Edit tour

Linux Analysis Report
zermpsl.elf

Overview

General Information

Sample name:zermpsl.elf
Analysis ID:1643377
MD5:9b78a4b43f0e482fb6eb433fa1820444
SHA1:f9f49e90e1538fe4d107b94e750cfdb94aaf108b
SHA256:7034e4c16d644634ca11dda8716777309163c78fae24c8237e86ae9a15596960
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1643377
Start date and time:2025-03-19 19:55:09 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 42s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zermpsl.elf
Detection:MAL
Classification:mal52.troj.linELF@0/0@27/0
Command:/tmp/zermpsl.elf
PID:5433
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:
  • system is lnxubuntu20
  • zermpsl.elf (PID: 5433, Parent: 5357, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/zermpsl.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zermpsl.elfVirustotal: Detection: 22%Perma Link
Source: zermpsl.elfReversingLabs: Detection: 22%

Networking

barindex
Source: global trafficDNS traffic detected: malformed DNS query: watchmepull.dyn. [malformed]
Source: global trafficTCP traffic: 192.168.2.13:49046 -> 45.147.251.145:1440
Source: global trafficTCP traffic: 192.168.2.13:42436 -> 104.248.47.182:1440
Source: global trafficTCP traffic: 192.168.2.13:40576 -> 185.220.204.227:1440
Source: /tmp/zermpsl.elf (PID: 5433)Socket: 127.0.0.1:39148Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: global trafficDNS traffic detected: DNS query: ohlookthereismyboats.geek
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn. [malformed]
Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne >> > .d
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal52.troj.linELF@0/0@27/0
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/230/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/110/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/231/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/111/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/232/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/112/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/233/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/113/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/234/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/114/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/235/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/115/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/236/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/116/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/237/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/117/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/238/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/118/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/239/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/5379/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/119/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/914/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/10/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/917/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/11/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/12/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/13/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/5274/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/14/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/15/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/16/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/17/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/18/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/19/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/240/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/3095/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/120/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/241/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/121/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/242/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/1/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/122/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/243/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/2/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/123/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/244/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/3/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/124/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/245/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/1588/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/125/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/4/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/246/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/126/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/5/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/247/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/127/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/6/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/248/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/128/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/7/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/249/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/129/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/8/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/800/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/9/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/1906/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/802/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/803/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/20/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/21/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/22/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/23/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