Edit tour

Linux Analysis Report
zerspc.elf

Overview

General Information

Sample name:zerspc.elf
Analysis ID:1643360
MD5:fcb9e1fd3ad21f17c562ee52296f4edb
SHA1:b00ef70e060fa953ae36028fa2d1e6ae8f91d870
SHA256:3cdc65486bc8428160f8831025b72740d7f764ed683ac2072fb387d2451f931b
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1643360
Start date and time:2025-03-19 19:37:22 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 45s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zerspc.elf
Detection:MAL
Classification:mal52.troj.linELF@0/0@44/0
Command:/tmp/zerspc.elf
PID:5529
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:
  • system is lnxubuntu20
  • zerspc.elf (PID: 5529, Parent: 5445, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/zerspc.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zerspc.elfVirustotal: Detection: 37%Perma Link
Source: zerspc.elfReversingLabs: Detection: 33%

Networking

barindex
Source: global trafficDNS traffic detected: malformed DNS query: watchmepull.dyn. [malformed]
Source: global trafficTCP traffic: 192.168.2.14:56026 -> 104.248.47.182:1440
Source: global trafficTCP traffic: 192.168.2.14:36008 -> 45.147.251.145:1440
Source: /tmp/zerspc.elf (PID: 5529)Socket: 127.0.0.1:39148Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: global trafficDNS traffic detected: DNS query: ohlookthereismyboats.geek
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn. [malformed]
Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne >> > .d
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal52.troj.linELF@0/0@44/0
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/1583/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/2672/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/110/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/111/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/112/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/113/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/234/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/1577/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/114/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/235/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/115/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/116/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/117/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/118/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/119/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/10/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/917/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/11/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/12/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/13/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/14/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/15/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/16/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/17/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/18/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/19/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/1593/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/240/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/120/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/3094/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/121/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/242/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/3406/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/1/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/122/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/243/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/2/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/123/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/244/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/1589/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/3/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/124/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/245/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/1588/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/125/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/4/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/246/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/3402/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/126/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/5/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/247/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/127/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/6/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/248/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/128/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/7/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/249/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/8/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/129/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/800/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/9/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/801/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/803/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/20/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/806/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/21/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/807/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/928/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/22/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/23/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/24/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/25/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/26/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/27/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/28/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/29/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/3420/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/490/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/250/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/130/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/251/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/131/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/252/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/132/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/253/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/254/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/255/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/135/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/256/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/1599/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/257/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/378/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/258/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/3412/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/259/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/30/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/35/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/1371/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/260/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/261/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/262/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/142/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/263/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/264/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)File opened: /proc/265/commJump to behavior
