MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 259812affc813d1cf0a3a26427e7c505e69d277b227a6158689bb8f0a68847ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 259812affc813d1cf0a3a26427e7c505e69d277b227a6158689bb8f0a68847ca
SHA3-384 hash: e7f30a1d74bfafa0ed50a89bede49d1766378cf3ba51586f0e25acddbbca07696796b1f15e8cfc4490f9336300e0a60b
SHA1 hash: 9f1d6713f87a6483fce1931d983fd06857df238a
MD5 hash: 1c01146f695f9387f79df9e18513ba90
humanhash: helium-muppet-fish-blue
File name:pen.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'807 bytes
First seen:2025-10-08 21:24:57 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:i8UjNzhBZRBXXd8iJ8LrPaL8MZBJ8l9EM33JiWR+:iVNzhBZRBXXd1NLZ3CEM3Z9+
TLSH T1E951B8CE11814930AC67EB6BF6FBC918B2C594E238D37E5856D97EF94A5CE08B440783
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.46.152.89/hiddenbin/arc.nn2648a9e2cbc1242c708d6a1dd232efdaa3d9a3457c2680f5488c18ca158066ac Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/x86.nna44fd90c844f09cafe65f15d09bca589ed88ef45d974b06197a037cac9c14765 Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/x86_64.nn29d94290a45d248686569793ef24197cdf7e49f894e8787ceead9c0e8ddf025f Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/i686.nnb22cbc3e3a79b816554a7dec985deef590514537508b9c402c2af7c69eba65d4 Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/mips.nn969b214defc87551eed01f19a6b427883a00c45679ceb0e519c3cddd1c0338a4 Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/mips64.nnn/an/aelf ua-wget
http://176.46.152.89/hiddenbin/mpsl.nnfe506e8546261e2977da129404499f3d2b8edacf32fe8bc225182a1596c850fa MiraiDEU elf geofenced mirai ua-wget
http://176.46.152.89/hiddenbin/arm.nn4ace3580630812fcd9a4d93dbf36548754a8a5afdb08e4d8a4d120217214262c Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/arm5.nna5f49c072e86b84e88aef49ab047fa188eec352e4dc8e1423282491851123d65 Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/arm6.nn6f42369e02603a0e13e3afbaa9852ac148c0c6081d08876d3d910a63c6af3d8b Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/arm7.nnaf65cb51659bee4401d35252d9e8fec46439c8e38b3109c67c660e3ffc292964 Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/ppc.nnd1cb7bedd085533268ab0a60e66e207af753dffdc16427e41367765efdffbd03 Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/sparc.nnn/an/aDEU elf geofenced ua-wget
http://176.46.152.89/hiddenbin/m68k.nn31a9e349796a67a26a34c7873fdbd1d24fd885a7727bc4c9b407fda585b092eb Miraielf mirai ua-wget
http://176.46.152.89/hiddenbin/sh4.nn14621e1aa60c59f8c814aa882bd12e70d8d44edc9355acacebd4f39ba1caad96 MiraiDEU elf geofenced mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-08T19:31:00Z UTC
Last seen:
2025-10-08T20:00:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/259812affc813d1cf0a3a26427e7c505e69d277b227a6158689bb8f0a68847ca/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4560a7b8-f31d-4222-8e09-3f81f1cb5b10
Behavior Graph:
Download SVG
%3 guuid=4582db98-1600-0000-ca54-6c5d500d0000 pid=3408 /usr/bin/sudo guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415 /tmp/sample.bin guuid=4582db98-1600-0000-ca54-6c5d500d0000 pid=3408->guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415 execve guuid=c811b99b-1600-0000-ca54-6c5d590d0000 pid=3417 /usr/bin/cp guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=c811b99b-1600-0000-ca54-6c5d590d0000 pid=3417 execve guuid=43d61fa1-1600-0000-ca54-6c5d680d0000 pid=3432 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=43d61fa1-1600-0000-ca54-6c5d680d0000 pid=3432 execve guuid=68bfd8af-1600-0000-ca54-6c5d910d0000 pid=3473 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=68bfd8af-1600-0000-ca54-6c5d910d0000 pid=3473 execve guuid=c5e64fba-1600-0000-ca54-6c5da30d0000 pid=3491 /usr/bin/cat guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=c5e64fba-1600-0000-ca54-6c5da30d0000 pid=3491 execve guuid=ee4dd5ba-1600-0000-ca54-6c5da40d0000 pid=3492 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=ee4dd5ba-1600-0000-ca54-6c5da40d0000 pid=3492 execve guuid=f97633bb-1600-0000-ca54-6c5da50d0000 pid=3493 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=f97633bb-1600-0000-ca54-6c5da50d0000 pid=3493 clone guuid=7b3944bc-1600-0000-ca54-6c5da80d0000 pid=3496 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=7b3944bc-1600-0000-ca54-6c5da80d0000 pid=3496 execve guuid=c0f2d3c5-1600-0000-ca54-6c5dba0d0000 pid=3514 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=c0f2d3c5-1600-0000-ca54-6c5dba0d0000 pid=3514 execve guuid=dedd8acc-1600-0000-ca54-6c5dc20d0000 pid=3522 /usr/bin/cat guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=dedd8acc-1600-0000-ca54-6c5dc20d0000 pid=3522 execve guuid=9da52acd-1600-0000-ca54-6c5dc30d0000 pid=3523 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=9da52acd-1600-0000-ca54-6c5dc30d0000 pid=3523 execve guuid=5ffedfcd-1600-0000-ca54-6c5dc50d0000 pid=3525 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=5ffedfcd-1600-0000-ca54-6c5dc50d0000 pid=3525 execve guuid=27f64cce-1600-0000-ca54-6c5dc90d0000 pid=3529 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=27f64cce-1600-0000-ca54-6c5dc90d0000 pid=3529 execve guuid=37524dd3-1600-0000-ca54-6c5dd50d0000 pid=3541 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=37524dd3-1600-0000-ca54-6c5dd50d0000 pid=3541 execve guuid=b7830bd9-1600-0000-ca54-6c5de40d0000 pid=3556 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=b7830bd9-1600-0000-ca54-6c5de40d0000 pid=3556 clone guuid=d02133d9-1600-0000-ca54-6c5de50d0000 pid=3557 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=d02133d9-1600-0000-ca54-6c5de50d0000 pid=3557 execve guuid=0db18bd9-1600-0000-ca54-6c5de70d0000 pid=3559 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=0db18bd9-1600-0000-ca54-6c5de70d0000 pid=3559 execve guuid=7b9c1d0b-1800-0000-ca54-6c5dc8100000 pid=4296 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=7b9c1d0b-1800-0000-ca54-6c5dc8100000 pid=4296 execve guuid=74131d10-1800-0000-ca54-6c5de0100000 pid=4320 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=74131d10-1800-0000-ca54-6c5de0100000 pid=4320 execve guuid=3214581a-1800-0000-ca54-6c5d05110000 pid=4357 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=3214581a-1800-0000-ca54-6c5d05110000 pid=4357 clone guuid=b812751a-1800-0000-ca54-6c5d06110000 pid=4358 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=b812751a-1800-0000-ca54-6c5d06110000 pid=4358 execve guuid=4389d41a-1800-0000-ca54-6c5d09110000 pid=4361 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=4389d41a-1800-0000-ca54-6c5d09110000 pid=4361 execve guuid=6d8c344e-1900-0000-ca54-6c5db1130000 pid=5041 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=6d8c344e-1900-0000-ca54-6c5db1130000 pid=5041 execve guuid=f7f1d656-1900-0000-ca54-6c5dca130000 pid=5066 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=f7f1d656-1900-0000-ca54-6c5dca130000 pid=5066 execve guuid=2e981b6d-1900-0000-ca54-6c5d08140000 pid=5128 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=2e981b6d-1900-0000-ca54-6c5d08140000 pid=5128 clone guuid=d06c6980-1900-0000-ca54-6c5d0d140000 pid=5133 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=d06c6980-1900-0000-ca54-6c5d0d140000 pid=5133 execve guuid=24f5fa80-1900-0000-ca54-6c5d0f140000 pid=5135 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=24f5fa80-1900-0000-ca54-6c5d0f140000 pid=5135 execve guuid=1a97ecb6-1a00-0000-ca54-6c5d8b140000 pid=5259 /usr/bin/wget net send-data guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=1a97ecb6-1a00-0000-ca54-6c5d8b140000 pid=5259 execve guuid=25d990be-1a00-0000-ca54-6c5d8e140000 pid=5262 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=25d990be-1a00-0000-ca54-6c5d8e140000 pid=5262 execve guuid=6429c0c7-1a00-0000-ca54-6c5d8f140000 pid=5263 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=6429c0c7-1a00-0000-ca54-6c5d8f140000 pid=5263 clone guuid=13b2ffc7-1a00-0000-ca54-6c5d90140000 pid=5264 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=13b2ffc7-1a00-0000-ca54-6c5d90140000 pid=5264 execve guuid=3f1c8ac8-1a00-0000-ca54-6c5d91140000 pid=5265 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=3f1c8ac8-1a00-0000-ca54-6c5d91140000 pid=5265 execve guuid=e56e8ffd-1b00-0000-ca54-6c5db3140000 pid=5299 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=e56e8ffd-1b00-0000-ca54-6c5db3140000 pid=5299 execve guuid=e0338806-1c00-0000-ca54-6c5db7140000 pid=5303 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=e0338806-1c00-0000-ca54-6c5db7140000 pid=5303 execve guuid=e5c4c810-1c00-0000-ca54-6c5db8140000 pid=5304 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=e5c4c810-1c00-0000-ca54-6c5db8140000 pid=5304 clone guuid=3db9f710-1c00-0000-ca54-6c5db9140000 pid=5305 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=3db9f710-1c00-0000-ca54-6c5db9140000 pid=5305 execve guuid=26338a11-1c00-0000-ca54-6c5dba140000 pid=5306 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=26338a11-1c00-0000-ca54-6c5dba140000 pid=5306 execve guuid=320a8148-1d00-0000-ca54-6c5dbc140000 pid=5308 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=320a8148-1d00-0000-ca54-6c5dbc140000 pid=5308 execve guuid=f8a3cb4c-1d00-0000-ca54-6c5dbf140000 pid=5311 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=f8a3cb4c-1d00-0000-ca54-6c5dbf140000 pid=5311 execve guuid=9046eb52-1d00-0000-ca54-6c5dc1140000 pid=5313 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=9046eb52-1d00-0000-ca54-6c5dc1140000 pid=5313 clone guuid=4efd2a53-1d00-0000-ca54-6c5dc2140000 pid=5314 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=4efd2a53-1d00-0000-ca54-6c5dc2140000 pid=5314 execve guuid=00a7b453-1d00-0000-ca54-6c5dc3140000 pid=5315 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=00a7b453-1d00-0000-ca54-6c5dc3140000 pid=5315 execve guuid=c242d58a-1e00-0000-ca54-6c5dc5140000 pid=5317 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=c242d58a-1e00-0000-ca54-6c5dc5140000 pid=5317 execve guuid=aed10f8f-1e00-0000-ca54-6c5dc8140000 pid=5320 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=aed10f8f-1e00-0000-ca54-6c5dc8140000 pid=5320 execve guuid=7de0019a-1e00-0000-ca54-6c5dca140000 pid=5322 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=7de0019a-1e00-0000-ca54-6c5dca140000 pid=5322 clone guuid=f18e309a-1e00-0000-ca54-6c5dcb140000 pid=5323 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=f18e309a-1e00-0000-ca54-6c5dcb140000 pid=5323 execve guuid=b263c39a-1e00-0000-ca54-6c5dcc140000 pid=5324 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=b263c39a-1e00-0000-ca54-6c5dcc140000 pid=5324 execve guuid=843afdd3-1f00-0000-ca54-6c5dcf140000 pid=5327 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=843afdd3-1f00-0000-ca54-6c5dcf140000 pid=5327 execve guuid=5aec08dd-1f00-0000-ca54-6c5dd2140000 pid=5330 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=5aec08dd-1f00-0000-ca54-6c5dd2140000 pid=5330 execve guuid=2a0c5fe6-1f00-0000-ca54-6c5dd3140000 pid=5331 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=2a0c5fe6-1f00-0000-ca54-6c5dd3140000 pid=5331 clone guuid=d35199e6-1f00-0000-ca54-6c5dd4140000 pid=5332 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=d35199e6-1f00-0000-ca54-6c5dd4140000 pid=5332 execve guuid=69df23e7-1f00-0000-ca54-6c5dd5140000 