MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1396277bdbadb4ada749609e273bdbf3255c06ef0bdd74854b97b7dfe3279c98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1396277bdbadb4ada749609e273bdbf3255c06ef0bdd74854b97b7dfe3279c98
SHA3-384 hash: dfbb1bce095a3612e6c39cf0400dbd57987e8be9adb23c1d4823e51f7f8efdba9b81d34ed6c56ece8be1db6e3eb6f97a
SHA1 hash: f8ab22ad28f5111ec59f164696ea7d032855991b
MD5 hash: 4fe57f117ac66a150fc028e3475d6de6
humanhash: queen-ceiling-quiet-lactose
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'959 bytes
First seen:2025-08-21 07:32:10 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:iZahmlZsnElZxCXlZFePlZaQazvZlZaWaFvjlZ9N+9z4gelZgjclZhSvlZjQjzqQ:iCmluEl6XluPlg9zvZlg3Fvjlzez4ZlR
TLSH T1455141DB13524A312D63BA27FDBD8E1D7281909A1DE37F48AEDC3CA5638DD893044A47
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.135.194.90/hiddenbin/Space.arc0a3333a9d5b6088cd2bc89e3b078e8cbfe26297ebc07150162d5c96283ef24e6 Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.x8646af7fb3ce7c082374caa6819a3bf0990872097ea32310aca045b46a82439273 Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.x86_648cfa96f26c13a9962c8e7dd3c9bef011ea2a3fbb117685484cadcc96e820a033 Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.i6860ba34d3fa49cbddf145b2d88a055a5fe453edd5b8c2a87332de141d8b13cf782 Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.mips1301fc95a00182d5960a769e58d23bb8bb3e885340dbd961e58a8e4161e2493a Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.mips64n/an/aelf ua-wget
http://45.135.194.90/hiddenbin/Space.mpsl12827c3f5df1db91959b18fc5a19d12891a30c2e06408754c15e9d7ded6c025e Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.armaa8487afeff81a6952b9270f7ab81cbf18f2cc75ff554496d596e66a70a51c7c Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.arm5abcc525e0ccb577fcda5c7b4d1f0b5eda692a5a8a2f8a7f8c94cef7e14641bce Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.arm6d9718388cae05014344fa54244cbe64324949bf2ac1a6c215dc974527f125c3f Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.arm75e011f93a04c6dc93df55ab173bee3ba1dc2d7b9d6665bd493cd44c572addf6b Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.ppcd183d0d42baed4f4b7d5433f5df24c1453ba273469167bb7d801865dbf557596 Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.sparcn/an/aelf ua-wget
http://45.135.194.90/hiddenbin/Space.m68k0e58debf67a9090bbf1be2da95db2ccd4f92fe0e4686bbda954d62c57d1baccf Miraielf mirai ua-wget
http://45.135.194.90/hiddenbin/Space.sh407fcb2491573bf833f1573281234f4dba2fc0afddf47e720f3d255ad6307faba Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9313044c-dd81-4702-a178-5d08c07c99e8
Behavior Graph:
Download SVG
%3 guuid=840f2de2-1f00-0000-3b5e-b059e2080000 pid=2274 /usr/bin/sudo guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278 /tmp/sample.bin guuid=840f2de2-1f00-0000-3b5e-b059e2080000 pid=2274->guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278 execve guuid=5407f8e4-1f00-0000-3b5e-b059e7080000 pid=2279 /usr/bin/cp guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=5407f8e4-1f00-0000-3b5e-b059e7080000 pid=2279 execve guuid=f89403f5-1f00-0000-3b5e-b059e9080000 pid=2281 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=f89403f5-1f00-0000-3b5e-b059e9080000 pid=2281 execve guuid=f10391fb-1f00-0000-3b5e-b059f4080000 pid=2292 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=f10391fb-1f00-0000-3b5e-b059f4080000 pid=2292 execve guuid=b3198c07-2000-0000-3b5e-b059fe080000 pid=2302 /usr/bin/cat guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=b3198c07-2000-0000-3b5e-b059fe080000 pid=2302 execve guuid=23860208-2000-0000-3b5e-b05900090000 pid=2304 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=23860208-2000-0000-3b5e-b05900090000 pid=2304 execve guuid=5b7b6708-2000-0000-3b5e-b05902090000 pid=2306 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=5b7b6708-2000-0000-3b5e-b05902090000 pid=2306 clone guuid=3bc50e09-2000-0000-3b5e-b05906090000 pid=2310 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=3bc50e09-2000-0000-3b5e-b05906090000 pid=2310 execve guuid=953a1e0b-2000-0000-3b5e-b0590c090000 pid=2316 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=953a1e0b-2000-0000-3b5e-b0590c090000 pid=2316 execve guuid=7f7b6410-2000-0000-3b5e-b0591c090000 pid=2332 /usr/bin/cat guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=7f7b6410-2000-0000-3b5e-b0591c090000 pid=2332 execve guuid=9866cd10-2000-0000-3b5e-b0591d090000 pid=2333 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=9866cd10-2000-0000-3b5e-b0591d090000 pid=2333 execve guuid=4fa44611-2000-0000-3b5e-b0591e090000 pid=2334 