Source: /tmp/zerspc.elf (PID: 5529)Queries kernel information via 'uname': Jump to behavior
Source: zerspc.elf, 5529.1.00005647a96b6000.00005647a973b000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
Source: zerspc.elf, 5529.1.00005647a96b6000.00005647a973b000.rw-.sdmpBinary or memory string: GV!/etc/qemu-binfmt/sparc
Source: zerspc.elf, 5529.1.00007ffcb0679000.00007ffcb069a000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/zerspc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zerspc.elf
Source: zerspc.elf, 5529.1.00007ffcb0679000.00007ffcb069a000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1643360 Sample: zerspc.elf Startdate: 19/03/2025 Architecture: LINUX Score: 52 14 watchmepull.dyn. [malformed] 2->14 16 ohlookthereismyboats.geek 45.147.251.145, 1440, 36008, 36010 RACKMARKTES Germany 2->16 18 104.248.47.182, 1440, 56026 DIGITALOCEAN-ASNUS United States 2->18 20 Multi AV Scanner detection for submitted file 2->20 8 zerspc.elf 2->8         started        signatures3 22 Sends malformed DNS queries 14->22 process4 process5 10 zerspc.elf 8->10         started        process6 12 zerspc.elf 10->12         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
zerspc.elf38%VirustotalBrowse
zerspc.elf33%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
ohlookthereismyboats.geek
45.147.251.145
truefalse
    high
    watchmepull.dyn. [malformed]
    unknown
    unknownfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      104.248.47.182
      unknownUnited States
      14061DIGITALOCEAN-ASNUSfalse
      45.147.251.145
      ohlookthereismyboats.geekGermany
      197518RACKMARKTESfalse
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      104.248.47.182zerarm.elfGet hashmaliciousUnknownBrowse
        45.147.251.145zerarm.elfGet hashmaliciousUnknownBrowse
          zerarm.elfGet hashmaliciousUnknownBrowse
            zerarm5.elfGet hashmaliciousUnknownBrowse
              zerx86.elfGet hashmaliciousUnknownBrowse
                zerspc.elfGet hashmaliciousUnknownBrowse
                  zerppc.elfGet hashmaliciousUnknownBrowse
                    zermpsl.elfGet hashmaliciousUnknownBrowse
                      zerm68k.elfGet hashmaliciousUnknownBrowse
                        zersh4.elfGet hashmaliciousUnknownBrowse
                          zerarm7.elfGet hashmaliciousUnknownBrowse
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            ohlookthereismyboats.geekjklarm5.elfGet hashmaliciousUnknownBrowse
                            • 104.248.47.182
                            jklx86.elfGet hashmaliciousUnknownBrowse
                            • 185.220.204.227
                            nklx86.elfGet hashmaliciousUnknownBrowse
                            • 185.220.204.227
                            nklarm7.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            nabarm5.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            zerarm.elfGet hashmaliciousUnknownBrowse
                            • 185.220.204.227
                            splmips.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            jklmpsl.elfGet hashmaliciousUnknownBrowse
                            • 185.220.204.227
                            jklmips.elfGet hashmaliciousUnknownBrowse
                            • 185.220.204.227
                            arm.elfGet hashmaliciousUnknownBrowse
                            • 185.220.204.227
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            DIGITALOCEAN-ASNUSzerarm.elfGet hashmaliciousUnknownBrowse
                            • 104.248.47.182
                            resgod.ppc.elfGet hashmaliciousMiraiBrowse
                            • 206.189.186.139
                            http://jcbajqjo.abdomed-ua.online/redirect/#ZDJsc2JtRkFjSEpsZEhkcGJDNWpieTU2WVE9PQ==&_blankGet hashmaliciousUnknownBrowse
                            • 134.209.177.172
                            https://trezzerwalletse.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                            • 167.99.228.137
                            https://surl.li/Pd-clientesGet hashmaliciousUnknownBrowse
                            • 198.199.109.95
                            https://billing-app-pago-group00.codeanyapp.com/21P.MN/auth/Get hashmaliciousUnknownBrowse
                            • 198.199.109.95
                            http://communaute-protestante-berlin.de/dinGet hashmaliciousUnknownBrowse
                            • 104.131.67.145
                            http://marketplace-items-8236237852.hstn.me/Get hashmaliciousUnknownBrowse
                            • 146.185.171.8
                            https://w-si.link/LLddh9rL23sraRLUzGet hashmaliciousHTMLPhisherBrowse
                            • 67.207.79.245
                            https://surl.li/Pd-clientesGet hashmaliciousUnknownBrowse
                            • 198.199.109.95
                            RACKMARKTESzerarm.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            graviola.dllGet hashmaliciousUnknownBrowse
                            • 185.228.72.203
                            graviola.dllGet hashmaliciousUnknownBrowse
                            • 185.228.72.203
                            zerarm.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            zerarm5.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            zerx86.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            zerspc.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            zerppc.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            zermpsl.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            zerm68k.elfGet hashmaliciousUnknownBrowse
                            • 45.147.251.145
                            No context
                            No context
                            No created / dropped files found
                            File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
                            Entropy (8bit):6.009423608058012
                            TrID:
                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                            File name:zerspc.elf
                            File size:50'120 bytes
                            MD5:fcb9e1fd3ad21f17c562ee52296f4edb
                            SHA1:b00ef70e060fa953ae36028fa2d1e6ae8f91d870
                            SHA256:3cdc65486bc8428160f8831025b72740d7f764ed683ac2072fb387d2451f931b
                            SHA512:2b63006e9bcb1a4016378adad61a88165c2aa687e371aa7616fc2370e06834ff666a3c0f4b8227e7053dcad9e4552a054681bd25be0ccb59c516428fa6101142
                            SSDEEP:768:8Jo8Iq9c7VTeorqsTnMloqXSEVn74QULO+4X4dH/JZ:8JHISc7VTe+qsTnMlBXdZ8QKIKH/L
                            TLSH:91234B21B9792E1BC4D5A87E22F74724B2F11B0E25F8CB1D7C321E4AFF25A4055136B9
                            File Content Preview:.ELF...........................4.........4. ...(...........................................................8........dt.Q................................@..(....@.,.................#.....a...`.....!..... ...@.....".........`......$ ... ...@...........`....

