Edit tour

Linux Analysis Report
zerarm5.elf

Overview

General Information

Sample name:zerarm5.elf
Analysis ID:1643371
MD5:bfa88a0946b6eea9f443c8794c2f55b1
SHA1:3ab9c0ea1a6a6e01d4951ff9f7077200311b65e0
SHA256:b33f09579953c932b3e7ef2bc343864de13bc64f4e591c9551ce87800552e154
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1643371
Start date and time:2025-03-19 19:50:58 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 56s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zerarm5.elf
Detection:MAL
Classification:mal52.troj.linELF@0/0@35/0
Command:/tmp/zerarm5.elf
PID:5460
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:
  • system is lnxubuntu20
  • zerarm5.elf (PID: 5460, Parent: 5378, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/zerarm5.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zerarm5.elfVirustotal: Detection: 39%Perma Link
Source: zerarm5.elfReversingLabs: Detection: 38%

Networking

barindex
Source: global trafficDNS traffic detected: malformed DNS query: watchmepull.dyn. [malformed]
Source: global trafficTCP traffic: 192.168.2.13:49042 -> 45.147.251.145:1440
Source: global trafficTCP traffic: 192.168.2.13:42432 -> 104.248.47.182:1440
Source: global trafficTCP traffic: 192.168.2.13:40570 -> 185.220.204.227:1440
Source: /tmp/zerarm5.elf (PID: 5460)Socket: 127.0.0.1:39148Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn
Source: global trafficDNS traffic detected: DNS query: ohlookthereismyboats.geek
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn. [malformed]
Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne >> > .d
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal52.troj.linELF@0/0@35/0
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/230/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/110/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/231/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/111/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/232/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/112/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/233/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/113/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/234/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/114/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/235/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/115/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/236/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/116/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/237/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/117/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/238/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/118/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/239/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/119/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/914/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/3635/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/10/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/917/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/11/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/12/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/13/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/14/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/15/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/16/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/17/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/18/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/19/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/240/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/3095/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/120/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/241/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/121/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/242/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/1/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/122/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/243/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/2/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/123/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/244/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/3/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/124/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/245/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/1588/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/125/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/4/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/246/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/126/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/5/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/247/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/127/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/6/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/248/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/128/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/7/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/249/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/129/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/8/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/800/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/9/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/1906/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/802/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/803/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/20/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/21/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/22/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/23/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/24/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/25/