 CET535848381.169.136.222192.168.2.14
                                        Mar 10, 2025 03:01:37.904110909 CET5013353192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:01:37.937165022 CET535013381.169.136.222192.168.2.14
                                        Mar 10, 2025 03:01:37.938910007 CET5130253192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:01:37.971671104 CET535130281.169.136.222192.168.2.14
                                        Mar 10, 2025 03:01:37.973807096 CET5713653192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:01:38.003983974 CET535713681.169.136.222192.168.2.14
                                        Mar 10, 2025 03:01:49.604283094 CET3566953192.168.2.1451.158.108.203
                                        Mar 10, 2025 03:01:49.620215893 CET533566951.158.108.203192.168.2.14
                                        Mar 10, 2025 03:02:01.212129116 CET5259353192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:02:01.242577076 CET535259381.169.136.222192.168.2.14
                                        Mar 10, 2025 03:02:12.845077991 CET3339153192.168.2.14185.181.61.24
                                        Mar 10, 2025 03:02:12.882991076 CET5333391185.181.61.24192.168.2.14
                                        Mar 10, 2025 03:02:24.091007948 CET3322053192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:02:24.121093035 CET533322081.169.136.222192.168.2.14
                                        Mar 10, 2025 03:02:24.122170925 CET5981553192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:02:24.151998997 CET535981581.169.136.222192.168.2.14
                                        Mar 10, 2025 03:02:24.156034946 CET3448753192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:02:24.186018944 CET533448781.169.136.222192.168.2.14
                                        Mar 10, 2025 03:02:24.187252045 CET6063253192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:02:24.217164040 CET536063281.169.136.222192.168.2.14
                                        Mar 10, 2025 03:02:24.218275070 CET4505353192.168.2.1481.169.136.222
                                        Mar 10, 2025 03:02:24.248346090 CET534505381.169.136.222192.168.2.14
                                        Mar 10, 2025 03:02:35.833914042 CET5584053192.168.2.14194.36.144.87
                                        Mar 10, 2025 03:02:35.857086897 CET5355840194.36.144.87192.168.2.14
                                        Mar 10, 2025 03:02:35.858382940 CET4550453192.168.2.14194.36.144.87
                                        Mar 10, 2025 03:02:35.881834030 CET5345504194.36.144.87192.168.2.14
                                        Mar 10, 2025 03:02:35.883157969 CET3730553192.168.2.14194.36.144.87
                                        Mar 10, 2025 03:02:35.906049013 CET5337305194.36.144.87192.168.2.14
                                        Mar 10, 2025 03:02:35.907357931 CET4058553192.168.2.14194.36.144.87
                                        Mar 10, 2025 03:02:35.931386948 CET5340585194.36.144.87192.168.2.14
                                        Mar 10, 2025 03:02:35.932754993 CET4152053192.168.2.14194.36.144.87
                                        Mar 10, 2025 03:02:35.952671051 CET5341520194.36.144.87192.168.2.14
                                        Mar 10, 2025 03:02:47.546988010 CET5362153192.168.2.14152.53.15.127
                                        Mar 10, 2025 03:02:47.570482969 CET5353621152.53.15.127192.168.2.14
                                        Mar 10, 2025 03:02:47.572149038 CET5248153192.168.2.14152.53.15.127
                                        Mar 10, 2025 03:02:47.595542908 CET5352481152.53.15.127192.168.2.14
                                        Mar 10, 2025 03:02:47.597372055 CET3589253192.168.2.14152.53.15.127
                                        Mar 10, 2025 03:02:47.623728037 CET5335892152.53.15.127192.168.2.14
                                        Mar 10, 2025 03:02:47.625462055 CET4483253192.168.2.14152.53.15.127
                                        Mar 10, 2025 03:02:47.651387930 CET5344832152.53.15.127192.168.2.14
                                        Mar 10, 2025 03:02:47.653086901 CET5970753192.168.2.14152.53.15.127
                                        Mar 10, 2025 03:02:47.677361012 CET5359707152.53.15.127192.168.2.14
                                        Mar 10, 2025 03:02:59.260871887 CET3364753192.168.2.14202.61.197.122
                                        Mar 10, 2025 03:02:59.278747082 CET5333647202.61.197.122192.168.2.14
                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Mar 10, 2025 03:01:03.041903973 CET192.168.2.14202.61.197.1220x1159Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:14.296924114 CET192.168.2.14202.61.197.1220x1f9Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:25.919517994 CET192.168.2.1451.158.108.2030x517dStandard query (0)watchmepull.dyn. [malformed]256501false
                                        Mar 10, 2025 03:01:25.946266890 CET192.168.2.1451.158.108.2030x517dStandard query (0)watchmepull.dyn. [malformed]256501false