                            ELF header

                            Class:ELF32
                            Data:2's complement, big endian
                            Version:1 (current)
                            Machine:Sparc
                            Version Number:0x1
                            Type:EXEC (Executable file)
                            OS/ABI:UNIX - System V
                            ABI Version:0
                            Entry Point Address:0x101a4
                            Flags:0x0
                            ELF Header Size:52
                            Program Header Offset:52
                            Program Header Size:32
                            Number of Program Headers:3
                            Section Header Offset:49680
                            Section Header Size:40
                            Number of Section Headers:11
                            Header String Table Index:10
                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                            NULL0x00x00x00x00x0000
                            .initPROGBITS0x100940x940x1c0x00x6AX004
                            .textPROGBITS0x100b00xb00xb3740x00x6AX004
                            .finiPROGBITS0x1b4240xb4240x140x00x6AX004
                            .rodataPROGBITS0x1b4380xb4380x9900x00x2A008
                            .ctorsPROGBITS0x2c0000xc0000x80x00x3WA004
                            .dtorsPROGBITS0x2c0080xc0080x80x00x3WA004
                            .jcrPROGBITS0x2c0100xc0100x40x00x3WA004
                            .dataPROGBITS0x2c0180xc0180x1b40x00x3WA008
                            .bssNOBITS0x2c1d00xc1cc0x2680x00x3WA008
                            .shstrtabSTRTAB0x00xc1cc0x430x00x0001
                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                            LOAD0x00x100000x100000xbdc80xbdc86.08470x5R E0x10000.init .text .fini .rodata
                            LOAD0xc0000x2c0000x2c0000x1cc0x4382.26360x6RW 0x10000.ctors .dtors .jcr .data .bss
                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                            Download Network PCAP: filteredfull

                            • Total Packets: 105
                            • 1440 undefined
                            • 53 (DNS)
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 19, 2025 19:38:21.799968958 CET560261440192.168.2.14104.248.47.182
                            Mar 19, 2025 19:38:21.804817915 CET144056026104.248.47.182192.168.2.14
                            Mar 19, 2025 19:38:21.804872036 CET560261440192.168.2.14104.248.47.182
                            Mar 19, 2025 19:38:21.810029030 CET560261440192.168.2.14104.248.47.182
                            Mar 19, 2025 19:38:21.814735889 CET144056026104.248.47.182192.168.2.14
                            Mar 19, 2025 19:38:21.814775944 CET560261440192.168.2.14104.248.47.182
                            Mar 19, 2025 19:38:21.819438934 CET144056026104.248.47.182192.168.2.14
                            Mar 19, 2025 19:38:31.820102930 CET560261440192.168.2.14104.248.47.182
                            Mar 19, 2025 19:38:31.824888945 CET144056026104.248.47.182192.168.2.14
                            Mar 19, 2025 19:38:32.032083035 CET144056026104.248.47.182192.168.2.14
                            Mar 19, 2025 19:38:32.032453060 CET560261440192.168.2.14104.248.47.182
                            Mar 19, 2025 19:38:32.037111998 CET144056026104.248.47.182192.168.2.14
                            Mar 19, 2025 19:38:32.051265955 CET360081440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:32.056144953 CET14403600845.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:32.056202888 CET360081440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:32.057291985 CET360081440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:32.061984062 CET14403600845.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:32.062031031 CET360081440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:32.066703081 CET14403600845.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:42.678385019 CET14403600845.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:42.678896904 CET360081440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:42.683639050 CET14403600845.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:42.776016951 CET360101440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:42.780719042 CET14403601045.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:42.780817032 CET360101440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:42.782038927 CET360101440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:42.786711931 CET14403601045.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:42.786760092 CET360101440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:42.791409016 CET14403601045.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:53.397038937 CET14403601045.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:53.397300005 CET360101440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:53.402122974 CET14403601045.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:53.509567022 CET360121440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:53.514987946 CET14403601245.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:53.515098095 CET360121440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:53.516619921 CET360121440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:53.521539927 CET14403601245.147.251.145192.168.2.14