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=4fa44611-2000-0000-3b5e-b0591e090000 pid=2334 execve guuid=9cd63a3e-2100-0000-3b5e-b059b80b0000 pid=3000 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=9cd63a3e-2100-0000-3b5e-b059b80b0000 pid=3000 execve guuid=b8230f41-2100-0000-3b5e-b059be0b0000 pid=3006 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=b8230f41-2100-0000-3b5e-b059be0b0000 pid=3006 execve guuid=f0d8b646-2100-0000-3b5e-b059cd0b0000 pid=3021 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=f0d8b646-2100-0000-3b5e-b059cd0b0000 pid=3021 clone guuid=ed8fd346-2100-0000-3b5e-b059cf0b0000 pid=3023 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=ed8fd346-2100-0000-3b5e-b059cf0b0000 pid=3023 execve guuid=647c1647-2100-0000-3b5e-b059d10b0000 pid=3025 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=647c1647-2100-0000-3b5e-b059d10b0000 pid=3025 execve guuid=4bda7173-2200-0000-3b5e-b059bc0d0000 pid=3516 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=4bda7173-2200-0000-3b5e-b059bc0d0000 pid=3516 execve guuid=4ba44f76-2200-0000-3b5e-b059c50d0000 pid=3525 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=4ba44f76-2200-0000-3b5e-b059c50d0000 pid=3525 execve guuid=d434e07a-2200-0000-3b5e-b059cd0d0000 pid=3533 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=d434e07a-2200-0000-3b5e-b059cd0d0000 pid=3533 clone guuid=3a8ff77a-2200-0000-3b5e-b059ce0d0000 pid=3534 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=3a8ff77a-2200-0000-3b5e-b059ce0d0000 pid=3534 execve guuid=283a3f7b-2200-0000-3b5e-b059cf0d0000 pid=3535 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=283a3f7b-2200-0000-3b5e-b059cf0d0000 pid=3535 execve guuid=050095a7-2300-0000-3b5e-b05933110000 pid=4403 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=050095a7-2300-0000-3b5e-b05933110000 pid=4403 execve guuid=18be1baa-2300-0000-3b5e-b0593d110000 pid=4413 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=18be1baa-2300-0000-3b5e-b0593d110000 pid=4413 execve guuid=0f24acad-2300-0000-3b5e-b0594a110000 pid=4426 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=0f24acad-2300-0000-3b5e-b0594a110000 pid=4426 clone guuid=5261dead-2300-0000-3b5e-b0594c110000 pid=4428 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=5261dead-2300-0000-3b5e-b0594c110000 pid=4428 execve guuid=b94239ae-2300-0000-3b5e-b0594f110000 pid=4431 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=b94239ae-2300-0000-3b5e-b0594f110000 pid=4431 execve guuid=fbe2cdda-2400-0000-3b5e-b05936140000 pid=5174 /usr/bin/wget net send-data guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=fbe2cdda-2400-0000-3b5e-b05936140000 pid=5174 execve guuid=31a2d5dd-2400-0000-3b5e-b0593c140000 pid=5180 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=31a2d5dd-2400-0000-3b5e-b0593c140000 pid=5180 execve guuid=83c4bbe3-2400-0000-3b5e-b05947140000 pid=5191 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=83c4bbe3-2400-0000-3b5e-b05947140000 pid=5191 clone guuid=9477d2e3-2400-0000-3b5e-b05949140000 pid=5193 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=9477d2e3-2400-0000-3b5e-b05949140000 pid=5193 execve guuid=c45f1fe4-2400-0000-3b5e-b0594a140000 pid=5194 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=c45f1fe4-2400-0000-3b5e-b0594a140000 pid=5194 execve guuid=9993e510-2600-0000-3b5e-b0599d140000 pid=5277 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=9993e510-2600-0000-3b5e-b0599d140000 pid=5277 execve guuid=49c34313-2600-0000-3b5e-b0599e140000 pid=5278 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=49c34313-2600-0000-3b5e-b0599e140000 pid=5278 execve guuid=64f9f817-2600-0000-3b5e-b0599f140000 pid=5279 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=64f9f817-2600-0000-3b5e-b0599f140000 pid=5279 clone guuid=33f11518-2600-0000-3b5e-b059a0140000 pid=5280 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=33f11518-2600-0000-3b5e-b059a0140000 pid=5280 execve guuid=6af85d18-2600-0000-3b5e-b059a1140000 pid=5281 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=6af85d18-2600-0000-3b5e-b059a1140000 pid=5281 execve guuid=a23fbe45-2700-0000-3b5e-b059ae140000 pid=5294 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=a23fbe45-2700-0000-3b5e-b059ae140000 pid=5294 execve guuid=20c15a48-2700-0000-3b5e-b059af140000 pid=5295 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=20c15a48-2700-0000-3b5e-b059af140000 pid=5295 execve guuid=1443b04b-2700-0000-3b5e-b059b1140000 pid=5297 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=1443b04b-2700-0000-3b5e-b059b1140000 pid=5297 clone guuid=f0cbc54b-2700-0000-3b5e-b059b2140000 