pid=5333 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=69df23e7-1f00-0000-ca54-6c5dd5140000 pid=5333 execve guuid=bd2cf920-2100-0000-ca54-6c5dd8140000 pid=5336 /usr/bin/wget net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=bd2cf920-2100-0000-ca54-6c5dd8140000 pid=5336 execve guuid=5738b02b-2100-0000-ca54-6c5ddb140000 pid=5339 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=5738b02b-2100-0000-ca54-6c5ddb140000 pid=5339 execve guuid=6c29f638-2100-0000-ca54-6c5ddc140000 pid=5340 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=6c29f638-2100-0000-ca54-6c5ddc140000 pid=5340 clone guuid=1b9a3139-2100-0000-ca54-6c5ddd140000 pid=5341 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=1b9a3139-2100-0000-ca54-6c5ddd140000 pid=5341 execve guuid=cf57c039-2100-0000-ca54-6c5dde140000 pid=5342 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=cf57c039-2100-0000-ca54-6c5dde140000 pid=5342 execve guuid=93ee7875-2200-0000-ca54-6c5de1140000 pid=5345 /usr/bin/wget guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=93ee7875-2200-0000-ca54-6c5de1140000 pid=5345 execve guuid=0fb74676-2200-0000-ca54-6c5de2140000 pid=5346 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=0fb74676-2200-0000-ca54-6c5de2140000 pid=5346 clone guuid=e7787876-2200-0000-ca54-6c5de3140000 pid=5347 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=e7787876-2200-0000-ca54-6c5de3140000 pid=5347 execve guuid=20a9c376-2200-0000-ca54-6c5de4140000 pid=5348 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=20a9c376-2200-0000-ca54-6c5de4140000 pid=5348 execve guuid=9ca1f2b2-2300-0000-ca54-6c5de9140000 pid=5353 /usr/bin/wget net send-data guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=9ca1f2b2-2300-0000-ca54-6c5de9140000 pid=5353 execve guuid=d5e706b7-2300-0000-ca54-6c5deb140000 pid=5355 /usr/bin/curl net send-data write-file guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=d5e706b7-2300-0000-ca54-6c5deb140000 pid=5355 execve guuid=8cbedfc0-2300-0000-ca54-6c5ded140000 pid=5357 /usr/bin/bash guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=8cbedfc0-2300-0000-ca54-6c5ded140000 pid=5357 clone guuid=ca661cc1-2300-0000-ca54-6c5dee140000 pid=5358 /usr/bin/chmod guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=ca661cc1-2300-0000-ca54-6c5dee140000 pid=5358 execve guuid=edd4afc1-2300-0000-ca54-6c5def140000 pid=5359 /tmp/nn net guuid=d2173f9b-1600-0000-ca54-6c5d570d0000 pid=3415->guuid=edd4afc1-2300-0000-ca54-6c5def140000 pid=5359 execve 21248e82-210f-51ca-8ec9-ceecf3db8318 176.46.152.89:80 guuid=43d61fa1-1600-0000-ca54-6c5d680d0000 pid=3432->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 144B guuid=68bfd8af-1600-0000-ca54-6c5d910d0000 pid=3473->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 93B guuid=7b3944bc-1600-0000-ca54-6c5da80d0000 pid=3496->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 144B guuid=c0f2d3c5-1600-0000-ca54-6c5dba0d0000 pid=3514->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 93B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=5ffedfcd-1600-0000-ca54-6c5dc50d0000 pid=3525->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=98dd39ce-1600-0000-ca54-6c5dc70d0000 pid=3527 /tmp/nn net zombie guuid=5ffedfcd-1600-0000-ca54-6c5dc50d0000 pid=3525->guuid=98dd39ce-1600-0000-ca54-6c5dc70d0000 pid=3527 clone 310a0ed0-c544-54ca-bf3f-fca55e459297 65.222.202.53:80 guuid=98dd39ce-1600-0000-ca54-6c5dc70d0000 pid=3527->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=0ae54cce-1600-0000-ca54-6c5dc80d0000 pid=3528 /tmp/nn dns net send-data guuid=98dd39ce-1600-0000-ca54-6c5dc70d0000 pid=3527->guuid=0ae54cce-1600-0000-ca54-6c5dc80d0000 pid=3528 clone guuid=86a4acd0-1600-0000-ca54-6c5dcf0d0000 pid=3535 /tmp/nn dns net