                            Mar 19, 2025 19:38:53.521656036 CET360121440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:38:53.526570082 CET14403601245.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:04.134963036 CET14403601245.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:04.135590076 CET360121440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:04.140367031 CET14403601245.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:04.690429926 CET360141440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:04.697225094 CET14403601445.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:04.697294950 CET360141440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:04.698260069 CET360141440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:04.702903986 CET14403601445.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:04.702955008 CET360141440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:04.708041906 CET14403601445.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:15.311671019 CET14403601445.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:15.311943054 CET360141440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:15.316704035 CET14403601445.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:15.424645901 CET360161440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:15.429508924 CET14403601645.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:15.429589987 CET360161440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:15.431035042 CET360161440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:15.435736895 CET14403601645.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:15.435806036 CET360161440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:15.440514088 CET14403601645.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:26.046242952 CET14403601645.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:26.046751022 CET360161440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:26.051577091 CET14403601645.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:26.138200045 CET360181440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:26.143244982 CET14403601845.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:26.143493891 CET360181440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:26.145402908 CET360181440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:26.150084972 CET14403601845.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:26.150176048 CET360181440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:26.154874086 CET14403601845.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:36.155313969 CET360181440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:36.161469936 CET14403601845.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:36.382710934 CET14403601845.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:36.383008003 CET360181440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:36.387856960 CET14403601845.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:36.479446888 CET360201440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:36.484823942 CET14403602045.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:36.484901905 CET360201440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:36.486087084 CET360201440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:36.490791082 CET14403602045.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:36.490873098 CET360201440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:36.495553017 CET14403602045.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:47.106183052 CET14403602045.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:47.106410980 CET360201440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:47.111167908 CET14403602045.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:47.208795071 CET360221440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:47.213464022 CET14403602245.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:47.213538885 CET360221440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:47.214682102 CET360221440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:47.219511986 CET14403602245.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:47.219573975 CET360221440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:47.224164963 CET14403602245.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:57.843354940 CET14403602245.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:57.843585014 CET360221440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:57.848551989 CET14403602245.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:57.861285925 CET360241440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:57.868082047 CET14403602445.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:57.868140936 CET360241440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:57.868997097 CET360241440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:57.875974894 CET14403602445.147.251.145192.168.2.14