pid=5298 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=f0cbc54b-2700-0000-3b5e-b059b2140000 pid=5298 execve guuid=3d2c0d4c-2700-0000-3b5e-b059b3140000 pid=5299 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=3d2c0d4c-2700-0000-3b5e-b059b3140000 pid=5299 execve guuid=41e8dd78-2800-0000-3b5e-b05979150000 pid=5497 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=41e8dd78-2800-0000-3b5e-b05979150000 pid=5497 execve guuid=357d4e7b-2800-0000-3b5e-b0597a150000 pid=5498 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=357d4e7b-2800-0000-3b5e-b0597a150000 pid=5498 execve guuid=e7cd6d7e-2800-0000-3b5e-b0597b150000 pid=5499 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=e7cd6d7e-2800-0000-3b5e-b0597b150000 pid=5499 clone guuid=9add917e-2800-0000-3b5e-b0597c150000 pid=5500 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=9add917e-2800-0000-3b5e-b0597c150000 pid=5500 execve guuid=9081e17e-2800-0000-3b5e-b0597d150000 pid=5501 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=9081e17e-2800-0000-3b5e-b0597d150000 pid=5501 execve guuid=dc53a6ab-2900-0000-3b5e-b059e7150000 pid=5607 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=dc53a6ab-2900-0000-3b5e-b059e7150000 pid=5607 execve guuid=4c7624ae-2900-0000-3b5e-b059e8150000 pid=5608 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=4c7624ae-2900-0000-3b5e-b059e8150000 pid=5608 execve guuid=e8c35db1-2900-0000-3b5e-b059e9150000 pid=5609 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=e8c35db1-2900-0000-3b5e-b059e9150000 pid=5609 clone guuid=7a5c82b1-2900-0000-3b5e-b059ea150000 pid=5610 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=7a5c82b1-2900-0000-3b5e-b059ea150000 pid=5610 execve guuid=861ed3b1-2900-0000-3b5e-b059eb150000 pid=5611 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=861ed3b1-2900-0000-3b5e-b059eb150000 pid=5611 execve guuid=47994fde-2a00-0000-3b5e-b059f8150000 pid=5624 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=47994fde-2a00-0000-3b5e-b059f8150000 pid=5624 execve guuid=f3638fe1-2a00-0000-3b5e-b059f9150000 pid=5625 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=f3638fe1-2a00-0000-3b5e-b059f9150000 pid=5625 execve guuid=407efce5-2a00-0000-3b5e-b059fa150000 pid=5626 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=407efce5-2a00-0000-3b5e-b059fa150000 pid=5626 clone guuid=3ffb3de6-2a00-0000-3b5e-b059fb150000 pid=5627 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=3ffb3de6-2a00-0000-3b5e-b059fb150000 pid=5627 execve guuid=5a03d2e6-2a00-0000-3b5e-b059fc150000 pid=5628 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=5a03d2e6-2a00-0000-3b5e-b059fc150000 pid=5628 execve guuid=c2622415-2c00-0000-3b5e-b05903160000 pid=5635 /usr/bin/wget net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=c2622415-2c00-0000-3b5e-b05903160000 pid=5635 execve guuid=091d4c18-2c00-0000-3b5e-b05904160000 pid=5636 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=091d4c18-2c00-0000-3b5e-b05904160000 pid=5636 execve guuid=dc0abc1c-2c00-0000-3b5e-b05905160000 pid=5637 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=dc0abc1c-2c00-0000-3b5e-b05905160000 pid=5637 clone guuid=4edef51c-2c00-0000-3b5e-b05906160000 pid=5638 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=4edef51c-2c00-0000-3b5e-b05906160000 pid=5638 execve guuid=108d801d-2c00-0000-3b5e-b05907160000 pid=5639 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=108d801d-2c00-0000-3b5e-b05907160000 pid=5639 execve guuid=a6e61c4b-2d00-0000-3b5e-b0590d160000 pid=5645 /usr/bin/wget net send-data guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=a6e61c4b-2d00-0000-3b5e-b0590d160000 pid=5645 execve guuid=3d93c64d-2d00-0000-3b5e-b0590e160000 pid=5646 /usr/bin/curl net send-data write-file guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=3d93c64d-2d00-0000-3b5e-b0590e160000 pid=5646 execve guuid=ed9f4c52-2d00-0000-3b5e-b0590f160000 pid=5647 /usr/bin/bash guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=ed9f4c52-2d00-0000-3b5e-b0590f160000 pid=5647 clone guuid=248d8b52-2d00-0000-3b5e-b05910160000 pid=5648 /usr/bin/chmod guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=248d8b52-2d00-0000-3b5e-b05910160000 pid=5648 execve guuid=2dea1353-2d00-0000-3b5e-b05911160000 pid=5649 /tmp/Space net guuid=5e8d7be4-1f00-0000-3b5e-b059e6080000 pid=2278->guuid=2dea1353-2d00-0000-3b5e-b05911160000 pid=5649 execve 70247b96-6e03-5b94-a2c5-8c39e6019684 45.135.194.90:80 guuid=f89403f5-1f00-0000-3b5e-b059e9080000 pid=2281->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 147B guuid=f10391fb-1f00-0000-3b5e-b059f4080000 