/24/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/25/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/26/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/27/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/28/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/29/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/3420/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/1482/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/490/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/1480/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/250/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/371/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/130/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/251/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/131/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/252/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/132/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/253/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/254/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/1238/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/134/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/255/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/256/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/257/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/378/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/3413/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/258/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/259/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/1475/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/936/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/30/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)File opened: /proc/816/commJump to behavior
Source: /tmp/zermpsl.elf (PID: 5433)Queries kernel information via 'uname': Jump to behavior
Source: zermpsl.elf, 5433.1.0000555eb3d5d000.0000555eb3e05000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
Source: zermpsl.elf, 5433.1.00007ffd8a264000.00007ffd8a285000.rw-.sdmpBinary or memory string: 0x86_64/usr/bin/qemu-mipsel/tmp/zermpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zermpsl.elf
Source: zermpsl.elf, 5433.1.0000555eb3d5d000.0000555eb3e05000.rw-.sdmpBinary or memory string: ^U!/etc/qemu-binfmt/mipsel
Source: zermpsl.elf, 5433.1.00007ffd8a264000.00007ffd8a285000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1643377 Sample: zermpsl.elf Startdate: 19/03/2025 Architecture: LINUX Score: 52 14 watchmepull.dyn. [malformed] 2->14 16 45.147.251.145, 1440, 49046, 49054 RACKMARKTES Germany 2->16 18 2 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 8 zermpsl.elf 2->8         started        signatures3 22 Sends malformed DNS queries 14->22 process4 process5 10 zermpsl.elf 8->10         started        process6 12 zermpsl.elf 10->12         started       
SourceDetectionScannerLabelLink
zermpsl.elf22%VirustotalBrowse
zermpsl.elf22%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
ohlookthereismyboats.geek
104.248.47.182
truefalse
    high
    watchmepull.dyn. [malformed]
    unknown
    unknownfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      185.220.204.227
      unknownIsrael
      41436CLOUDWEBMANAGE-EUGBfalse
      104.248.47.182
      ohlookthereismyboats.geekUnited States
      14061DIGITALOCEAN-ASNUSfalse
      45.147.251.145
      unknownGermany
      197518RACKMARKTESfalse
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      185.220.204.227zerarm5.elfGet hashmaliciousUnknownBrowse
        zersh4.elfGet hashmaliciousUnknownBrowse
          zerarm.elfGet hashmaliciousUnknownBrowse
            zermips.elfGet hashmaliciousUnknownBrowse
              zerx86.elfGet hashmaliciousUnknownBrowse
                zerppc.elfGet hashmaliciousUnknownBrowse
                  zermpsl.elfGet hashmaliciousUnknownBrowse
                    zerm68k.elfGet hashmaliciousUnknownBrowse
                      zersh4.elfGet hashmaliciousUnknownBrowse
                        zerarm7.elfGet hashmaliciousUnknownBrowse
                          104.248.47.182zerarm5.elfGet hashmaliciousUnknownBrowse
                            zerspc.elfGet hashmaliciousUnknownBrowse
                              zerarm.elfGet hashmaliciousUnknownBrowse
                                45.147.251.145zerarm5.elfGet hashmaliciousUnknownBrowse
                                  zerspc.elfGet hashmaliciousUnknownBrowse
                                    zerarm.elfGet hashmaliciousUnknownBrowse
                                      zerarm.elfGet hashmaliciousUnknownBrowse
                                        zerarm5.elfGet hashmaliciousUnknownBrowse
                                          zerx86.elfGet hashmaliciousUnknownBrowse
                                            zerspc.elfGet hashmaliciousUnknownBrowse
                                              zerppc.elfGet hashmaliciousUnknownBrowse
                                                zermpsl.elfGet hashmaliciousUnknownBrowse
                                                  zerm68k.elfGet hashmaliciousUnknownBrowse
                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    ohlookthereismyboats.geeksh4.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    nklm68k.elfGet hashmaliciousUnknownBrowse
                                                    • 104.248.47.182
                                                    nabarm.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zerarm5.elfGet hashmaliciousUnknownBrowse
                                                    • 104.248.47.182
                                                    jklarm7.elfGet hashmaliciousUnknownBrowse
                                                    • 104.248.47.182
                                                    jklppc.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    splarm.elfGet hashmaliciousUnknownBrowse