                                        Mar 10, 2025 03:01:25.963920116 CET192.168.2.1451.158.108.2030x517dStandard query (0)watchmepull.dyn. [malformed]256501false
                                        Mar 10, 2025 03:01:25.981829882 CET192.168.2.1451.158.108.2030x517dStandard query (0)watchmepull.dyn. [malformed]256501false
                                        Mar 10, 2025 03:01:26.000089884 CET192.168.2.1451.158.108.2030x517dStandard query (0)watchmepull.dyn. [malformed]256502false
                                        Mar 10, 2025 03:01:37.671972990 CET192.168.2.1481.169.136.2220xf2baStandard query (0)watchmepull.dyn. [malformed]256257false
                                        Mar 10, 2025 03:01:37.704639912 CET192.168.2.1481.169.136.2220xf2baStandard query (0)watchmepull.dyn. [malformed]256257false
                                        Mar 10, 2025 03:01:37.904110909 CET192.168.2.1481.169.136.2220xf2baStandard query (0)watchmepull.dyn. [malformed]256257false
                                        Mar 10, 2025 03:01:37.938910007 CET192.168.2.1481.169.136.2220xf2baStandard query (0)watchmepull.dyn. [malformed]256257false
                                        Mar 10, 2025 03:01:37.973807096 CET192.168.2.1481.169.136.2220xf2baStandard query (0)watchmepull.dyn. [malformed]256258false
                                        Mar 10, 2025 03:01:49.604283094 CET192.168.2.1451.158.108.2030x165aStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:01.212129116 CET192.168.2.1481.169.136.2220x21deStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:12.845077991 CET192.168.2.14185.181.61.240xbe33Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:24.091007948 CET192.168.2.1481.169.136.2220x46fStandard query (0)watchmepull.dyn. [malformed]256304false
                                        Mar 10, 2025 03:02:24.122170925 CET192.168.2.1481.169.136.2220x46fStandard query (0)watchmepull.dyn. [malformed]256304false
                                        Mar 10, 2025 03:02:24.156034946 CET192.168.2.1481.169.136.2220x46fStandard query (0)watchmepull.dyn. [malformed]256304false
                                        Mar 10, 2025 03:02:24.187252045 CET192.168.2.1481.169.136.2220x46fStandard query (0)watchmepull.dyn. [malformed]256304false
                                        Mar 10, 2025 03:02:24.218275070 CET192.168.2.1481.169.136.2220x46fStandard query (0)watchmepull.dyn. [malformed]256304false
                                        Mar 10, 2025 03:02:35.833914042 CET192.168.2.14194.36.144.870x47c5Standard query (0)watchmepull.dyn. [malformed]256315false
                                        Mar 10, 2025 03:02:35.858382940 CET192.168.2.14194.36.144.870x47c5Standard query (0)watchmepull.dyn. [malformed]256315false
                                        Mar 10, 2025 03:02:35.883157969 CET192.168.2.14194.36.144.870x47c5Standard query (0)watchmepull.dyn. [malformed]256315false
                                        Mar 10, 2025 03:02:35.907357931 CET192.168.2.14194.36.144.870x47c5Standard query (0)watchmepull.dyn. [malformed]256315false
                                        Mar 10, 2025 03:02:35.932754993 CET192.168.2.14194.36.144.870x47c5Standard query (0)watchmepull.dyn. [malformed]256315false
                                        Mar 10, 2025 03:02:47.546988010 CET192.168.2.14152.53.15.1270x8343Standard query (0)watchmepull.dyn. [malformed]256327false
                                        Mar 10, 2025 03:02:47.572149038 CET192.168.2.14152.53.15.1270x8343Standard query (0)watchmepull.dyn. [malformed]256327false
                                        Mar 10, 2025 03:02:47.597372055 CET192.168.2.14152.53.15.1270x8343Standard query (0)watchmepull.dyn. [malformed]256327false
                                        Mar 10, 2025 03:02:47.625462055 CET192.168.2.14152.53.15.1270x8343Standard query (0)watchmepull.dyn. [malformed]256327false
                                        Mar 10, 2025 03:02:47.653086901 CET192.168.2.14152.53.15.1270x8343Standard query (0)watchmepull.dyn. [malformed]256327false
                                        Mar 10, 2025 03:02:59.260871887 CET192.168.2.14202.61.197.1220x5e2aStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Mar 10, 2025 03:01:03.059962988 CET202.61.197.122192.168.2.140x1159No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:03.059962988 CET202.61.197.122192.168.2.140x1159No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:03.059962988 CET202.61.197.122192.168.2.140x1159No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:03.059962988 CET202.61.197.122192.168.2.140x1159No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:14.315452099 CET202.61.197.122192.168.2.140x1f9No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:14.315452099 CET202.61.197.122192.168.2.140x1f9No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:14.315452099 CET202.61.197.122192.168.2.140x1f9No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:14.315452099 CET202.61.197.122192.168.2.140x1f9No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:25.943895102 CET51.158.108.203192.168.2.140x517dFormat error (1)watchmepull.dyn. [malformed]nonenone256501false