send-data guuid=98dd39ce-1600-0000-ca54-6c5dc70d0000 pid=3527->guuid=86a4acd0-1600-0000-ca54-6c5dcf0d0000 pid=3535 clone guuid=c53951d3-1600-0000-ca54-6c5dd60d0000 pid=3542 /tmp/nn dns net send-data guuid=98dd39ce-1600-0000-ca54-6c5dc70d0000 pid=3527->guuid=c53951d3-1600-0000-ca54-6c5dd60d0000 pid=3542 clone guuid=0ae54cce-1600-0000-ca54-6c5dc80d0000 pid=3528->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=27f64cce-1600-0000-ca54-6c5dc90d0000 pid=3529->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 147B guuid=86a4acd0-1600-0000-ca54-6c5dcf0d0000 pid=3535->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=37524dd3-1600-0000-ca54-6c5dd50d0000 pid=3541->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 96B guuid=c53951d3-1600-0000-ca54-6c5dd60d0000 pid=3542->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=0db18bd9-1600-0000-ca54-6c5de70d0000 pid=3559->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 8ff25191-b423-5251-a735-2378c22ab12a 0.0.0.0:48101 guuid=0db18bd9-1600-0000-ca54-6c5de70d0000 pid=3559->8ff25191-b423-5251-a735-2378c22ab12a con guuid=df5b140b-1800-0000-ca54-6c5dc5100000 pid=4293 /tmp/nn net zombie guuid=0db18bd9-1600-0000-ca54-6c5de70d0000 pid=3559->guuid=df5b140b-1800-0000-ca54-6c5dc5100000 pid=4293 clone guuid=df5b140b-1800-0000-ca54-6c5dc5100000 pid=4293->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=7715210b-1800-0000-ca54-6c5dc9100000 pid=4297 /tmp/nn dns net send-data guuid=df5b140b-1800-0000-ca54-6c5dc5100000 pid=4293->guuid=7715210b-1800-0000-ca54-6c5dc9100000 pid=4297 clone guuid=6d67640d-1800-0000-ca54-6c5dd2100000 pid=4306 /tmp/nn dns net send-data guuid=df5b140b-1800-0000-ca54-6c5dc5100000 pid=4293->guuid=6d67640d-1800-0000-ca54-6c5dd2100000 pid=4306 clone guuid=2321bc0f-1800-0000-ca54-6c5ddc100000 pid=4316 /tmp/nn dns net send-data guuid=df5b140b-1800-0000-ca54-6c5dc5100000 pid=4293->guuid=2321bc0f-1800-0000-ca54-6c5ddc100000 pid=4316 clone guuid=7b9c1d0b-1800-0000-ca54-6c5dc8100000 pid=4296->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 145B guuid=7715210b-1800-0000-ca54-6c5dc9100000 pid=4297->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=6d67640d-1800-0000-ca54-6c5dd2100000 pid=4306->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=2321bc0f-1800-0000-ca54-6c5ddc100000 pid=4316->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=74131d10-1800-0000-ca54-6c5de0100000 pid=4320->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 94B guuid=4389d41a-1800-0000-ca54-6c5d09110000 pid=4361->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4389d41a-1800-0000-ca54-6c5d09110000 pid=4361->8ff25191-b423-5251-a735-2378c22ab12a con guuid=882e294e-1900-0000-ca54-6c5db0130000 pid=5040 /tmp/nn net zombie guuid=4389d41a-1800-0000-ca54-6c5d09110000 pid=4361->guuid=882e294e-1900-0000-ca54-6c5db0130000 pid=5040 clone guuid=882e294e-1900-0000-ca54-6c5db0130000 pid=5040->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=bbb23d4e-1900-0000-ca54-6c5db2130000 pid=5042 /tmp/nn dns net send-data guuid=882e294e-1900-0000-ca54-6c5db0130000 pid=5040->guuid=bbb23d4e-1900-0000-ca54-6c5db2130000 pid=5042 clone guuid=b2b89050-1900-0000-ca54-6c5db9130000 pid=5049 /tmp/nn dns net send-data guuid=882e294e-1900-0000-ca54-6c5db0130000 pid=5040->guuid=b2b89050-1900-0000-ca54-6c5db9130000 pid=5049 clone guuid=2254fa52-1900-0000-ca54-6c5dbd130000 pid=5053 /tmp/nn dns net send-data guuid=882e294e-1900-0000-ca54-6c5db0130000 pid=5040->guuid=2254fa52-1900-0000-ca54-6c5dbd130000 pid=5053 clone guuid=6d8c344e-1900-0000-ca54-6c5db1130000 pid=5041->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 145B guuid=bbb23d4e-1900-0000-ca54-6c5db2130000 pid=5042->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=b2b89050-1900-0000-ca54-6c5db9130000 