                                                    • 104.248.47.182
                                                    jklarm.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    nabm68k.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    splmips.elfGet hashmaliciousUnknownBrowse
                                                    • 104.248.47.182
                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    DIGITALOCEAN-ASNUSnabarm.elfGet hashmaliciousUnknownBrowse
                                                    • 107.170.130.190
                                                    zerarm5.elfGet hashmaliciousUnknownBrowse
                                                    • 104.248.47.182
                                                    jklarm.elfGet hashmaliciousUnknownBrowse
                                                    • 178.128.18.8
                                                    zerspc.elfGet hashmaliciousUnknownBrowse
                                                    • 104.248.47.182
                                                    zerarm.elfGet hashmaliciousUnknownBrowse
                                                    • 104.248.47.182
                                                    resgod.ppc.elfGet hashmaliciousMiraiBrowse
                                                    • 206.189.186.139
                                                    http://jcbajqjo.abdomed-ua.online/redirect/#ZDJsc2JtRkFjSEpsZEhkcGJDNWpieTU2WVE9PQ==&_blankGet hashmaliciousUnknownBrowse
                                                    • 134.209.177.172
                                                    https://trezzerwalletse.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                    • 167.99.228.137
                                                    https://surl.li/Pd-clientesGet hashmaliciousUnknownBrowse
                                                    • 198.199.109.95
                                                    https://billing-app-pago-group00.codeanyapp.com/21P.MN/auth/Get hashmaliciousUnknownBrowse
                                                    • 198.199.109.95
                                                    RACKMARKTESzerarm5.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    zerspc.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    zerarm.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    graviola.dllGet hashmaliciousUnknownBrowse
                                                    • 185.228.72.203
                                                    graviola.dllGet hashmaliciousUnknownBrowse
                                                    • 185.228.72.203
                                                    zerarm.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    zerarm5.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    zerx86.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    zerspc.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    zerppc.elfGet hashmaliciousUnknownBrowse
                                                    • 45.147.251.145
                                                    CLOUDWEBMANAGE-EUGBzerarm5.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zersh4.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zerarm.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zermips.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zerx86.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zerppc.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zermpsl.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zerm68k.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zersh4.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    zerarm7.elfGet hashmaliciousUnknownBrowse
                                                    • 185.220.204.227
                                                    No context
                                                    No context
                                                    No created / dropped files found
                                                    File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                                                    Entropy (8bit):5.4018541730641765
                                                    TrID:
                                                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                    File name:zermpsl.elf
                                                    File size:63'616 bytes
                                                    MD5:9b78a4b43f0e482fb6eb433fa1820444
                                                    SHA1:f9f49e90e1538fe4d107b94e750cfdb94aaf108b
                                                    SHA256:7034e4c16d644634ca11dda8716777309163c78fae24c8237e86ae9a15596960
                                                    SHA512:592e5985bfaf6c0919f6a0ee88c71dec187510a35d006c5ea0f43a7467266f8965f2e5de7b39ea88ba4bd99d6fa19bc0bb99da41c0d53facb1960649d4cc8008
                                                    SSDEEP:1536:tr1D6kaUFWAkdx10cTSGb4VRkGjTq2FhXPG:tBDGUFWAkdyjBhXPG
                                                    TLSH:82539216BF650FBBECABCC3749B91B0524CCA50A21A43B397934D818F65B25F45E38B4
                                                    File Content Preview:.ELF....................`.@.4...(.......4. ...(...............@...@...........................D...D.....X...........Q.td...............................<\q.'!......'.......................<8q.'!... .........9'.. ........................<.q.'!.............9

                                                    ELF header

                                                    Class:ELF32
                                                    Data:2's complement, little endian