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/26/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/27/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/28/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/29/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/3420/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/1482/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/490/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/1480/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/250/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/371/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/130/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/251/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/131/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/252/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/132/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/253/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/254/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/1238/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/134/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/255/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/256/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/257/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/378/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/3413/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/258/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/259/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/1475/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/936/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/30/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/816/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)File opened: /proc/5294/commJump to behavior
Source: /tmp/zerarm5.elf (PID: 5460)Queries kernel information via 'uname': Jump to behavior
Source: zerarm5.elf, 5460.1.000055b8d7345000.000055b8d7493000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: zerarm5.elf, 5460.1.000055b8d7345000.000055b8d7493000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: zerarm5.elf, 5460.1.00007fff67568000.00007fff67589000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: zerarm5.elf, 5460.1.00007fff67568000.00007fff67589000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/zerarm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zerarm5.elf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1643371 Sample: zerarm5.elf Startdate: 19/03/2025 Architecture: LINUX Score: 52 14 watchmepull.dyn. [malformed] 2->14 16 45.147.251.145, 1440, 49042 RACKMARKTES Germany 2->16 18 2 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 8 zerarm5.elf 2->8         started        signatures3 22 Sends malformed DNS queries 14->22 process4 process5 10 zerarm5.elf 8->10         started        process6 12 zerarm5.elf 10->12         started       
SourceDetectionScannerLabelLink
zerarm5.elf40%VirustotalBrowse
zerarm5.elf39%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
watchmepull.dyn
185.220.204.227
truefalse
    high
    ohlookthereismyboats.geek
    104.248.47.182
    truefalse
      high
      watchmepull.dyn. [malformed]
      unknown
      unknownfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        185.220.204.227
        watchmepull.dynIsrael
        41436CLOUDWEBMANAGE-EUGBfalse
        104.248.47.182
        ohlookthereismyboats.geekUnited States
        14061DIGITALOCEAN-ASNUSfalse
        45.147.251.145
        unknownGermany
        197518RACKMARKTESfalse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        185.220.204.227zersh4.elfGet hashmaliciousUnknownBrowse
          zerarm.elfGet hashmaliciousUnknownBrowse
            zermips.elfGet hashmaliciousUnknownBrowse
              zerx86.elfGet hashmaliciousUnknownBrowse
                zerppc.elfGet hashmaliciousUnknownBrowse
                  zermpsl.elfGet hashmaliciousUnknownBrowse
                    zerm68k.elfGet hashmaliciousUnknownBrowse
                      zersh4.elfGet hashmaliciousUnknownBrowse
                        zerarm7.elfGet hashmaliciousUnknownBrowse
                          104.248.47.182zerspc.elfGet hashmaliciousUnknownBrowse
                            zerarm.elfGet hashmaliciousUnknownBrowse
                              45.147.251.145zerspc.elfGet hashmaliciousUnknownBrowse
                                zerarm.elfGet hashmaliciousUnknownBrowse
                                  zerarm.elfGet hashmaliciousUnknownBrowse
                                    zerarm5.elfGet hashmaliciousUnknownBrowse
                                      zerx86.elfGet hashmaliciousUnknownBrowse
                                        zerspc.elfGet hashmaliciousUnknownBrowse
                                          zerppc.elfGet hashmaliciousUnknownBrowse
                                            zermpsl.elfGet hashmaliciousUnknownBrowse
                                              zerm68k.elfGet hashmaliciousUnknownBrowse
                                                zersh4.elfGet hashmaliciousUnknownBrowse
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  ohlookthereismyboats.geekjklarm7.elfGet hashmaliciousUnknownBrowse
                                                  • 104.248.47.182
                                                  jklppc.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  splarm.elfGet hashmaliciousUnknownBrowse
                                                  • 104.248.47.182
                                                  jklarm.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  nabm68k.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  splmips.elfGet hashmaliciousUnknownBrowse
                                                  • 104.248.47.182