                            Mar 19, 2025 19:39:57.876029015 CET360241440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:39:57.881376982 CET14403602445.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:08.492441893 CET14403602445.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:08.492969990 CET360241440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:08.497697115 CET14403602445.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:08.945530891 CET360261440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:08.950265884 CET14403602645.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:08.950347900 CET360261440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:08.951754093 CET360261440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:08.956512928 CET14403602645.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:08.956566095 CET360261440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:08.961222887 CET14403602645.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:19.584286928 CET14403602645.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:19.584498882 CET360261440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:19.590100050 CET14403602645.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:20.046082973 CET360281440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:20.050797939 CET14403602845.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:20.050847054 CET360281440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:20.051681042 CET360281440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:20.056256056 CET14403602845.147.251.145192.168.2.14
                            Mar 19, 2025 19:40:20.056302071 CET360281440192.168.2.1445.147.251.145
                            Mar 19, 2025 19:40:20.060950994 CET14403602845.147.251.145192.168.2.14
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 19, 2025 19:38:21.766334057 CET3547053192.168.2.14194.36.144.87
                            Mar 19, 2025 19:38:21.790222883 CET5335470194.36.144.87192.168.2.14
                            Mar 19, 2025 19:38:32.033550024 CET5915653192.168.2.14194.36.144.87
                            Mar 19, 2025 19:38:32.050570965 CET5359156194.36.144.87192.168.2.14
                            Mar 19, 2025 19:38:42.680248976 CET5741953192.168.2.14202.61.197.122
                            Mar 19, 2025 19:38:42.697534084 CET5357419202.61.197.122192.168.2.14
                            Mar 19, 2025 19:38:42.699162006 CET5489653192.168.2.14202.61.197.122
                            Mar 19, 2025 19:38:42.716491938 CET5354896202.61.197.122192.168.2.14
                            Mar 19, 2025 19:38:42.718111038 CET5861253192.168.2.14202.61.197.122
                            Mar 19, 2025 19:38:42.735460997 CET5358612202.61.197.122192.168.2.14
                            Mar 19, 2025 19:38:42.737217903 CET4039453192.168.2.14202.61.197.122
                            Mar 19, 2025 19:38:42.755008936 CET5340394202.61.197.122192.168.2.14
                            Mar 19, 2025 19:38:42.756835938 CET4170553192.168.2.14202.61.197.122
                            Mar 19, 2025 19:38:42.774831057 CET5341705202.61.197.122192.168.2.14
                            Mar 19, 2025 19:38:53.399312973 CET3420053192.168.2.14152.53.15.127
                            Mar 19, 2025 19:38:53.416292906 CET5334200152.53.15.127192.168.2.14
                            Mar 19, 2025 19:38:53.417571068 CET3665053192.168.2.14152.53.15.127
                            Mar 19, 2025 19:38:53.440170050 CET5336650152.53.15.127192.168.2.14
                            Mar 19, 2025 19:38:53.441894054 CET3477653192.168.2.14152.53.15.127
                            Mar 19, 2025 19:38:53.458726883 CET5334776152.53.15.127192.168.2.14
                            Mar 19, 2025 19:38:53.460532904 CET5282753192.168.2.14152.53.15.127
                            Mar 19, 2025 19:38:53.483477116 CET5352827152.53.15.127192.168.2.14
                            Mar 19, 2025 19:38:53.485388994 CET3727353192.168.2.14152.53.15.127
                            Mar 19, 2025 19:38:53.508474112 CET5337273152.53.15.127192.168.2.14
                            Mar 19, 2025 19:39:04.137070894 CET3570653192.168.2.14168.235.111.72
                            Mar 19, 2025 19:39:04.224097013 CET5335706168.235.111.72192.168.2.14
                            Mar 19, 2025 19:39:04.226367950 CET4215153192.168.2.14168.235.111.72
                            Mar 19, 2025 19:39:04.314332962 CET5342151168.235.111.72192.168.2.14
                            Mar 19, 2025 19:39:04.316519976 CET4531453192.168.2.14168.235.111.72
                            Mar 19, 2025 19:39:04.507694006 CET5345314168.235.111.72192.168.2.14
                            Mar 19, 2025 19:39:04.509464025 CET3870453192.168.2.14168.235.111.72
                            Mar 19, 2025 19:39:04.600552082 CET5338704168.235.111.72192.168.2.14
                            Mar 19, 2025 19:39:04.601877928 CET5247053192.168.2.14168.235.111.72
                            Mar 19, 2025 19:39:04.689430952 CET5352470168.235.111.72192.168.2.14
                            Mar 19, 2025 19:39:15.313584089 CET4859953192.168.2.14152.53.15.127
                            Mar 19, 2025 19:39:15.330543041 CET5348599152.53.15.127192.168.2.14
                            Mar 19, 2025 19:39:15.332537889 CET5551053192.168.2.14152.53.15.127
                            Mar 19, 2025 19:39:15.355366945 CET5355510152.53.15.127192.168.2.14
                            Mar 19, 2025 19:39:15.357214928 CET5220153192.168.2.14152.53.15.127
                            Mar 19, 2025 19:39:15.374226093 CET5352201152.53.15.127192.168.2.14