pid=2292->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 96B guuid=3bc50e09-2000-0000-3b5e-b05906090000 pid=2310->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 147B guuid=953a1e0b-2000-0000-3b5e-b0590c090000 pid=2316->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 96B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=4fa44611-2000-0000-3b5e-b0591e090000 pid=2334->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8437e811-2000-0000-3b5e-b0591f090000 pid=2335 /tmp/Space guuid=4fa44611-2000-0000-3b5e-b0591e090000 pid=2334->guuid=8437e811-2000-0000-3b5e-b0591f090000 pid=2335 clone guuid=ded6203e-2100-0000-3b5e-b059b60b0000 pid=2998 /tmp/Space guuid=4fa44611-2000-0000-3b5e-b0591e090000 pid=2334->guuid=ded6203e-2100-0000-3b5e-b059b60b0000 pid=2998 clone guuid=ecd6273e-2100-0000-3b5e-b059b70b0000 pid=2999 /tmp/Space net send-data zombie guuid=4fa44611-2000-0000-3b5e-b0591e090000 pid=2334->guuid=ecd6273e-2100-0000-3b5e-b059b70b0000 pid=2999 clone guuid=8f25f511-2000-0000-3b5e-b05920090000 pid=2336 /tmp/Space guuid=8437e811-2000-0000-3b5e-b0591f090000 pid=2335->guuid=8f25f511-2000-0000-3b5e-b05920090000 pid=2336 clone guuid=3b4cfe11-2000-0000-3b5e-b05921090000 pid=2337 /tmp/Space net send-data zombie guuid=8437e811-2000-0000-3b5e-b0591f090000 pid=2335->guuid=3b4cfe11-2000-0000-3b5e-b05921090000 pid=2337 clone guuid=3b4cfe11-2000-0000-3b5e-b05921090000 pid=2337->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 06cdf142-0d11-5d0f-a341-54893b2d3887 255.255.255.255:3778 guuid=3b4cfe11-2000-0000-3b5e-b05921090000 pid=2337->06cdf142-0d11-5d0f-a341-54893b2d3887 con 5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 0.0.0.0:0 guuid=3b4cfe11-2000-0000-3b5e-b05921090000 pid=2337->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 300B guuid=ecd6273e-2100-0000-3b5e-b059b70b0000 pid=2999->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ecd6273e-2100-0000-3b5e-b059b70b0000 pid=2999->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=ecd6273e-2100-0000-3b5e-b059b70b0000 pid=2999->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 275B guuid=9cd63a3e-2100-0000-3b5e-b059b80b0000 pid=3000->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 150B guuid=b8230f41-2100-0000-3b5e-b059be0b0000 pid=3006->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 99B guuid=647c1647-2100-0000-3b5e-b059d10b0000 pid=3025->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=67b18c47-2100-0000-3b5e-b059d20b0000 pid=3026 /tmp/Space guuid=647c1647-2100-0000-3b5e-b059d10b0000 pid=3025->guuid=67b18c47-2100-0000-3b5e-b059d20b0000 pid=3026 clone guuid=df024f73-2200-0000-3b5e-b059ba0d0000 pid=3514 /tmp/Space guuid=647c1647-2100-0000-3b5e-b059d10b0000 pid=3025->guuid=df024f73-2200-0000-3b5e-b059ba0d0000 pid=3514 clone guuid=c7345e73-2200-0000-3b5e-b059bb0d0000 pid=3515 /tmp/Space net send-data zombie guuid=647c1647-2100-0000-3b5e-b059d10b0000 pid=3025->guuid=c7345e73-2200-0000-3b5e-b059bb0d0000 pid=3515 clone guuid=ceb99247-2100-0000-3b5e-b059d30b0000 pid=3027 /tmp/Space guuid=67b18c47-2100-0000-3b5e-b059d20b0000 pid=3026->guuid=ceb99247-2100-0000-3b5e-b059d30b0000 pid=3027 clone guuid=274c9a47-2100-0000-3b5e-b059d40b0000 pid=3028 /tmp/Space net send-data zombie guuid=67b18c47-2100-0000-3b5e-b059d20b0000 pid=3026->guuid=274c9a47-2100-0000-3b5e-b059d40b0000 pid=3028 clone guuid=274c9a47-2100-0000-3b5e-b059d40b0000 pid=3028->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=274c9a47-2100-0000-3b5e-b059d40b0000 pid=3028->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=274c9a47-2100-0000-3b5e-b059d40b0000 pid=3028->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 275B guuid=c7345e73-2200-0000-3b5e-b059bb0d0000 pid=3515->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c7345e73-2200-0000-3b5e-b059bb0d0000 pid=3515->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=c7345e73-2200-0000-3b5e-b059bb0d0000 pid=3515->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 250B guuid=4bda7173-2200-0000-3b5e-b059bc0d0000 pid=3516->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 148B guuid=4ba44f76-2200-0000-3b5e-b059c50d0000 pid=3525->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 97B guuid=283a3f7b-2200-0000-3b5e-b059cf0d0000 pid=3535->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2e0db97b-2200-0000-3b5e-b059d00d0000 pid=3536 /tmp/Space guuid=283a3f7b-2200-0000-3b5e-b059cf0d0000 pid=3535->guuid=2e0db97b-2200-0000-3b5e-b059d00d0000 pid=3536 clone guuid=61e57fa7-2300-0000-3b5e-b05931110000 pid=4401 /tmp/Space guuid=283a3f7b-2200-0000-3b5e-b059cf0d0000 pid=3535->guuid=61e57fa7-2300-0000-3b5e-b05931110000 pid=4401 clone