                                                  nabspc.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  nklppc.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  zerspc.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  zersh4.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  watchmepull.dynsplmips.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  zersh4.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  DIGITALOCEAN-ASNUSjklarm.elfGet hashmaliciousUnknownBrowse
                                                  • 178.128.18.8
                                                  zerspc.elfGet hashmaliciousUnknownBrowse
                                                  • 104.248.47.182
                                                  zerarm.elfGet hashmaliciousUnknownBrowse
                                                  • 104.248.47.182
                                                  resgod.ppc.elfGet hashmaliciousMiraiBrowse
                                                  • 206.189.186.139
                                                  http://jcbajqjo.abdomed-ua.online/redirect/#ZDJsc2JtRkFjSEpsZEhkcGJDNWpieTU2WVE9PQ==&_blankGet hashmaliciousUnknownBrowse
                                                  • 134.209.177.172
                                                  https://trezzerwalletse.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                  • 167.99.228.137
                                                  https://surl.li/Pd-clientesGet hashmaliciousUnknownBrowse
                                                  • 198.199.109.95
                                                  https://billing-app-pago-group00.codeanyapp.com/21P.MN/auth/Get hashmaliciousUnknownBrowse
                                                  • 198.199.109.95
                                                  http://communaute-protestante-berlin.de/dinGet hashmaliciousUnknownBrowse
                                                  • 104.131.67.145
                                                  http://marketplace-items-8236237852.hstn.me/Get hashmaliciousUnknownBrowse
                                                  • 146.185.171.8
                                                  RACKMARKTESzerspc.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  zerarm.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  graviola.dllGet hashmaliciousUnknownBrowse
                                                  • 185.228.72.203
                                                  graviola.dllGet hashmaliciousUnknownBrowse
                                                  • 185.228.72.203
                                                  zerarm.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  zerarm5.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  zerx86.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  zerspc.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  zerppc.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  zermpsl.elfGet hashmaliciousUnknownBrowse
                                                  • 45.147.251.145
                                                  CLOUDWEBMANAGE-EUGBzersh4.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  zerarm.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  zermips.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  zerx86.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  zerppc.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  zermpsl.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  zerm68k.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  zersh4.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  zerarm7.elfGet hashmaliciousUnknownBrowse
                                                  • 185.220.204.227
                                                  https://basvur-acildenizv2denizkredi.site/Get hashmaliciousHTMLPhisherBrowse
                                                  • 5.180.183.64
                                                  No context
                                                  No context
                                                  No created / dropped files found
                                                  File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                                  Entropy (8bit):5.982706487290446
                                                  TrID:
                                                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                  File name:zerarm5.elf
                                                  File size:47'528 bytes
                                                  MD5:bfa88a0946b6eea9f443c8794c2f55b1
                                                  SHA1:3ab9c0ea1a6a6e01d4951ff9f7077200311b65e0
                                                  SHA256:b33f09579953c932b3e7ef2bc343864de13bc64f4e591c9551ce87800552e154
                                                  SHA512:b5d0815d6c4d0caf5e3a6efae211538241f17b2929e437c099d6fff0296eac9c8328d7015d8de93c4bb3f134473d0cab725134648167a43ed8f85118888fc820
                                                  SSDEEP:768:fM5sJmQ1hF1YBMNTqQ3KJooVL6TTxJ/yo2/oCNsnd1b8a/NWgYXP:ssgQ1O9Q36ojTTrNndvkLXP
                                                  TLSH:19230791B8819A13C5D4137FFA2F419D372163A8E2DF7217DD222F45778A82F0EAB605
                                                  File Content Preview:.ELF...a..........(.........4...........4. ...(.........................................................$...........Q.td..................................-...L."....+..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                                  ELF header

                                                  Class:ELF32
                                                  Data:2's complement, little endian
                                                  Version:1 (current)
                                                  Machine:ARM
                                                  Version Number:0x1