pid=5049->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=2254fa52-1900-0000-ca54-6c5dbd130000 pid=5053->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=f7f1d656-1900-0000-ca54-6c5dca130000 pid=5066->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 94B guuid=24f5fa80-1900-0000-ca54-6c5d0f140000 pid=5135->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=24f5fa80-1900-0000-ca54-6c5d0f140000 pid=5135->8ff25191-b423-5251-a735-2378c22ab12a con guuid=4745d5b6-1a00-0000-ca54-6c5d89140000 pid=5257 /tmp/nn net zombie guuid=24f5fa80-1900-0000-ca54-6c5d0f140000 pid=5135->guuid=4745d5b6-1a00-0000-ca54-6c5d89140000 pid=5257 clone guuid=4745d5b6-1a00-0000-ca54-6c5d89140000 pid=5257->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=ae6fe8b6-1a00-0000-ca54-6c5d8a140000 pid=5258 /tmp/nn dns net send-data guuid=4745d5b6-1a00-0000-ca54-6c5d89140000 pid=5257->guuid=ae6fe8b6-1a00-0000-ca54-6c5d8a140000 pid=5258 clone guuid=97187eb9-1a00-0000-ca54-6c5d8c140000 pid=5260 /tmp/nn dns net send-data guuid=4745d5b6-1a00-0000-ca54-6c5d89140000 pid=5257->guuid=97187eb9-1a00-0000-ca54-6c5d8c140000 pid=5260 clone guuid=b16fe9bb-1a00-0000-ca54-6c5d8d140000 pid=5261 /tmp/nn dns net send-data guuid=4745d5b6-1a00-0000-ca54-6c5d89140000 pid=5257->guuid=b16fe9bb-1a00-0000-ca54-6c5d8d140000 pid=5261 clone guuid=ae6fe8b6-1a00-0000-ca54-6c5d8a140000 pid=5258->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=1a97ecb6-1a00-0000-ca54-6c5d8b140000 pid=5259->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 147B guuid=97187eb9-1a00-0000-ca54-6c5d8c140000 pid=5260->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=b16fe9bb-1a00-0000-ca54-6c5d8d140000 pid=5261->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=25d990be-1a00-0000-ca54-6c5d8e140000 pid=5262->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 96B guuid=3f1c8ac8-1a00-0000-ca54-6c5d91140000 pid=5265->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3f1c8ac8-1a00-0000-ca54-6c5d91140000 pid=5265->8ff25191-b423-5251-a735-2378c22ab12a con guuid=f57182fd-1b00-0000-ca54-6c5db2140000 pid=5298 /tmp/nn net zombie guuid=3f1c8ac8-1a00-0000-ca54-6c5d91140000 pid=5265->guuid=f57182fd-1b00-0000-ca54-6c5db2140000 pid=5298 clone guuid=f57182fd-1b00-0000-ca54-6c5db2140000 pid=5298->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=d61294fd-1b00-0000-ca54-6c5db4140000 pid=5300 /tmp/nn dns net send-data guuid=f57182fd-1b00-0000-ca54-6c5db2140000 pid=5298->guuid=d61294fd-1b00-0000-ca54-6c5db4140000 pid=5300 clone guuid=c87efeff-1b00-0000-ca54-6c5db5140000 pid=5301 /tmp/nn dns net send-data guuid=f57182fd-1b00-0000-ca54-6c5db2140000 pid=5298->guuid=c87efeff-1b00-0000-ca54-6c5db5140000 pid=5301 clone guuid=13eaa702-1c00-0000-ca54-6c5db6140000 pid=5302 /tmp/nn dns net send-data guuid=f57182fd-1b00-0000-ca54-6c5db2140000 pid=5298->guuid=13eaa702-1c00-0000-ca54-6c5db6140000 pid=5302 clone guuid=e56e8ffd-1b00-0000-ca54-6c5db3140000 pid=5299->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 145B guuid=d61294fd-1b00-0000-ca54-6c5db4140000 pid=5300->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=c87efeff-1b00-0000-ca54-6c5db5140000 pid=5301->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=13eaa702-1c00-0000-ca54-6c5db6140000 pid=5302->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=e0338806-1c00-0000-ca54-6c5db7140000 pid=5303->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 94B guuid=26338a11-1c00-0000-ca54-6c5dba140000 pid=5306->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=26338a11-1c00-0000-ca54-6c5dba140000 pid=5306->8ff25191-b423-5251-a735-2378c22ab12a con guuid=473e7448-1d00-0000-ca54-6c5dbb140000 pid=5307 /tmp/nn net zombie guuid=26338a11-1c00-0000-ca54-6c5dba140000 