guuid=928786a7-2300-0000-3b5e-b05932110000 pid=4402 /tmp/Space net send-data zombie guuid=283a3f7b-2200-0000-3b5e-b059cf0d0000 pid=3535->guuid=928786a7-2300-0000-3b5e-b05932110000 pid=4402 clone guuid=796cc17b-2200-0000-3b5e-b059d10d0000 pid=3537 /tmp/Space guuid=2e0db97b-2200-0000-3b5e-b059d00d0000 pid=3536->guuid=796cc17b-2200-0000-3b5e-b059d10d0000 pid=3537 clone guuid=ed73cb7b-2200-0000-3b5e-b059d20d0000 pid=3538 /tmp/Space net send-data zombie guuid=2e0db97b-2200-0000-3b5e-b059d00d0000 pid=3536->guuid=ed73cb7b-2200-0000-3b5e-b059d20d0000 pid=3538 clone guuid=ed73cb7b-2200-0000-3b5e-b059d20d0000 pid=3538->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ed73cb7b-2200-0000-3b5e-b059d20d0000 pid=3538->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=ed73cb7b-2200-0000-3b5e-b059d20d0000 pid=3538->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 250B guuid=928786a7-2300-0000-3b5e-b05932110000 pid=4402->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=928786a7-2300-0000-3b5e-b05932110000 pid=4402->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=928786a7-2300-0000-3b5e-b05932110000 pid=4402->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 225B guuid=050095a7-2300-0000-3b5e-b05933110000 pid=4403->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 148B guuid=18be1baa-2300-0000-3b5e-b0593d110000 pid=4413->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 97B guuid=b94239ae-2300-0000-3b5e-b0594f110000 pid=4431->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=76fcadae-2300-0000-3b5e-b05953110000 pid=4435 /tmp/Space guuid=b94239ae-2300-0000-3b5e-b0594f110000 pid=4431->guuid=76fcadae-2300-0000-3b5e-b05953110000 pid=4435 clone guuid=6ea5b9da-2400-0000-3b5e-b05933140000 pid=5171 /tmp/Space guuid=b94239ae-2300-0000-3b5e-b0594f110000 pid=4431->guuid=6ea5b9da-2400-0000-3b5e-b05933140000 pid=5171 clone guuid=4030c1da-2400-0000-3b5e-b05934140000 pid=5172 /tmp/Space net send-data zombie guuid=b94239ae-2300-0000-3b5e-b0594f110000 pid=4431->guuid=4030c1da-2400-0000-3b5e-b05934140000 pid=5172 clone guuid=f7fbb4ae-2300-0000-3b5e-b05954110000 pid=4436 /tmp/Space guuid=76fcadae-2300-0000-3b5e-b05953110000 pid=4435->guuid=f7fbb4ae-2300-0000-3b5e-b05954110000 pid=4436 clone guuid=5c94b9ae-2300-0000-3b5e-b05955110000 pid=4437 /tmp/Space net send-data zombie guuid=76fcadae-2300-0000-3b5e-b05953110000 pid=4435->guuid=5c94b9ae-2300-0000-3b5e-b05955110000 pid=4437 clone guuid=5c94b9ae-2300-0000-3b5e-b05955110000 pid=4437->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5c94b9ae-2300-0000-3b5e-b05955110000 pid=4437->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=5c94b9ae-2300-0000-3b5e-b05955110000 pid=4437->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 225B guuid=4030c1da-2400-0000-3b5e-b05934140000 pid=5172->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4030c1da-2400-0000-3b5e-b05934140000 pid=5172->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=4030c1da-2400-0000-3b5e-b05934140000 pid=5172->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 200B guuid=fbe2cdda-2400-0000-3b5e-b05936140000 pid=5174->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 150B guuid=31a2d5dd-2400-0000-3b5e-b0593c140000 pid=5180->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 99B guuid=c45f1fe4-2400-0000-3b5e-b0594a140000 pid=5194->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eca5a1e4-2400-0000-3b5e-b0594d140000 pid=5197 /tmp/Space guuid=c45f1fe4-2400-0000-3b5e-b0594a140000 pid=5194->guuid=eca5a1e4-2400-0000-3b5e-b0594d140000 pid=5197 clone guuid=6575cf10-2600-0000-3b5e-b0599b140000 pid=5275 /tmp/Space guuid=c45f1fe4-2400-0000-3b5e-b0594a140000 pid=5194->guuid=6575cf10-2600-0000-3b5e-b0599b140000 pid=5275 clone guuid=a954d510-2600-0000-3b5e-b0599c140000 pid=5276 /tmp/Space net send-data zombie guuid=c45f1fe4-2400-0000-3b5e-b0594a140000 pid=5194->guuid=a954d510-2600-0000-3b5e-b0599c140000 pid=5276 clone guuid=64a0e2e4-2400-0000-3b5e-b0594e140000 pid=5198 /tmp/Space guuid=eca5a1e4-2400-0000-3b5e-b0594d140000 pid=5197->guuid=64a0e2e4-2400-0000-3b5e-b0594e140000 pid=5198 clone guuid=a0f8e7e4-2400-0000-3b5e-b05950140000 pid=5200 /tmp/Space net send-data zombie guuid=eca5a1e4-2400-0000-3b5e-b0594d140000 pid=5197->guuid=a0f8e7e4-2400-0000-3b5e-b05950140000 pid=5200 clone guuid=a0f8e7e4-2400-0000-3b5e-b05950140000 pid=5200->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a0f8e7e4-2400-0000-3b5e-b05950140000 pid=5200->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=a0f8e7e4-2400-0000-3b5e-b05950140000 pid=5200->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 200B guuid=a954d510-2600-0000-3b5e-b0599c140000 