                                                  Type:EXEC (Executable file)
                                                  OS/ABI:ARM - ABI
                                                  ABI Version:0
                                                  Entry Point Address:0x8190
                                                  Flags:0x2
                                                  ELF Header Size:52
                                                  Program Header Offset:52
                                                  Program Header Size:32
                                                  Number of Program Headers:3
                                                  Section Header Offset:47088
                                                  Section Header Size:40
                                                  Number of Section Headers:11
                                                  Header String Table Index:10
                                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                  NULL0x00x00x00x00x0000
                                                  .initPROGBITS0x80940x940x180x00x6AX004
                                                  .textPROGBITS0x80b00xb00xac500x00x6AX0016
                                                  .finiPROGBITS0x12d000xad000x140x00x6AX004
                                                  .rodataPROGBITS0x12d140xad140x8d40x00x2A004
                                                  .ctorsPROGBITS0x1b5ec0xb5ec0x80x00x3WA004
                                                  .dtorsPROGBITS0x1b5f40xb5f40x80x00x3WA004
                                                  .jcrPROGBITS0x1b5fc0xb5fc0x40x00x3WA004
                                                  .dataPROGBITS0x1b6000xb6000x1ac0x00x3WA004
                                                  .bssNOBITS0x1b7ac0xb7ac0x2640x00x3WA004
                                                  .shstrtabSTRTAB0x00xb7ac0x430x00x0001
                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                  LOAD0x00x80000x80000xb5e80xb5e86.01560x5R E0x8000.init .text .fini .rodata
                                                  LOAD0xb5ec0x1b5ec0x1b5ec0x1c00x4242.30370x6RW 0x8000.ctors .dtors .jcr .data .bss
                                                  GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                  Download Network PCAP: filteredfull

                                                  • Total Packets: 92
                                                  • 1440 undefined
                                                  • 53 (DNS)
                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Mar 19, 2025 19:51:57.557420969 CET490421440192.168.2.1345.147.251.145
                                                  Mar 19, 2025 19:51:57.562230110 CET14404904245.147.251.145192.168.2.13
                                                  Mar 19, 2025 19:51:57.563051939 CET490421440192.168.2.1345.147.251.145
                                                  Mar 19, 2025 19:51:57.578831911 CET490421440192.168.2.1345.147.251.145
                                                  Mar 19, 2025 19:51:57.583486080 CET14404904245.147.251.145192.168.2.13
                                                  Mar 19, 2025 19:51:57.584326029 CET490421440192.168.2.1345.147.251.145
                                                  Mar 19, 2025 19:51:57.591506004 CET14404904245.147.251.145192.168.2.13
                                                  Mar 19, 2025 19:52:07.589175940 CET490421440192.168.2.1345.147.251.145
                                                  Mar 19, 2025 19:52:07.593884945 CET14404904245.147.251.145192.168.2.13
                                                  Mar 19, 2025 19:52:07.814874887 CET14404904245.147.251.145192.168.2.13
                                                  Mar 19, 2025 19:52:07.815316916 CET490421440192.168.2.1345.147.251.145
                                                  Mar 19, 2025 19:52:07.820965052 CET14404904245.147.251.145192.168.2.13
                                                  Mar 19, 2025 19:52:08.855545998 CET424321440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:08.860234976 CET144042432104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:08.860313892 CET424321440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:08.861624002 CET424321440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:08.866313934 CET144042432104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:08.866368055 CET424321440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:08.871088982 CET144042432104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:19.455147028 CET144042432104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:19.455476046 CET424321440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:19.460191965 CET144042432104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:20.473959923 CET405701440192.168.2.13185.220.204.227
                                                  Mar 19, 2025 19:52:20.478741884 CET144040570185.220.204.227192.168.2.13
                                                  Mar 19, 2025 19:52:20.478827953 CET405701440192.168.2.13185.220.204.227
                                                  Mar 19, 2025 19:52:20.480000973 CET405701440192.168.2.13185.220.204.227
                                                  Mar 19, 2025 19:52:20.484704018 CET144040570185.220.204.227192.168.2.13
                                                  Mar 19, 2025 19:52:20.484771013 CET405701440192.168.2.13185.220.204.227
                                                  Mar 19, 2025 19:52:20.489427090 CET144040570185.220.204.227192.168.2.13
                                                  Mar 19, 2025 19:52:31.023967028 CET144040570185.220.204.227192.168.2.13
                                                  Mar 19, 2025 19:52:31.024267912 CET405701440192.168.2.13185.220.204.227