                            Mar 19, 2025 19:39:15.375953913 CET5281853192.168.2.14152.53.15.127
                            Mar 19, 2025 19:39:15.398802042 CET5352818152.53.15.127192.168.2.14
                            Mar 19, 2025 19:39:15.400645018 CET3464653192.168.2.14152.53.15.127
                            Mar 19, 2025 19:39:15.423724890 CET5334646152.53.15.127192.168.2.14
                            Mar 19, 2025 19:39:26.048824072 CET5791953192.168.2.14168.235.111.72
                            Mar 19, 2025 19:39:26.136231899 CET5357919168.235.111.72192.168.2.14
                            Mar 19, 2025 19:39:36.385445118 CET5836753192.168.2.1451.158.108.203
                            Mar 19, 2025 19:39:36.401303053 CET535836751.158.108.203192.168.2.14
                            Mar 19, 2025 19:39:36.402687073 CET4401053192.168.2.1451.158.108.203
                            Mar 19, 2025 19:39:36.425286055 CET534401051.158.108.203192.168.2.14
                            Mar 19, 2025 19:39:36.426862001 CET4259253192.168.2.1451.158.108.203
                            Mar 19, 2025 19:39:36.442989111 CET534259251.158.108.203192.168.2.14
                            Mar 19, 2025 19:39:36.444638968 CET4999353192.168.2.1451.158.108.203
                            Mar 19, 2025 19:39:36.461536884 CET534999351.158.108.203192.168.2.14
                            Mar 19, 2025 19:39:36.462798119 CET5037853192.168.2.1451.158.108.203
                            Mar 19, 2025 19:39:36.478637934 CET535037851.158.108.203192.168.2.14
                            Mar 19, 2025 19:39:47.107686996 CET3384653192.168.2.14194.36.144.87
                            Mar 19, 2025 19:39:47.130049944 CET5333846194.36.144.87192.168.2.14
                            Mar 19, 2025 19:39:47.131355047 CET5917953192.168.2.14194.36.144.87
                            Mar 19, 2025 19:39:47.148114920 CET5359179194.36.144.87192.168.2.14
                            Mar 19, 2025 19:39:47.149408102 CET3577653192.168.2.14194.36.144.87
                            Mar 19, 2025 19:39:47.172055006 CET5335776194.36.144.87192.168.2.14
                            Mar 19, 2025 19:39:47.173348904 CET3622453192.168.2.14194.36.144.87
                            Mar 19, 2025 19:39:47.190377951 CET5336224194.36.144.87192.168.2.14
                            Mar 19, 2025 19:39:47.191627026 CET3959653192.168.2.14194.36.144.87
                            Mar 19, 2025 19:39:47.208193064 CET5339596194.36.144.87192.168.2.14
                            Mar 19, 2025 19:39:57.844835997 CET3538653192.168.2.1451.158.108.203
                            Mar 19, 2025 19:39:57.860682964 CET533538651.158.108.203192.168.2.14
                            Mar 19, 2025 19:40:08.494820118 CET3607053192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:08.585874081 CET5336070168.235.111.72192.168.2.14
                            Mar 19, 2025 19:40:08.587615967 CET3324353192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:08.675292969 CET5333243168.235.111.72192.168.2.14
                            Mar 19, 2025 19:40:08.677484989 CET4939353192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:08.764704943 CET5349393168.235.111.72192.168.2.14
                            Mar 19, 2025 19:40:08.766668081 CET4984053192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:08.854170084 CET5349840168.235.111.72192.168.2.14
                            Mar 19, 2025 19:40:08.855427027 CET5339453192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:08.944458961 CET5353394168.235.111.72192.168.2.14
                            Mar 19, 2025 19:40:19.585623026 CET5831153192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:19.681068897 CET5358311168.235.111.72192.168.2.14
                            Mar 19, 2025 19:40:19.682133913 CET3528053192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:19.768933058 CET5335280168.235.111.72192.168.2.14
                            Mar 19, 2025 19:40:19.770015001 CET3712253192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:19.858529091 CET5337122168.235.111.72192.168.2.14
                            Mar 19, 2025 19:40:19.859602928 CET3843853192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:19.951128960 CET5338438168.235.111.72192.168.2.14
                            Mar 19, 2025 19:40:19.952491045 CET4580353192.168.2.14168.235.111.72
                            Mar 19, 2025 19:40:20.045319080 CET5345803168.235.111.72192.168.2.14
                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Mar 19, 2025 19:38:21.766334057 CET192.168.2.14194.36.144.870xa0ccStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 19, 2025 19:38:32.033550024 CET192.168.2.14194.36.144.870xb13fStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 19, 2025 19:38:42.680248976 CET192.168.2.14202.61.197.1220x7388Standard query (0)watchmepull.dyn. [malformed]256306false
                            Mar 19, 2025 19:38:42.699162006 CET192.168.2.14202.61.197.1220x7388Standard query (0)watchmepull.dyn. [malformed]256306false
                            Mar 19, 2025 19:38:42.718111038 CET192.168.2.14202.61.197.1220x7388Standard query (0)watchmepull.dyn. [malformed]256306false
                            Mar 19, 2025 19:38:42.737217903 CET192.168.2.14202.61.197.1220x7388Standard query (0)watchmepull.dyn. [malformed]256306false