pid=5306->guuid=473e7448-1d00-0000-ca54-6c5dbb140000 pid=5307 clone guuid=473e7448-1d00-0000-ca54-6c5dbb140000 pid=5307->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=12238448-1d00-0000-ca54-6c5dbd140000 pid=5309 /tmp/nn dns net send-data guuid=473e7448-1d00-0000-ca54-6c5dbb140000 pid=5307->guuid=12238448-1d00-0000-ca54-6c5dbd140000 pid=5309 clone guuid=182f2e4b-1d00-0000-ca54-6c5dbe140000 pid=5310 /tmp/nn dns net send-data guuid=473e7448-1d00-0000-ca54-6c5dbb140000 pid=5307->guuid=182f2e4b-1d00-0000-ca54-6c5dbe140000 pid=5310 clone guuid=061e864d-1d00-0000-ca54-6c5dc0140000 pid=5312 /tmp/nn dns net send-data guuid=473e7448-1d00-0000-ca54-6c5dbb140000 pid=5307->guuid=061e864d-1d00-0000-ca54-6c5dc0140000 pid=5312 clone guuid=320a8148-1d00-0000-ca54-6c5dbc140000 pid=5308->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 144B guuid=12238448-1d00-0000-ca54-6c5dbd140000 pid=5309->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=182f2e4b-1d00-0000-ca54-6c5dbe140000 pid=5310->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=f8a3cb4c-1d00-0000-ca54-6c5dbf140000 pid=5311->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 93B guuid=061e864d-1d00-0000-ca54-6c5dc0140000 pid=5312->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=00a7b453-1d00-0000-ca54-6c5dc3140000 pid=5315->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=00a7b453-1d00-0000-ca54-6c5dc3140000 pid=5315->8ff25191-b423-5251-a735-2378c22ab12a con guuid=5dd7c78a-1e00-0000-ca54-6c5dc4140000 pid=5316 /tmp/nn net zombie guuid=00a7b453-1d00-0000-ca54-6c5dc3140000 pid=5315->guuid=5dd7c78a-1e00-0000-ca54-6c5dc4140000 pid=5316 clone guuid=5dd7c78a-1e00-0000-ca54-6c5dc4140000 pid=5316->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=332ad68a-1e00-0000-ca54-6c5dc6140000 pid=5318 /tmp/nn dns net send-data guuid=5dd7c78a-1e00-0000-ca54-6c5dc4140000 pid=5316->guuid=332ad68a-1e00-0000-ca54-6c5dc6140000 pid=5318 clone guuid=3b374f8d-1e00-0000-ca54-6c5dc7140000 pid=5319 /tmp/nn dns net send-data guuid=5dd7c78a-1e00-0000-ca54-6c5dc4140000 pid=5316->guuid=3b374f8d-1e00-0000-ca54-6c5dc7140000 pid=5319 clone guuid=0c01df8f-1e00-0000-ca54-6c5dc9140000 pid=5321 /tmp/nn dns net send-data guuid=5dd7c78a-1e00-0000-ca54-6c5dc4140000 pid=5316->guuid=0c01df8f-1e00-0000-ca54-6c5dc9140000 pid=5321 clone guuid=c242d58a-1e00-0000-ca54-6c5dc5140000 pid=5317->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 145B guuid=332ad68a-1e00-0000-ca54-6c5dc6140000 pid=5318->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=3b374f8d-1e00-0000-ca54-6c5dc7140000 pid=5319->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=aed10f8f-1e00-0000-ca54-6c5dc8140000 pid=5320->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 94B guuid=0c01df8f-1e00-0000-ca54-6c5dc9140000 pid=5321->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=b263c39a-1e00-0000-ca54-6c5dcc140000 pid=5324->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b263c39a-1e00-0000-ca54-6c5dcc140000 pid=5324->8ff25191-b423-5251-a735-2378c22ab12a con guuid=a452e9d3-1f00-0000-ca54-6c5dcd140000 pid=5325 /tmp/nn net zombie guuid=b263c39a-1e00-0000-ca54-6c5dcc140000 pid=5324->guuid=a452e9d3-1f00-0000-ca54-6c5dcd140000 pid=5325 clone guuid=a452e9d3-1f00-0000-ca54-6c5dcd140000 pid=5325->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=bc39fbd3-1f00-0000-ca54-6c5dce140000 pid=5326 /tmp/nn dns net send-data guuid=a452e9d3-1f00-0000-ca54-6c5dcd140000 pid=5325->guuid=bc39fbd3-1f00-0000-ca54-6c5dce140000 pid=5326 clone guuid=53793cd6-1f00-0000-ca54-6c5dd0140000 pid=5328 /tmp/nn dns net send-data guuid=a452e9d3-1f00-0000-ca54-6c5dcd140000 pid=5325->guuid=53793cd6-1f00-0000-ca54-6c5dd0140000 pid=5328 clone guuid=895190d8-1f00-0000-ca54-6c5dd1140000 pid=5329 /tmp/nn dns net send-data