                                                  Mar 19, 2025 19:52:31.028958082 CET144040570185.220.204.227192.168.2.13
                                                  Mar 19, 2025 19:52:32.046711922 CET424361440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:32.052634954 CET144042436104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:32.052716017 CET424361440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:32.053853035 CET424361440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:32.059791088 CET144042436104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:32.059842110 CET424361440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:32.065365076 CET144042436104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:42.623186111 CET144042436104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:42.623420954 CET424361440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:42.628118038 CET144042436104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:43.724342108 CET424381440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:43.729099035 CET144042438104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:43.729173899 CET424381440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:43.730437994 CET424381440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:43.735271931 CET144042438104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:43.735338926 CET424381440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:43.740063906 CET144042438104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:54.314268112 CET144042438104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:54.314667940 CET424381440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:54.319356918 CET144042438104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:55.485269070 CET424401440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:55.490087032 CET144042440104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:55.490214109 CET424401440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:55.491303921 CET424401440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:55.496000051 CET144042440104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:52:55.496084929 CET424401440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:52:55.500776052 CET144042440104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:06.077610016 CET144042440104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:06.077950954 CET424401440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:06.082654953 CET144042440104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:07.189563990 CET424421440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:07.194300890 CET144042442104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:07.194363117 CET424421440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:07.195394993 CET424421440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:07.200028896 CET144042442104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:07.200079918 CET424421440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:07.204695940 CET144042442104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:17.205543041 CET424421440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:17.210547924 CET144042442104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:17.404016972 CET144042442104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:17.404441118 CET424421440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:17.404478073 CET424421440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:17.409281015 CET144042442104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:18.504997015 CET424441440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:18.510241032 CET144042444104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:18.510351896 CET424441440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:18.512016058 CET424441440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:18.516952038 CET144042444104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:18.517024994 CET424441440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:18.521755934 CET144042444104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:29.101196051 CET144042444104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:29.101407051 CET424441440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:29.106085062 CET144042444104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:30.218594074 CET424461440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:30.223324060 CET144042446104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:30.223400116 CET424461440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:30.224914074 CET424461440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:30.229662895 CET144042446104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:30.229733944 CET424461440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:30.234471083 CET144042446104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:40.805262089 CET144042446104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:40.805687904 CET424461440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:40.810473919 CET144042446104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:41.907541037 CET424481440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:41.912241936 CET144042448104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:41.912419081 CET424481440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:41.913826942 CET424481440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:41.918606997 CET144042448104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:41.918684959 CET424481440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:41.923365116 CET144042448104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:52.497502089 CET144042448104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:52.497766972 CET424481440192.168.2.13104.248.47.182