pid=5276->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a954d510-2600-0000-3b5e-b0599c140000 pid=5276->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=a954d510-2600-0000-3b5e-b0599c140000 pid=5276->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 175B guuid=9993e510-2600-0000-3b5e-b0599d140000 pid=5277->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 148B guuid=49c34313-2600-0000-3b5e-b0599e140000 pid=5278->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 97B guuid=6af85d18-2600-0000-3b5e-b059a1140000 pid=5281->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=876f0a19-2600-0000-3b5e-b059a2140000 pid=5282 /tmp/Space guuid=6af85d18-2600-0000-3b5e-b059a1140000 pid=5281->guuid=876f0a19-2600-0000-3b5e-b059a2140000 pid=5282 clone guuid=fabf5345-2700-0000-3b5e-b059ac140000 pid=5292 /tmp/Space guuid=6af85d18-2600-0000-3b5e-b059a1140000 pid=5281->guuid=fabf5345-2700-0000-3b5e-b059ac140000 pid=5292 clone guuid=231d7c45-2700-0000-3b5e-b059ad140000 pid=5293 /tmp/Space net send-data zombie guuid=6af85d18-2600-0000-3b5e-b059a1140000 pid=5281->guuid=231d7c45-2700-0000-3b5e-b059ad140000 pid=5293 clone guuid=58101619-2600-0000-3b5e-b059a3140000 pid=5283 /tmp/Space guuid=876f0a19-2600-0000-3b5e-b059a2140000 pid=5282->guuid=58101619-2600-0000-3b5e-b059a3140000 pid=5283 clone guuid=32ec1a19-2600-0000-3b5e-b059a4140000 pid=5284 /tmp/Space net send-data zombie guuid=876f0a19-2600-0000-3b5e-b059a2140000 pid=5282->guuid=32ec1a19-2600-0000-3b5e-b059a4140000 pid=5284 clone guuid=32ec1a19-2600-0000-3b5e-b059a4140000 pid=5284->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=32ec1a19-2600-0000-3b5e-b059a4140000 pid=5284->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=32ec1a19-2600-0000-3b5e-b059a4140000 pid=5284->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 175B guuid=231d7c45-2700-0000-3b5e-b059ad140000 pid=5293->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=231d7c45-2700-0000-3b5e-b059ad140000 pid=5293->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=231d7c45-2700-0000-3b5e-b059ad140000 pid=5293->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 150B guuid=a23fbe45-2700-0000-3b5e-b059ae140000 pid=5294->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 147B guuid=20c15a48-2700-0000-3b5e-b059af140000 pid=5295->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 96B guuid=3d2c0d4c-2700-0000-3b5e-b059b3140000 pid=5299->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d394954c-2700-0000-3b5e-b059b4140000 pid=5300 /tmp/Space guuid=3d2c0d4c-2700-0000-3b5e-b059b3140000 pid=5299->guuid=d394954c-2700-0000-3b5e-b059b4140000 pid=5300 clone guuid=38bcc678-2800-0000-3b5e-b05977150000 pid=5495 /tmp/Space guuid=3d2c0d4c-2700-0000-3b5e-b059b3140000 pid=5299->guuid=38bcc678-2800-0000-3b5e-b05977150000 pid=5495 clone guuid=70adcc78-2800-0000-3b5e-b05978150000 pid=5496 /tmp/Space net send-data zombie guuid=3d2c0d4c-2700-0000-3b5e-b059b3140000 pid=5299->guuid=70adcc78-2800-0000-3b5e-b05978150000 pid=5496 clone guuid=145d4a4d-2700-0000-3b5e-b059b5140000 pid=5301 /tmp/Space guuid=d394954c-2700-0000-3b5e-b059b4140000 pid=5300->guuid=145d4a4d-2700-0000-3b5e-b059b5140000 pid=5301 clone guuid=c9504f4d-2700-0000-3b5e-b059b6140000 pid=5302 /tmp/Space net send-data zombie guuid=d394954c-2700-0000-3b5e-b059b4140000 pid=5300->guuid=c9504f4d-2700-0000-3b5e-b059b6140000 pid=5302 clone guuid=c9504f4d-2700-0000-3b5e-b059b6140000 pid=5302->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c9504f4d-2700-0000-3b5e-b059b6140000 pid=5302->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=c9504f4d-2700-0000-3b5e-b059b6140000 pid=5302->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 145B guuid=70adcc78-2800-0000-3b5e-b05978150000 pid=5496->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=70adcc78-2800-0000-3b5e-b05978150000 pid=5496->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=70adcc78-2800-0000-3b5e-b05978150000 pid=5496->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 120B guuid=41e8dd78-2800-0000-3b5e-b05979150000 pid=5497->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 148B guuid=357d4e7b-2800-0000-3b5e-b0597a150000 pid=5498->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 97B guuid=9081e17e-2800-0000-3b5e-b0597d150000 pid=5501->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=17645e7f-2800-0000-3b5e-b0597e150000 pid=5502 /tmp/Space guuid=9081e17e-2800-0000-3b5e-b0597d150000 pid=5501->guuid=17645e7f-2800-0000-3b5e-b0597e150000 pid=5502 clone guuid=56498bab-2900-0000-3b5e-b059e5150000 pid=5605 /tmp/Space guuid=9081e17e-2800-0000-3b5e-b0597d150000 