                            Mar 19, 2025 19:38:42.756835938 CET192.168.2.14202.61.197.1220x7388Standard query (0)watchmepull.dyn. [malformed]256306false
                            Mar 19, 2025 19:38:53.399312973 CET192.168.2.14152.53.15.1270xa347Standard query (0)watchmepull.dyn. [malformed]256317false
                            Mar 19, 2025 19:38:53.417571068 CET192.168.2.14152.53.15.1270xa347Standard query (0)watchmepull.dyn. [malformed]256317false
                            Mar 19, 2025 19:38:53.441894054 CET192.168.2.14152.53.15.1270xa347Standard query (0)watchmepull.dyn. [malformed]256317false
                            Mar 19, 2025 19:38:53.460532904 CET192.168.2.14152.53.15.1270xa347Standard query (0)watchmepull.dyn. [malformed]256317false
                            Mar 19, 2025 19:38:53.485388994 CET192.168.2.14152.53.15.1270xa347Standard query (0)watchmepull.dyn. [malformed]256317false
                            Mar 19, 2025 19:39:04.137070894 CET192.168.2.14168.235.111.720x991Standard query (0)watchmepull.dyn. [malformed]256328false
                            Mar 19, 2025 19:39:04.226367950 CET192.168.2.14168.235.111.720x991Standard query (0)watchmepull.dyn. [malformed]256328false
                            Mar 19, 2025 19:39:04.316519976 CET192.168.2.14168.235.111.720x991Standard query (0)watchmepull.dyn. [malformed]256328false
                            Mar 19, 2025 19:39:04.509464025 CET192.168.2.14168.235.111.720x991Standard query (0)watchmepull.dyn. [malformed]256328false
                            Mar 19, 2025 19:39:04.601877928 CET192.168.2.14168.235.111.720x991Standard query (0)watchmepull.dyn. [malformed]256328false
                            Mar 19, 2025 19:39:15.313584089 CET192.168.2.14152.53.15.1270xc949Standard query (0)watchmepull.dyn. [malformed]256339false
                            Mar 19, 2025 19:39:15.332537889 CET192.168.2.14152.53.15.1270xc949Standard query (0)watchmepull.dyn. [malformed]256339false
                            Mar 19, 2025 19:39:15.357214928 CET192.168.2.14152.53.15.1270xc949Standard query (0)watchmepull.dyn. [malformed]256339false
                            Mar 19, 2025 19:39:15.375953913 CET192.168.2.14152.53.15.1270xc949Standard query (0)watchmepull.dyn. [malformed]256339false
                            Mar 19, 2025 19:39:15.400645018 CET192.168.2.14152.53.15.1270xc949Standard query (0)watchmepull.dyn. [malformed]256339false
                            Mar 19, 2025 19:39:26.048824072 CET192.168.2.14168.235.111.720x39c3Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 19, 2025 19:39:36.385445118 CET192.168.2.1451.158.108.2030x2276Standard query (0)watchmepull.dyn. [malformed]256360false
                            Mar 19, 2025 19:39:36.402687073 CET192.168.2.1451.158.108.2030x2276Standard query (0)watchmepull.dyn. [malformed]256360false
                            Mar 19, 2025 19:39:36.426862001 CET192.168.2.1451.158.108.2030x2276Standard query (0)watchmepull.dyn. [malformed]256360false
                            Mar 19, 2025 19:39:36.444638968 CET192.168.2.1451.158.108.2030x2276Standard query (0)watchmepull.dyn. [malformed]256360false
                            Mar 19, 2025 19:39:36.462798119 CET192.168.2.1451.158.108.2030x2276Standard query (0)watchmepull.dyn. [malformed]256360false
                            Mar 19, 2025 19:39:47.107686996 CET192.168.2.14194.36.144.870xfc3fStandard query (0)watchmepull.dyn. [malformed]256371false
                            Mar 19, 2025 19:39:47.131355047 CET192.168.2.14194.36.144.870xfc3fStandard query (0)watchmepull.dyn. [malformed]256371false
                            Mar 19, 2025 19:39:47.149408102 CET192.168.2.14194.36.144.870xfc3fStandard query (0)watchmepull.dyn. [malformed]256371false
                            Mar 19, 2025 19:39:47.173348904 CET192.168.2.14194.36.144.870xfc3fStandard query (0)watchmepull.dyn. [malformed]256371false
                            Mar 19, 2025 19:39:47.191627026 CET192.168.2.14194.36.144.870xfc3fStandard query (0)watchmepull.dyn. [malformed]256371false
                            Mar 19, 2025 19:39:57.844835997 CET192.168.2.1451.158.108.2030x86a0Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                            Mar 19, 2025 19:40:08.494820118 CET192.168.2.14168.235.111.720xc2a9Standard query (0)watchmepull.dyn. [malformed]256392false
                            Mar 19, 2025 19:40:08.587615967 CET192.168.2.14168.235.111.720xc2a9Standard query (0)watchmepull.dyn. [malformed]256392false
                            Mar 19, 2025 19:40:08.677484989 CET192.168.2.14168.235.111.720xc2a9Standard query (0)watchmepull.dyn. [malformed]256392false
                            Mar 19, 2025 19:40:08.766668081 CET192.168.2.14168.235.111.720xc2a9Standard query (0)watchmepull.dyn. [malformed]256392false
                            Mar 19, 2025 19:40:08.855427027 CET192.168.2.14168.235.111.720xc2a9Standard query (0)watchmepull.dyn. [malformed]256392false
                            Mar 19, 2025 19:40:19.585623026 CET192.168.2.14168.235.111.720xef9cStandard query (0)watchmepull.dyn. [malformed]256403false
                            Mar 19, 2025 19:40:19.682133913 CET192.168.2.14168.235.111.720xef9cStandard query (0)watchmepull.dyn. [malformed]256403false
                            Mar 19, 2025 19:40:19.770015001 CET192.168.2.14168.235.111.720xef9cStandard query (0)watchmepull.dyn. [malformed]256403false