                                                    Version:1 (current)
                                                    Machine:MIPS R3000
                                                    Version Number:0x1
                                                    Type:EXEC (Executable file)
                                                    OS/ABI:UNIX - System V
                                                    ABI Version:0
                                                    Entry Point Address:0x400260
                                                    Flags:0x1007
                                                    ELF Header Size:52
                                                    Program Header Offset:52
                                                    Program Header Size:32
                                                    Number of Program Headers:3
                                                    Section Header Offset:63016
                                                    Section Header Size:40
                                                    Number of Section Headers:15
                                                    Header String Table Index:14
                                                    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                    NULL0x00x00x00x00x0000
                                                    .initPROGBITS0x4000940x940x8c0x00x6AX004
                                                    .textPROGBITS0x4001200x1200xe2000x00x6AX0016
                                                    .finiPROGBITS0x40e3200xe3200x5c0x00x6AX004
                                                    .rodataPROGBITS0x40e3800xe3800x9100x00x2A0016
                                                    .ctorsPROGBITS0x44f0000xf0000x80x00x3WA004
                                                    .dtorsPROGBITS0x44f0080xf0080x80x00x3WA004
                                                    .jcrPROGBITS0x44f0100xf0100x40x00x3WA004
                                                    .data.rel.roPROGBITS0x44f0140xf0140x100x00x3WA004
                                                    .dataPROGBITS0x44f0300xf0300x1d00x00x3WA0016
                                                    .gotPROGBITS0x44f2000xf2000x3bc0x40x10000003WAp0016
                                                    .sbssNOBITS0x44f5bc0xf5bc0x140x00x10000003WAp004
                                                    .bssNOBITS0x44f5d00xf5bc0x2880x00x3WA0016
                                                    .mdebug.abi32PROGBITS0x7620xf5bc0x00x00x0001
                                                    .shstrtabSTRTAB0x00xf5bc0x690x00x0001
                                                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                    LOAD0x00x4000000x4000000xec900xec905.48580x5R E0x10000.init .text .fini .rodata
                                                    LOAD0xf0000x44f0000x44f0000x5bc0x8583.57770x6RW 0x10000.ctors .dtors .jcr .data.rel.ro .data .got .sbss .bss
                                                    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                    Download Network PCAP: filteredfull

                                                    • Total Packets: 83
                                                    • 1440 undefined
                                                    • 53 (DNS)
                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Mar 19, 2025 19:56:01.027101994 CET490461440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:01.031939983 CET14404904645.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:01.032500029 CET490461440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:01.048470974 CET490461440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:01.053189993 CET14404904645.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:01.053237915 CET490461440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:01.057897091 CET14404904645.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:11.058751106 CET490461440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:11.063595057 CET14404904645.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:11.280348063 CET14404904645.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:11.280702114 CET490461440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:11.285639048 CET14404904645.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:12.300836086 CET424361440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:12.305619955 CET144042436104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:12.305696011 CET424361440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:12.306711912 CET424361440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:12.311408997 CET144042436104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:12.311480999 CET424361440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:12.316137075 CET144042436104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:22.890988111 CET144042436104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:22.891166925 CET424361440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:22.895854950 CET144042436104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:24.006988049 CET424381440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:24.011765003 CET144042438104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:24.011876106 CET424381440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:24.013200045 CET424381440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:24.017965078 CET144042438104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:24.018052101 CET424381440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:24.025736094 CET144042438104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:34.572679043 CET144042438104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:34.572875977 CET424381440192.168.2.13104.248.47.182