pid=5501->guuid=56498bab-2900-0000-3b5e-b059e5150000 pid=5605 clone guuid=d00092ab-2900-0000-3b5e-b059e6150000 pid=5606 /tmp/Space net send-data zombie guuid=9081e17e-2800-0000-3b5e-b0597d150000 pid=5501->guuid=d00092ab-2900-0000-3b5e-b059e6150000 pid=5606 clone guuid=37c09c80-2800-0000-3b5e-b0597f150000 pid=5503 /tmp/Space guuid=17645e7f-2800-0000-3b5e-b0597e150000 pid=5502->guuid=37c09c80-2800-0000-3b5e-b0597f150000 pid=5503 clone guuid=eacea480-2800-0000-3b5e-b05980150000 pid=5504 /tmp/Space net send-data zombie guuid=17645e7f-2800-0000-3b5e-b0597e150000 pid=5502->guuid=eacea480-2800-0000-3b5e-b05980150000 pid=5504 clone guuid=eacea480-2800-0000-3b5e-b05980150000 pid=5504->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eacea480-2800-0000-3b5e-b05980150000 pid=5504->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=eacea480-2800-0000-3b5e-b05980150000 pid=5504->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 120B guuid=d00092ab-2900-0000-3b5e-b059e6150000 pid=5606->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d00092ab-2900-0000-3b5e-b059e6150000 pid=5606->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=d00092ab-2900-0000-3b5e-b059e6150000 pid=5606->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 95B guuid=dc53a6ab-2900-0000-3b5e-b059e7150000 pid=5607->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 148B guuid=4c7624ae-2900-0000-3b5e-b059e8150000 pid=5608->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 97B guuid=861ed3b1-2900-0000-3b5e-b059eb150000 pid=5611->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=652346b2-2900-0000-3b5e-b059ec150000 pid=5612 /tmp/Space guuid=861ed3b1-2900-0000-3b5e-b059eb150000 pid=5611->guuid=652346b2-2900-0000-3b5e-b059ec150000 pid=5612 clone guuid=23862bde-2a00-0000-3b5e-b059f6150000 pid=5622 /tmp/Space guuid=861ed3b1-2900-0000-3b5e-b059eb150000 pid=5611->guuid=23862bde-2a00-0000-3b5e-b059f6150000 pid=5622 clone guuid=401638de-2a00-0000-3b5e-b059f7150000 pid=5623 /tmp/Space net send-data zombie guuid=861ed3b1-2900-0000-3b5e-b059eb150000 pid=5611->guuid=401638de-2a00-0000-3b5e-b059f7150000 pid=5623 clone guuid=5401fab2-2900-0000-3b5e-b059ed150000 pid=5613 /tmp/Space guuid=652346b2-2900-0000-3b5e-b059ec150000 pid=5612->guuid=5401fab2-2900-0000-3b5e-b059ed150000 pid=5613 clone guuid=b08a01b3-2900-0000-3b5e-b059ee150000 pid=5614 /tmp/Space net send-data zombie guuid=652346b2-2900-0000-3b5e-b059ec150000 pid=5612->guuid=b08a01b3-2900-0000-3b5e-b059ee150000 pid=5614 clone guuid=b08a01b3-2900-0000-3b5e-b059ee150000 pid=5614->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b08a01b3-2900-0000-3b5e-b059ee150000 pid=5614->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=b08a01b3-2900-0000-3b5e-b059ee150000 pid=5614->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 95B guuid=401638de-2a00-0000-3b5e-b059f7150000 pid=5623->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=401638de-2a00-0000-3b5e-b059f7150000 pid=5623->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=401638de-2a00-0000-3b5e-b059f7150000 pid=5623->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 70B guuid=47994fde-2a00-0000-3b5e-b059f8150000 pid=5624->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 148B guuid=f3638fe1-2a00-0000-3b5e-b059f9150000 pid=5625->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 97B guuid=5a03d2e6-2a00-0000-3b5e-b059fc150000 pid=5628->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d85b84e8-2a00-0000-3b5e-b059fd150000 pid=5629 /tmp/Space guuid=5a03d2e6-2a00-0000-3b5e-b059fc150000 pid=5628->guuid=d85b84e8-2a00-0000-3b5e-b059fd150000 pid=5629 clone guuid=2debf614-2c00-0000-3b5e-b05901160000 pid=5633 /tmp/Space guuid=5a03d2e6-2a00-0000-3b5e-b059fc150000 pid=5628->guuid=2debf614-2c00-0000-3b5e-b05901160000 pid=5633 clone guuid=be9aff14-2c00-0000-3b5e-b05902160000 pid=5634 /tmp/Space net send-data zombie guuid=5a03d2e6-2a00-0000-3b5e-b059fc150000 pid=5628->guuid=be9aff14-2c00-0000-3b5e-b05902160000 pid=5634 clone guuid=0f308ee8-2a00-0000-3b5e-b059fe150000 pid=5630 /tmp/Space guuid=d85b84e8-2a00-0000-3b5e-b059fd150000 pid=5629->guuid=0f308ee8-2a00-0000-3b5e-b059fe150000 pid=5630 clone guuid=b03a96e8-2a00-0000-3b5e-b059ff150000 pid=5631 /tmp/Space net send-data zombie guuid=d85b84e8-2a00-0000-3b5e-b059fd150000 pid=5629->guuid=b03a96e8-2a00-0000-3b5e-b059ff150000 pid=5631 clone guuid=b03a96e8-2a00-0000-3b5e-b059ff150000 pid=5631->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b03a96e8-2a00-0000-3b5e-b059ff150000 pid=5631->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=b03a96e8-2a00-0000-3b5e-b059ff150000 pid=5631->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 