                            Mar 19, 2025 19:40:19.859602928 CET192.168.2.14168.235.111.720xef9cStandard query (0)watchmepull.dyn. [malformed]256403false
                            Mar 19, 2025 19:40:19.952491045 CET192.168.2.14168.235.111.720xef9cStandard query (0)watchmepull.dyn. [malformed]256404false
                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Mar 19, 2025 19:38:21.790222883 CET194.36.144.87192.168.2.140xa0ccNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:38:21.790222883 CET194.36.144.87192.168.2.140xa0ccNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:38:21.790222883 CET194.36.144.87192.168.2.140xa0ccNo error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:38:32.050570965 CET194.36.144.87192.168.2.140xb13fNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:38:32.050570965 CET194.36.144.87192.168.2.140xb13fNo error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:38:32.050570965 CET194.36.144.87192.168.2.140xb13fNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:38:53.416292906 CET152.53.15.127192.168.2.140xa347Format error (1)watchmepull.dyn. [malformed]nonenone256317false
                            Mar 19, 2025 19:38:53.440170050 CET152.53.15.127192.168.2.140xa347Format error (1)watchmepull.dyn. [malformed]nonenone256317false
                            Mar 19, 2025 19:38:53.458726883 CET152.53.15.127192.168.2.140xa347Format error (1)watchmepull.dyn. [malformed]nonenone256317false
                            Mar 19, 2025 19:38:53.483477116 CET152.53.15.127192.168.2.140xa347Format error (1)watchmepull.dyn. [malformed]nonenone256317false
                            Mar 19, 2025 19:38:53.508474112 CET152.53.15.127192.168.2.140xa347Format error (1)watchmepull.dyn. [malformed]nonenone256317false
                            Mar 19, 2025 19:39:15.330543041 CET152.53.15.127192.168.2.140xc949Format error (1)watchmepull.dyn. [malformed]nonenone256339false
                            Mar 19, 2025 19:39:15.355366945 CET152.53.15.127192.168.2.140xc949Format error (1)watchmepull.dyn. [malformed]nonenone256339false
                            Mar 19, 2025 19:39:15.374226093 CET152.53.15.127192.168.2.140xc949Format error (1)watchmepull.dyn. [malformed]nonenone256339false
                            Mar 19, 2025 19:39:15.398802042 CET152.53.15.127192.168.2.140xc949Format error (1)watchmepull.dyn. [malformed]nonenone256339false
                            Mar 19, 2025 19:39:15.423724890 CET152.53.15.127192.168.2.140xc949Format error (1)watchmepull.dyn. [malformed]nonenone256339false
                            Mar 19, 2025 19:39:26.136231899 CET168.235.111.72192.168.2.140x39c3No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:39:26.136231899 CET168.235.111.72192.168.2.140x39c3No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:39:26.136231899 CET168.235.111.72192.168.2.140x39c3No error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:39:36.401303053 CET51.158.108.203192.168.2.140x2276Format error (1)watchmepull.dyn. [malformed]nonenone256360false
                            Mar 19, 2025 19:39:36.425286055 CET51.158.108.203192.168.2.140x2276Format error (1)watchmepull.dyn. [malformed]nonenone256360false
                            Mar 19, 2025 19:39:36.442989111 CET51.158.108.203192.168.2.140x2276Format error (1)watchmepull.dyn. [malformed]nonenone256360false
                            Mar 19, 2025 19:39:36.461536884 CET51.158.108.203192.168.2.140x2276Format error (1)watchmepull.dyn. [malformed]nonenone256360false
                            Mar 19, 2025 19:39:36.478637934 CET51.158.108.203192.168.2.140x2276Format error (1)watchmepull.dyn. [malformed]nonenone256360false
                            Mar 19, 2025 19:39:47.130049944 CET194.36.144.87192.168.2.140xfc3fFormat error (1)watchmepull.dyn. [malformed]nonenone256371false
                            Mar 19, 2025 19:39:47.148114920 CET194.36.144.87192.168.2.140xfc3fFormat error (1)watchmepull.dyn. [malformed]nonenone256371false
                            Mar 19, 2025 19:39:47.172055006 CET194.36.144.87192.168.2.140xfc3fFormat error (1)watchmepull.dyn. [malformed]nonenone256371false
                            Mar 19, 2025 19:39:47.190377951 CET194.36.144.87192.168.2.140xfc3fFormat error (1)watchmepull.dyn. [malformed]nonenone256371false
                            Mar 19, 2025 19:39:47.208193064 CET194.36.144.87192.168.2.140xfc3fFormat error (1)watchmepull.dyn. [malformed]nonenone256371false
                            Mar 19, 2025 19:39:57.860682964 CET51.158.108.203192.168.2.140x86a0No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:39:57.860682964 CET51.158.108.203192.168.2.140x86a0No error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                            Mar 19, 2025 19:39:57.860682964 CET51.158.108.203192.168.2.140x86a0No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false

                            System Behavior

                            Start time (UTC):18:38:20
                            Start date (UTC):19/03/2025
                            Path:/tmp/zerspc.elf
                            Arguments:-
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                            Start time (UTC):18:38:20
                            Start date (UTC):19/03/2025
                            Path:/tmp/zerspc.elf
                            Arguments:-
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e