                                                    Mar 19, 2025 19:56:34.577646017 CET144042438104.248.47.182192.168.2.13
                                                    Mar 19, 2025 19:56:35.595277071 CET405761440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:56:35.600040913 CET144040576185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:56:35.600125074 CET405761440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:56:35.601125956 CET405761440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:56:35.605825901 CET144040576185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:56:35.605892897 CET405761440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:56:35.610758066 CET144040576185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:56:46.140954971 CET144040576185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:56:46.141256094 CET405761440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:56:46.146023989 CET144040576185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:56:47.159737110 CET490541440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:47.164685965 CET14404905445.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:47.164746046 CET490541440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:47.166255951 CET490541440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:47.171015978 CET14404905445.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:47.171080112 CET490541440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:47.175795078 CET14404905445.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:57.780029058 CET14404905445.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:57.780332088 CET490541440192.168.2.1345.147.251.145
                                                    Mar 19, 2025 19:56:57.785141945 CET14404905445.147.251.145192.168.2.13
                                                    Mar 19, 2025 19:56:58.815216064 CET405801440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:56:58.820046902 CET144040580185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:56:58.820147991 CET405801440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:56:58.821707010 CET405801440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:56:58.826481104 CET144040580185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:56:58.826555967 CET405801440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:56:58.831311941 CET144040580185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:09.357817888 CET144040580185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:09.358115911 CET405801440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:09.362768888 CET144040580185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:10.549879074 CET405821440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:10.559247017 CET144040582185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:10.559329987 CET405821440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:10.560667038 CET405821440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:10.567143917 CET144040582185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:10.567193031 CET405821440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:10.573673964 CET144040582185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:20.568155050 CET405821440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:20.573198080 CET144040582185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:20.753859043 CET144040582185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:20.754071951 CET405821440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:20.758759022 CET144040582185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:21.773893118 CET405841440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:21.778851032 CET144040584185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:21.778932095 CET405841440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:21.780258894 CET405841440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:21.785577059 CET144040584185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:21.785640955 CET405841440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:21.790797949 CET144040584185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:32.322046041 CET144040584185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:32.322266102 CET405841440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:32.327003956 CET144040584185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:33.409128904 CET405861440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:33.413861036 CET144040586185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:33.413959026 CET405861440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:33.415211916 CET405861440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:33.419936895 CET144040586185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:33.420027971 CET405861440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:33.424729109 CET144040586185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:43.978629112 CET144040586185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:43.978863955 CET405861440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:43.983582973 CET144040586185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:45.282430887 CET405881440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:45.287149906 CET144040588185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:45.287221909 CET405881440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:45.288516998 CET405881440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:45.293184996 CET144040588185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:45.293256998 CET405881440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:45.297875881 CET144040588185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:55.863051891 CET144040588185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:55.863264084 CET405881440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:55.870249033 CET144040588185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:56.957086086 CET405901440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:56.962893963 CET144040590185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:56.962990999 CET405901440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:56.964432955 CET405901440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:56.969072104 CET144040590185.220.204.227192.168.2.13