70B guuid=be9aff14-2c00-0000-3b5e-b05902160000 pid=5634->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=be9aff14-2c00-0000-3b5e-b05902160000 pid=5634->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=be9aff14-2c00-0000-3b5e-b05902160000 pid=5634->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 45B guuid=c2622415-2c00-0000-3b5e-b05903160000 pid=5635->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 147B guuid=091d4c18-2c00-0000-3b5e-b05904160000 pid=5636->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 96B guuid=108d801d-2c00-0000-3b5e-b05907160000 pid=5639->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0a25711e-2c00-0000-3b5e-b05908160000 pid=5640 /tmp/Space guuid=108d801d-2c00-0000-3b5e-b05907160000 pid=5639->guuid=0a25711e-2c00-0000-3b5e-b05908160000 pid=5640 clone guuid=86bff14a-2d00-0000-3b5e-b0590b160000 pid=5643 /tmp/Space guuid=108d801d-2c00-0000-3b5e-b05907160000 pid=5639->guuid=86bff14a-2d00-0000-3b5e-b0590b160000 pid=5643 clone guuid=100dfc4a-2d00-0000-3b5e-b0590c160000 pid=5644 /tmp/Space net send-data zombie guuid=108d801d-2c00-0000-3b5e-b05907160000 pid=5639->guuid=100dfc4a-2d00-0000-3b5e-b0590c160000 pid=5644 clone guuid=38517e1e-2c00-0000-3b5e-b05909160000 pid=5641 /tmp/Space guuid=0a25711e-2c00-0000-3b5e-b05908160000 pid=5640->guuid=38517e1e-2c00-0000-3b5e-b05909160000 pid=5641 clone guuid=7fb9851e-2c00-0000-3b5e-b0590a160000 pid=5642 /tmp/Space net send-data zombie guuid=0a25711e-2c00-0000-3b5e-b05908160000 pid=5640->guuid=7fb9851e-2c00-0000-3b5e-b0590a160000 pid=5642 clone guuid=7fb9851e-2c00-0000-3b5e-b0590a160000 pid=5642->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7fb9851e-2c00-0000-3b5e-b0590a160000 pid=5642->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=7fb9851e-2c00-0000-3b5e-b0590a160000 pid=5642->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 45B guuid=100dfc4a-2d00-0000-3b5e-b0590c160000 pid=5644->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=100dfc4a-2d00-0000-3b5e-b0590c160000 pid=5644->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=100dfc4a-2d00-0000-3b5e-b0590c160000 pid=5644->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 20B guuid=a6e61c4b-2d00-0000-3b5e-b0590d160000 pid=5645->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 149B guuid=3d93c64d-2d00-0000-3b5e-b0590e160000 pid=5646->70247b96-6e03-5b94-a2c5-8c39e6019684 send: 98B guuid=2dea1353-2d00-0000-3b5e-b05911160000 pid=5649->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=34570254-2d00-0000-3b5e-b05912160000 pid=5650 /tmp/Space guuid=2dea1353-2d00-0000-3b5e-b05911160000 pid=5649->guuid=34570254-2d00-0000-3b5e-b05912160000 pid=5650 clone guuid=492e1854-2d00-0000-3b5e-b05913160000 pid=5651 /tmp/Space guuid=34570254-2d00-0000-3b5e-b05912160000 pid=5650->guuid=492e1854-2d00-0000-3b5e-b05913160000 pid=5651 clone guuid=86bc1f54-2d00-0000-3b5e-b05914160000 pid=5652 /tmp/Space net send-data zombie guuid=34570254-2d00-0000-3b5e-b05912160000 pid=5650->guuid=86bc1f54-2d00-0000-3b5e-b05914160000 pid=5652 clone guuid=86bc1f54-2d00-0000-3b5e-b05914160000 pid=5652->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=86bc1f54-2d00-0000-3b5e-b05914160000 pid=5652->06cdf142-0d11-5d0f-a341-54893b2d3887 con guuid=86bc1f54-2d00-0000-3b5e-b05914160000 pid=5652->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 send: 20B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1396277bdbadb4ada749609e273bdbf3255c06ef0bdd74854b97b7dfe3279c98
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1396277bdbadb4ada749609e273bdbf3255c06ef0bdd74854b97b7dfe3279c98/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/1396277bdbadb4ada749609e273bdbf3255c06ef0bdd74854b97b7dfe3279c98
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-21 06:56:17 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=colco663vw2k3j2jmcpcoo636msvybxpbpoxjbkls6357yzhtsma._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250821-jf6p4sgq81/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1396277bdbad/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1396277bdbadb4ada749609e273bdbf3255c06ef0bdd74854b97b7dfe3279c98

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1396277bdbadb4ada749609e273bdbf3255c06ef0bdd74854b97b7dfe3279c98

(this sample)

Mirai

elf 0a3333a9d5b6088cd2bc89e3b078e8cbfe26297ebc07150162d5c96283ef24e6

  
URLhaus
https://urlhaus.abuse.ch/url/3607749/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3607754/
  
Dropping
MD5 b42bd6cac850621861a8c5cafbf29946
  
Dropping
SHA256 0a3333a9d5b6088cd2bc89e3b078e8cbfe26297ebc07150162d5c96283ef24e6

Comments