                                                  Mar 19, 2025 19:53:52.502496004 CET144042448104.248.47.182192.168.2.13
                                                  Mar 19, 2025 19:53:53.518115997 CET405861440192.168.2.13185.220.204.227
                                                  Mar 19, 2025 19:53:53.524504900 CET144040586185.220.204.227192.168.2.13
                                                  Mar 19, 2025 19:53:53.524600983 CET405861440192.168.2.13185.220.204.227
                                                  Mar 19, 2025 19:53:53.525974989 CET405861440192.168.2.13185.220.204.227
                                                  Mar 19, 2025 19:53:53.532233000 CET144040586185.220.204.227192.168.2.13
                                                  Mar 19, 2025 19:53:53.532299042 CET405861440192.168.2.13185.220.204.227
                                                  Mar 19, 2025 19:53:53.538028002 CET144040586185.220.204.227192.168.2.13
                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Mar 19, 2025 19:51:57.535235882 CET3414953192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:51:57.553389072 CET5334149202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:52:08.818666935 CET3577053192.168.2.13185.181.61.24
                                                  Mar 19, 2025 19:52:08.854563951 CET5335770185.181.61.24192.168.2.13
                                                  Mar 19, 2025 19:52:20.457890034 CET3885653192.168.2.1351.158.108.203
                                                  Mar 19, 2025 19:52:20.473380089 CET533885651.158.108.203192.168.2.13
                                                  Mar 19, 2025 19:52:32.027333021 CET5635353192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:52:32.045861006 CET5356353202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:52:43.626946926 CET4112153192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:52:43.647083044 CET5341121202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:52:43.648216009 CET5543953192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:52:43.667854071 CET5355439202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:52:43.668895960 CET4661853192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:52:43.686216116 CET5346618202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:52:43.687716961 CET5785453192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:52:43.704963923 CET5357854202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:52:43.706048012 CET4324353192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:52:43.723800898 CET5343243202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:52:55.317430019 CET5407153192.168.2.1381.169.136.222
                                                  Mar 19, 2025 19:52:55.348397970 CET535407181.169.136.222192.168.2.13
                                                  Mar 19, 2025 19:52:55.349843025 CET3734153192.168.2.1381.169.136.222
                                                  Mar 19, 2025 19:52:55.379054070 CET533734181.169.136.222192.168.2.13
                                                  Mar 19, 2025 19:52:55.380425930 CET4004853192.168.2.1381.169.136.222
                                                  Mar 19, 2025 19:52:55.414560080 CET534004881.169.136.222192.168.2.13
                                                  Mar 19, 2025 19:52:55.415963888 CET5705253192.168.2.1381.169.136.222
                                                  Mar 19, 2025 19:52:55.447930098 CET535705281.169.136.222192.168.2.13
                                                  Mar 19, 2025 19:52:55.449502945 CET4320153192.168.2.1381.169.136.222
                                                  Mar 19, 2025 19:52:55.484188080 CET534320181.169.136.222192.168.2.13
                                                  Mar 19, 2025 19:53:07.081423998 CET4811853192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:07.098105907 CET5348118194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:07.099417925 CET5765153192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:07.117229939 CET5357651194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:07.118560076 CET3722353192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:07.141139984 CET5337223194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:07.142539978 CET5344453192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:07.164952040 CET5353444194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:07.166115999 CET4517153192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:07.188680887 CET5345171194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:18.408446074 CET3902653192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:18.426364899 CET5339026202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:18.428056002 CET4718153192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:18.446916103 CET5347181202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:18.448585033 CET6090453192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:18.466029882 CET5360904202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:18.467483997 CET4873853192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:18.484972000 CET5348738202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:18.486509085 CET6043653192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:18.504254103 CET5360436202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:30.104492903 CET5391053192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:30.121285915 CET5353910194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:30.122771978 CET5896753192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:30.145149946 CET5358967194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:30.146380901 CET5547753192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:30.169266939 CET5355477194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:30.170655012 CET4186653192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:30.193304062 CET5341866194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:30.194729090 CET5826153192.168.2.13194.36.144.87