                                                    Mar 19, 2025 19:57:56.969151974 CET405901440192.168.2.13185.220.204.227
                                                    Mar 19, 2025 19:57:56.973843098 CET144040590185.220.204.227192.168.2.13
                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Mar 19, 2025 19:56:00.999382019 CET5831753192.168.2.13152.53.15.127
                                                    Mar 19, 2025 19:56:01.023617983 CET5358317152.53.15.127192.168.2.13
                                                    Mar 19, 2025 19:56:12.283811092 CET5663053192.168.2.1351.158.108.203
                                                    Mar 19, 2025 19:56:12.299859047 CET535663051.158.108.203192.168.2.13
                                                    Mar 19, 2025 19:56:23.893338919 CET6037653192.168.2.13194.36.144.87
                                                    Mar 19, 2025 19:56:23.915926933 CET5360376194.36.144.87192.168.2.13
                                                    Mar 19, 2025 19:56:23.917500019 CET4045753192.168.2.13194.36.144.87
                                                    Mar 19, 2025 19:56:23.939954042 CET5340457194.36.144.87192.168.2.13
                                                    Mar 19, 2025 19:56:23.940778971 CET4933653192.168.2.13194.36.144.87
                                                    Mar 19, 2025 19:56:23.963176012 CET5349336194.36.144.87192.168.2.13
                                                    Mar 19, 2025 19:56:23.964116096 CET3327153192.168.2.13194.36.144.87
                                                    Mar 19, 2025 19:56:23.980923891 CET5333271194.36.144.87192.168.2.13
                                                    Mar 19, 2025 19:56:23.982012987 CET4181853192.168.2.13194.36.144.87
                                                    Mar 19, 2025 19:56:24.004705906 CET5341818194.36.144.87192.168.2.13
                                                    Mar 19, 2025 19:56:35.575757980 CET4362653192.168.2.13202.61.197.122
                                                    Mar 19, 2025 19:56:35.593523026 CET5343626202.61.197.122192.168.2.13
                                                    Mar 19, 2025 19:56:47.143500090 CET3648353192.168.2.1351.158.108.203
                                                    Mar 19, 2025 19:56:47.158772945 CET533648351.158.108.203192.168.2.13
                                                    Mar 19, 2025 19:56:58.784317017 CET4178253192.168.2.1381.169.136.222
                                                    Mar 19, 2025 19:56:58.814076900 CET534178281.169.136.222192.168.2.13
                                                    Mar 19, 2025 19:57:10.361176014 CET3661253192.168.2.13185.181.61.24
                                                    Mar 19, 2025 19:57:10.397088051 CET5336612185.181.61.24192.168.2.13
                                                    Mar 19, 2025 19:57:10.398835897 CET4399153192.168.2.13185.181.61.24
                                                    Mar 19, 2025 19:57:10.435607910 CET5343991185.181.61.24192.168.2.13
                                                    Mar 19, 2025 19:57:10.437127113 CET4652653192.168.2.13185.181.61.24
                                                    Mar 19, 2025 19:57:10.472810030 CET5346526185.181.61.24192.168.2.13
                                                    Mar 19, 2025 19:57:10.474390984 CET4700653192.168.2.13185.181.61.24
                                                    Mar 19, 2025 19:57:10.511493921 CET5347006185.181.61.24192.168.2.13
                                                    Mar 19, 2025 19:57:10.513075113 CET3429253192.168.2.13185.181.61.24
                                                    Mar 19, 2025 19:57:10.548857927 CET5334292185.181.61.24192.168.2.13
                                                    Mar 19, 2025 19:57:21.757750034 CET5577653192.168.2.1351.158.108.203
                                                    Mar 19, 2025 19:57:21.773149967 CET535577651.158.108.203192.168.2.13
                                                    Mar 19, 2025 19:57:33.325879097 CET3594453192.168.2.1351.158.108.203
                                                    Mar 19, 2025 19:57:33.341142893 CET533594451.158.108.203192.168.2.13
                                                    Mar 19, 2025 19:57:33.342780113 CET3349453192.168.2.1351.158.108.203
                                                    Mar 19, 2025 19:57:33.357892036 CET533349451.158.108.203192.168.2.13
                                                    Mar 19, 2025 19:57:33.359612942 CET4562253192.168.2.1351.158.108.203
                                                    Mar 19, 2025 19:57:33.374984980 CET534562251.158.108.203192.168.2.13
                                                    Mar 19, 2025 19:57:33.376365900 CET5038553192.168.2.1351.158.108.203
                                                    Mar 19, 2025 19:57:33.391524076 CET535038551.158.108.203192.168.2.13
                                                    Mar 19, 2025 19:57:33.392852068 CET6008153192.168.2.1351.158.108.203
                                                    Mar 19, 2025 19:57:33.408099890 CET536008151.158.108.203192.168.2.13