                                        Mar 10, 2025 03:01:25.962254047 CET51.158.108.203192.168.2.140x517dFormat error (1)watchmepull.dyn. [malformed]nonenone256501false
                                        Mar 10, 2025 03:01:25.979959965 CET51.158.108.203192.168.2.140x517dFormat error (1)watchmepull.dyn. [malformed]nonenone256501false
                                        Mar 10, 2025 03:01:25.997751951 CET51.158.108.203192.168.2.140x517dFormat error (1)watchmepull.dyn. [malformed]nonenone256502false
                                        Mar 10, 2025 03:01:26.015990973 CET51.158.108.203192.168.2.140x517dFormat error (1)watchmepull.dyn. [malformed]nonenone256502false
                                        Mar 10, 2025 03:01:49.620215893 CET51.158.108.203192.168.2.140x165aNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:49.620215893 CET51.158.108.203192.168.2.140x165aNo error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:49.620215893 CET51.158.108.203192.168.2.140x165aNo error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:01:49.620215893 CET51.158.108.203192.168.2.140x165aNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:01.242577076 CET81.169.136.222192.168.2.140x21deNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:01.242577076 CET81.169.136.222192.168.2.140x21deNo error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:01.242577076 CET81.169.136.222192.168.2.140x21deNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:01.242577076 CET81.169.136.222192.168.2.140x21deNo error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:12.882991076 CET185.181.61.24192.168.2.140xbe33No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:12.882991076 CET185.181.61.24192.168.2.140xbe33No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:12.882991076 CET185.181.61.24192.168.2.140xbe33No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:12.882991076 CET185.181.61.24192.168.2.140xbe33No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:35.857086897 CET194.36.144.87192.168.2.140x47c5Format error (1)watchmepull.dyn. [malformed]nonenone256315false
                                        Mar 10, 2025 03:02:35.881834030 CET194.36.144.87192.168.2.140x47c5Format error (1)watchmepull.dyn. [malformed]nonenone256315false
                                        Mar 10, 2025 03:02:35.906049013 CET194.36.144.87192.168.2.140x47c5Format error (1)watchmepull.dyn. [malformed]nonenone256315false
                                        Mar 10, 2025 03:02:35.931386948 CET194.36.144.87192.168.2.140x47c5Format error (1)watchmepull.dyn. [malformed]nonenone256315false
                                        Mar 10, 2025 03:02:35.952671051 CET194.36.144.87192.168.2.140x47c5Format error (1)watchmepull.dyn. [malformed]nonenone256315false
                                        Mar 10, 2025 03:02:47.570482969 CET152.53.15.127192.168.2.140x8343Format error (1)watchmepull.dyn. [malformed]nonenone256327false
                                        Mar 10, 2025 03:02:47.595542908 CET152.53.15.127192.168.2.140x8343Format error (1)watchmepull.dyn. [malformed]nonenone256327false
                                        Mar 10, 2025 03:02:47.623728037 CET152.53.15.127192.168.2.140x8343Format error (1)watchmepull.dyn. [malformed]nonenone256327false
                                        Mar 10, 2025 03:02:47.651387930 CET152.53.15.127192.168.2.140x8343Format error (1)watchmepull.dyn. [malformed]nonenone256327false
                                        Mar 10, 2025 03:02:47.677361012 CET152.53.15.127192.168.2.140x8343Format error (1)watchmepull.dyn. [malformed]nonenone256327false
                                        Mar 10, 2025 03:02:59.278747082 CET202.61.197.122192.168.2.140x5e2aNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:59.278747082 CET202.61.197.122192.168.2.140x5e2aNo error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:59.278747082 CET202.61.197.122192.168.2.140x5e2aNo error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                        Mar 10, 2025 03:02:59.278747082 CET202.61.197.122192.168.2.140x5e2aNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false

                                        System Behavior

                                        Start time (UTC):02:01:01
                                        Start date (UTC):10/03/2025
                                        Path:/tmp/zermips.elf
                                        Arguments:-
                                        File size:5777432 bytes
                                        MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                                        Start time (UTC):02:01:01
                                        Start date (UTC):10/03/2025
                                        Path:/tmp/zermips.elf
                                        Arguments:-
                                        File size:5777432 bytes
                                        MD5 hash:0083f1f0e77be34ad27f849842bbb00c