                                                  Mar 19, 2025 19:53:30.217600107 CET5358261194.36.144.87192.168.2.13
                                                  Mar 19, 2025 19:53:41.809381962 CET4255653192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:41.828759909 CET5342556202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:41.830569983 CET5353653192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:41.848120928 CET5353536202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:41.849633932 CET5386153192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:41.867755890 CET5353861202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:41.869059086 CET5953653192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:41.886284113 CET5359536202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:41.888535976 CET4494053192.168.2.13202.61.197.122
                                                  Mar 19, 2025 19:53:41.906467915 CET5344940202.61.197.122192.168.2.13
                                                  Mar 19, 2025 19:53:53.501493931 CET4070153192.168.2.1351.158.108.203
                                                  Mar 19, 2025 19:53:53.517373085 CET534070151.158.108.203192.168.2.13
                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Mar 19, 2025 19:51:57.535235882 CET192.168.2.13202.61.197.1220x7e86Standard query (0)watchmepull.dynA (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:08.818666935 CET192.168.2.13185.181.61.240x68dbStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:20.457890034 CET192.168.2.1351.158.108.2030xa8a3Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:32.027333021 CET192.168.2.13202.61.197.1220x2357Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:43.626946926 CET192.168.2.13202.61.197.1220x3ed8Standard query (0)watchmepull.dyn. [malformed]256379false
                                                  Mar 19, 2025 19:52:43.648216009 CET192.168.2.13202.61.197.1220x3ed8Standard query (0)watchmepull.dyn. [malformed]256379false
                                                  Mar 19, 2025 19:52:43.668895960 CET192.168.2.13202.61.197.1220x3ed8Standard query (0)watchmepull.dyn. [malformed]256379false
                                                  Mar 19, 2025 19:52:43.687716961 CET192.168.2.13202.61.197.1220x3ed8Standard query (0)watchmepull.dyn. [malformed]256379false
                                                  Mar 19, 2025 19:52:43.706048012 CET192.168.2.13202.61.197.1220x3ed8Standard query (0)watchmepull.dyn. [malformed]256379false
                                                  Mar 19, 2025 19:52:55.317430019 CET192.168.2.1381.169.136.2220xfa3aStandard query (0)watchmepull.dyn. [malformed]256391false
                                                  Mar 19, 2025 19:52:55.349843025 CET192.168.2.1381.169.136.2220xfa3aStandard query (0)watchmepull.dyn. [malformed]256391false
                                                  Mar 19, 2025 19:52:55.380425930 CET192.168.2.1381.169.136.2220xfa3aStandard query (0)watchmepull.dyn. [malformed]256391false
                                                  Mar 19, 2025 19:52:55.415963888 CET192.168.2.1381.169.136.2220xfa3aStandard query (0)watchmepull.dyn. [malformed]256391false
                                                  Mar 19, 2025 19:52:55.449502945 CET192.168.2.1381.169.136.2220xfa3aStandard query (0)watchmepull.dyn. [malformed]256391false
                                                  Mar 19, 2025 19:53:07.081423998 CET192.168.2.13194.36.144.870xaccfStandard query (0)watchmepull.dyn. [malformed]256403false
                                                  Mar 19, 2025 19:53:07.099417925 CET192.168.2.13194.36.144.870xaccfStandard query (0)watchmepull.dyn. [malformed]256403false
                                                  Mar 19, 2025 19:53:07.118560076 CET192.168.2.13194.36.144.870xaccfStandard query (0)watchmepull.dyn. [malformed]256403false
                                                  Mar 19, 2025 19:53:07.142539978 CET192.168.2.13194.36.144.870xaccfStandard query (0)watchmepull.dyn. [malformed]256403false
                                                  Mar 19, 2025 19:53:07.166115999 CET192.168.2.13194.36.144.870xaccfStandard query (0)watchmepull.dyn. [malformed]256403false
                                                  Mar 19, 2025 19:53:18.408446074 CET192.168.2.13202.61.197.1220x367cStandard query (0)watchmepull.dyn. [malformed]256414false
                                                  Mar 19, 2025 19:53:18.428056002 CET192.168.2.13202.61.197.1220x367cStandard query (0)watchmepull.dyn. [malformed]256414false
                                                  Mar 19, 2025 19:53:18.448585033 CET192.168.2.13202.61.197.1220x367cStandard query (0)watchmepull.dyn. [malformed]256414false
                                                  Mar 19, 2025 19:53:18.467483997 CET192.168.2.13202.61.197.1220x367cStandard query (0)watchmepull.dyn. [malformed]256414false
                                                  Mar 19, 2025 19:53:18.486509085 CET192.168.2.13202.61.197.1220x367cStandard query (0)watchmepull.dyn. [malformed]256414false
                                                  Mar 19, 2025 19:53:30.104492903 CET192.168.2.13194.36.144.870x7cf0Standard query (0)watchmepull.dyn. [malformed]256426false
                                                  Mar 19, 2025 19:53:30.122771978 CET192.168.2.13194.36.144.870x7cf0Standard query (0)watchmepull.dyn. [malformed]256426false
                                                  Mar 19, 2025 19:53:30.146380901 CET192.168.2.13194.36.144.870x7cf0Standard query (0)watchmepull.dyn. [malformed]256426false