                                                    Mar 19, 2025 19:57:44.982074976 CET5036553192.168.2.13152.53.15.127
                                                    Mar 19, 2025 19:57:45.004887104 CET5350365152.53.15.127192.168.2.13
                                                    Mar 19, 2025 19:57:45.006093025 CET5491153192.168.2.13152.53.15.127
                                                    Mar 19, 2025 19:57:45.028784990 CET5354911152.53.15.127192.168.2.13
                                                    Mar 19, 2025 19:57:45.030591011 CET6053653192.168.2.13152.53.15.127
                                                    Mar 19, 2025 19:57:45.243638039 CET5360536152.53.15.127192.168.2.13
                                                    Mar 19, 2025 19:57:45.245847940 CET5309753192.168.2.13152.53.15.127
                                                    Mar 19, 2025 19:57:45.262738943 CET5353097152.53.15.127192.168.2.13
                                                    Mar 19, 2025 19:57:45.264337063 CET3625553192.168.2.13152.53.15.127
                                                    Mar 19, 2025 19:57:45.281256914 CET5336255152.53.15.127192.168.2.13
                                                    Mar 19, 2025 19:57:56.866352081 CET3416753192.168.2.13168.235.111.72
                                                    Mar 19, 2025 19:57:56.955538988 CET5334167168.235.111.72192.168.2.13
                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Mar 19, 2025 19:56:00.999382019 CET192.168.2.13152.53.15.1270xb43bStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:12.283811092 CET192.168.2.1351.158.108.2030x9d4Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:23.893338919 CET192.168.2.13194.36.144.870x3621Standard query (0)watchmepull.dyn. [malformed]256343false
                                                    Mar 19, 2025 19:56:23.917500019 CET192.168.2.13194.36.144.870x3621Standard query (0)watchmepull.dyn. [malformed]256343false
                                                    Mar 19, 2025 19:56:23.940778971 CET192.168.2.13194.36.144.870x3621Standard query (0)watchmepull.dyn. [malformed]256343false
                                                    Mar 19, 2025 19:56:23.964116096 CET192.168.2.13194.36.144.870x3621Standard query (0)watchmepull.dyn. [malformed]256343false
                                                    Mar 19, 2025 19:56:23.982012987 CET192.168.2.13194.36.144.870x3621Standard query (0)watchmepull.dyn. [malformed]256344false
                                                    Mar 19, 2025 19:56:35.575757980 CET192.168.2.13202.61.197.1220xa2b9Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:47.143500090 CET192.168.2.1351.158.108.2030xb751Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:58.784317017 CET192.168.2.1381.169.136.2220xd007Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:57:10.361176014 CET192.168.2.13185.181.61.240xe206Standard query (0)watchmepull.dyn. [malformed]256390false
                                                    Mar 19, 2025 19:57:10.398835897 CET192.168.2.13185.181.61.240xe206Standard query (0)watchmepull.dyn. [malformed]256390false
                                                    Mar 19, 2025 19:57:10.437127113 CET192.168.2.13185.181.61.240xe206Standard query (0)watchmepull.dyn. [malformed]256390false
                                                    Mar 19, 2025 19:57:10.474390984 CET192.168.2.13185.181.61.240xe206Standard query (0)watchmepull.dyn. [malformed]256390false
                                                    Mar 19, 2025 19:57:10.513075113 CET192.168.2.13185.181.61.240xe206Standard query (0)watchmepull.dyn. [malformed]256390false
                                                    Mar 19, 2025 19:57:21.757750034 CET192.168.2.1351.158.108.2030x8f69Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:57:33.325879097 CET192.168.2.1351.158.108.2030x7b61Standard query (0)watchmepull.dyn. [malformed]256413false
                                                    Mar 19, 2025 19:57:33.342780113 CET192.168.2.1351.158.108.2030x7b61Standard query (0)watchmepull.dyn. [malformed]256413false
                                                    Mar 19, 2025 19:57:33.359612942 CET192.168.2.1351.158.108.2030x7b61Standard query (0)watchmepull.dyn. [malformed]256413false
                                                    Mar 19, 2025 19:57:33.376365900 CET192.168.2.1351.158.108.2030x7b61Standard query (0)watchmepull.dyn. [malformed]256413false
                                                    Mar 19, 2025 19:57:33.392852068 CET192.168.2.1351.158.108.2030x7b61Standard query (0)watchmepull.dyn. [malformed]256413false
                                                    Mar 19, 2025 19:57:44.982074976 CET192.168.2.13152.53.15.1270x3257Standard query (0)watchmepull.dyn. [malformed]256425false
                                                    Mar 19, 2025 19:57:45.006093025 CET192.168.2.13152.53.15.1270x3257Standard query (0)watchmepull.dyn. [malformed]256425false
                                                    Mar 19, 2025 19:57:45.030591011 CET192.168.2.13152.53.15.1270x3257Standard query (0)watchmepull.dyn. [malformed]256425false
                                                    Mar 19, 2025 19:57:45.245847940 CET192.168.2.13152.53.15.1270x3257Standard query (0)watchmepull.dyn. [malformed]256425false
                                                    Mar 19, 2025 19:57:45.264337063 CET192.168.2.13152.53.15.1270x3257Standard query (0)watchmepull.dyn. [malformed]256425false