                                                  Mar 19, 2025 19:53:30.170655012 CET192.168.2.13194.36.144.870x7cf0Standard query (0)watchmepull.dyn. [malformed]256426false
                                                  Mar 19, 2025 19:53:30.194729090 CET192.168.2.13194.36.144.870x7cf0Standard query (0)watchmepull.dyn. [malformed]256426false
                                                  Mar 19, 2025 19:53:41.809381962 CET192.168.2.13202.61.197.1220x7741Standard query (0)watchmepull.dyn. [malformed]256437false
                                                  Mar 19, 2025 19:53:41.830569983 CET192.168.2.13202.61.197.1220x7741Standard query (0)watchmepull.dyn. [malformed]256437false
                                                  Mar 19, 2025 19:53:41.849633932 CET192.168.2.13202.61.197.1220x7741Standard query (0)watchmepull.dyn. [malformed]256437false
                                                  Mar 19, 2025 19:53:41.869059086 CET192.168.2.13202.61.197.1220x7741Standard query (0)watchmepull.dyn. [malformed]256437false
                                                  Mar 19, 2025 19:53:41.888535976 CET192.168.2.13202.61.197.1220x7741Standard query (0)watchmepull.dyn. [malformed]256437false
                                                  Mar 19, 2025 19:53:53.501493931 CET192.168.2.1351.158.108.2030x143bStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Mar 19, 2025 19:51:57.553389072 CET202.61.197.122192.168.2.130x7e86No error (0)watchmepull.dyn185.220.204.227A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:51:57.553389072 CET202.61.197.122192.168.2.130x7e86No error (0)watchmepull.dyn104.248.47.182A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:51:57.553389072 CET202.61.197.122192.168.2.130x7e86No error (0)watchmepull.dyn45.147.251.145A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:08.854563951 CET185.181.61.24192.168.2.130x68dbNo error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:08.854563951 CET185.181.61.24192.168.2.130x68dbNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:08.854563951 CET185.181.61.24192.168.2.130x68dbNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:20.473380089 CET51.158.108.203192.168.2.130xa8a3No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:20.473380089 CET51.158.108.203192.168.2.130xa8a3No error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:20.473380089 CET51.158.108.203192.168.2.130xa8a3No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:32.045861006 CET202.61.197.122192.168.2.130x2357No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:32.045861006 CET202.61.197.122192.168.2.130x2357No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:52:32.045861006 CET202.61.197.122192.168.2.130x2357No error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:53:07.098105907 CET194.36.144.87192.168.2.130xaccfFormat error (1)watchmepull.dyn. [malformed]nonenone256403false
                                                  Mar 19, 2025 19:53:07.117229939 CET194.36.144.87192.168.2.130xaccfFormat error (1)watchmepull.dyn. [malformed]nonenone256403false
                                                  Mar 19, 2025 19:53:07.141139984 CET194.36.144.87192.168.2.130xaccfFormat error (1)watchmepull.dyn. [malformed]nonenone256403false
                                                  Mar 19, 2025 19:53:07.164952040 CET194.36.144.87192.168.2.130xaccfFormat error (1)watchmepull.dyn. [malformed]nonenone256403false
                                                  Mar 19, 2025 19:53:07.188680887 CET194.36.144.87192.168.2.130xaccfFormat error (1)watchmepull.dyn. [malformed]nonenone256403false
                                                  Mar 19, 2025 19:53:30.121285915 CET194.36.144.87192.168.2.130x7cf0Format error (1)watchmepull.dyn. [malformed]nonenone256426false
                                                  Mar 19, 2025 19:53:30.145149946 CET194.36.144.87192.168.2.130x7cf0Format error (1)watchmepull.dyn. [malformed]nonenone256426false
                                                  Mar 19, 2025 19:53:30.169266939 CET194.36.144.87192.168.2.130x7cf0Format error (1)watchmepull.dyn. [malformed]nonenone256426false
                                                  Mar 19, 2025 19:53:30.193304062 CET194.36.144.87192.168.2.130x7cf0Format error (1)watchmepull.dyn. [malformed]nonenone256426false
                                                  Mar 19, 2025 19:53:30.217600107 CET194.36.144.87192.168.2.130x7cf0Format error (1)watchmepull.dyn. [malformed]nonenone256426false
                                                  Mar 19, 2025 19:53:53.517373085 CET51.158.108.203192.168.2.130x143bNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:53:53.517373085 CET51.158.108.203192.168.2.130x143bNo error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                  Mar 19, 2025 19:53:53.517373085 CET51.158.108.203192.168.2.130x143bNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false

                                                  System Behavior

                                                  Start time (UTC):18:51:56
                                                  Start date (UTC):19/03/2025
                                                  Path:/tmp/zerarm5.elf
                                                  Arguments:-
                                                  File size:4956856 bytes
                                                  MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                  Start time (UTC):18:51:56
                                                  Start date (UTC):19/03/2025
                                                  Path:/tmp/zerarm5.elf
                                                  Arguments:-
                                                  File size:4956856 bytes
                                                  MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1