                                                    Mar 19, 2025 19:57:56.866352081 CET192.168.2.13168.235.111.720x48eeStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Mar 19, 2025 19:56:01.023617983 CET152.53.15.127192.168.2.130xb43bNo error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:01.023617983 CET152.53.15.127192.168.2.130xb43bNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:01.023617983 CET152.53.15.127192.168.2.130xb43bNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:12.299859047 CET51.158.108.203192.168.2.130x9d4No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:12.299859047 CET51.158.108.203192.168.2.130x9d4No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:12.299859047 CET51.158.108.203192.168.2.130x9d4No error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:23.915926933 CET194.36.144.87192.168.2.130x3621Format error (1)watchmepull.dyn. [malformed]nonenone256343false
                                                    Mar 19, 2025 19:56:23.939954042 CET194.36.144.87192.168.2.130x3621Format error (1)watchmepull.dyn. [malformed]nonenone256343false
                                                    Mar 19, 2025 19:56:23.963176012 CET194.36.144.87192.168.2.130x3621Format error (1)watchmepull.dyn. [malformed]nonenone256343false
                                                    Mar 19, 2025 19:56:23.980923891 CET194.36.144.87192.168.2.130x3621Format error (1)watchmepull.dyn. [malformed]nonenone256343false
                                                    Mar 19, 2025 19:56:24.004705906 CET194.36.144.87192.168.2.130x3621Format error (1)watchmepull.dyn. [malformed]nonenone256344false
                                                    Mar 19, 2025 19:56:35.593523026 CET202.61.197.122192.168.2.130xa2b9No error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:35.593523026 CET202.61.197.122192.168.2.130xa2b9No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:35.593523026 CET202.61.197.122192.168.2.130xa2b9No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:47.158772945 CET51.158.108.203192.168.2.130xb751No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:47.158772945 CET51.158.108.203192.168.2.130xb751No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:47.158772945 CET51.158.108.203192.168.2.130xb751No error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:58.814076900 CET81.169.136.222192.168.2.130xd007No error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:58.814076900 CET81.169.136.222192.168.2.130xd007No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:56:58.814076900 CET81.169.136.222192.168.2.130xd007No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:57:21.773149967 CET51.158.108.203192.168.2.130x8f69No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:57:21.773149967 CET51.158.108.203192.168.2.130x8f69No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:57:21.773149967 CET51.158.108.203192.168.2.130x8f69No error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:57:33.341142893 CET51.158.108.203192.168.2.130x7b61Format error (1)watchmepull.dyn. [malformed]nonenone256413false
                                                    Mar 19, 2025 19:57:33.357892036 CET51.158.108.203192.168.2.130x7b61Format error (1)watchmepull.dyn. [malformed]nonenone256413false
                                                    Mar 19, 2025 19:57:33.374984980 CET51.158.108.203192.168.2.130x7b61Format error (1)watchmepull.dyn. [malformed]nonenone256413false
                                                    Mar 19, 2025 19:57:33.391524076 CET51.158.108.203192.168.2.130x7b61Format error (1)watchmepull.dyn. [malformed]nonenone256413false
                                                    Mar 19, 2025 19:57:33.408099890 CET51.158.108.203192.168.2.130x7b61Format error (1)watchmepull.dyn. [malformed]nonenone256413false
                                                    Mar 19, 2025 19:57:45.004887104 CET152.53.15.127192.168.2.130x3257Format error (1)watchmepull.dyn. [malformed]nonenone256425false
                                                    Mar 19, 2025 19:57:45.028784990 CET152.53.15.127192.168.2.130x3257Format error (1)watchmepull.dyn. [malformed]nonenone256425false
                                                    Mar 19, 2025 19:57:45.243638039 CET152.53.15.127192.168.2.130x3257Format error (1)watchmepull.dyn. [malformed]nonenone256425false
                                                    Mar 19, 2025 19:57:45.262738943 CET152.53.15.127192.168.2.130x3257Format error (1)watchmepull.dyn. [malformed]nonenone256425false
                                                    Mar 19, 2025 19:57:45.281256914 CET152.53.15.127192.168.2.130x3257Format error (1)watchmepull.dyn. [malformed]nonenone256425false
                                                    Mar 19, 2025 19:57:56.955538988 CET168.235.111.72192.168.2.130x48eeNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:57:56.955538988 CET168.235.111.72192.168.2.130x48eeNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                    Mar 19, 2025 19:57:56.955538988 CET168.235.111.72192.168.2.130x48eeNo error (0)ohlookthereismyboats.geek104.248.47.182A (IP address)IN (0x0001)false

                                                    System Behavior

                                                    Start time (UTC):18:55:59
                                                    Start date (UTC):19/03/2025
                                                    Path:/tmp/zermpsl.elf
                                                    Arguments:-
                                                    File size:5773336 bytes
                                                    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                                    Start time (UTC):18:55:59
                                                    Start date (UTC):19/03/2025
                                                    Path:/tmp/zermpsl.elf
                                                    Arguments:-
                                                    File size:5773336 bytes
                                                    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9