guuid=a452e9d3-1f00-0000-ca54-6c5dcd140000 pid=5325->guuid=895190d8-1f00-0000-ca54-6c5dd1140000 pid=5329 clone guuid=bc39fbd3-1f00-0000-ca54-6c5dce140000 pid=5326->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=843afdd3-1f00-0000-ca54-6c5dcf140000 pid=5327->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 145B guuid=53793cd6-1f00-0000-ca54-6c5dd0140000 pid=5328->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=895190d8-1f00-0000-ca54-6c5dd1140000 pid=5329->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=5aec08dd-1f00-0000-ca54-6c5dd2140000 pid=5330->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 94B guuid=69df23e7-1f00-0000-ca54-6c5dd5140000 pid=5333->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=69df23e7-1f00-0000-ca54-6c5dd5140000 pid=5333->8ff25191-b423-5251-a735-2378c22ab12a con guuid=2c5edc20-2100-0000-ca54-6c5dd6140000 pid=5334 /tmp/nn net zombie guuid=69df23e7-1f00-0000-ca54-6c5dd5140000 pid=5333->guuid=2c5edc20-2100-0000-ca54-6c5dd6140000 pid=5334 clone guuid=2c5edc20-2100-0000-ca54-6c5dd6140000 pid=5334->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=fd9af320-2100-0000-ca54-6c5dd7140000 pid=5335 /tmp/nn dns net send-data guuid=2c5edc20-2100-0000-ca54-6c5dd6140000 pid=5334->guuid=fd9af320-2100-0000-ca54-6c5dd7140000 pid=5335 clone guuid=58109023-2100-0000-ca54-6c5dd9140000 pid=5337 /tmp/nn dns net send-data guuid=2c5edc20-2100-0000-ca54-6c5dd6140000 pid=5334->guuid=58109023-2100-0000-ca54-6c5dd9140000 pid=5337 clone guuid=2b193626-2100-0000-ca54-6c5dda140000 pid=5338 /tmp/nn dns net send-data guuid=2c5edc20-2100-0000-ca54-6c5dd6140000 pid=5334->guuid=2b193626-2100-0000-ca54-6c5dda140000 pid=5338 clone guuid=fd9af320-2100-0000-ca54-6c5dd7140000 pid=5335->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=bd2cf920-2100-0000-ca54-6c5dd8140000 pid=5336->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 145B guuid=58109023-2100-0000-ca54-6c5dd9140000 pid=5337->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=2b193626-2100-0000-ca54-6c5dda140000 pid=5338->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=5738b02b-2100-0000-ca54-6c5ddb140000 pid=5339->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 94B guuid=cf57c039-2100-0000-ca54-6c5dde140000 pid=5342->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cf57c039-2100-0000-ca54-6c5dde140000 pid=5342->8ff25191-b423-5251-a735-2378c22ab12a con guuid=21195e75-2200-0000-ca54-6c5ddf140000 pid=5343 /tmp/nn net zombie guuid=cf57c039-2100-0000-ca54-6c5dde140000 pid=5342->guuid=21195e75-2200-0000-ca54-6c5ddf140000 pid=5343 clone guuid=21195e75-2200-0000-ca54-6c5ddf140000 pid=5343->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=b7057075-2200-0000-ca54-6c5de0140000 pid=5344 /tmp/nn dns net send-data guuid=21195e75-2200-0000-ca54-6c5ddf140000 pid=5343->guuid=b7057075-2200-0000-ca54-6c5de0140000 pid=5344 clone guuid=48d73e78-2200-0000-ca54-6c5de5140000 pid=5349 /tmp/nn dns net send-data guuid=21195e75-2200-0000-ca54-6c5ddf140000 pid=5343->guuid=48d73e78-2200-0000-ca54-6c5de5140000 pid=5349 clone guuid=1c9ce87a-2200-0000-ca54-6c5de6140000 pid=5350 /tmp/nn dns net send-data guuid=21195e75-2200-0000-ca54-6c5ddf140000 pid=5343->guuid=1c9ce87a-2200-0000-ca54-6c5de6140000 pid=5350 clone guuid=b7057075-2200-0000-ca54-6c5de0140000 pid=5344->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=20a9c376-2200-0000-ca54-6c5de4140000 pid=5348->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=20a9c376-2200-0000-ca54-6c5de4140000 pid=5348->8ff25191-b423-5251-a735-2378c22ab12a con guuid=9110dab2-2300-0000-ca54-6c5de7140000 pid=5351 /tmp/nn net zombie guuid=20a9c376-2200-0000-ca54-6c5de4140000 pid=5348->guuid=9110dab2-2300-0000-ca54-6c5de7140000 pid=5351 clone guuid=48d73e78-2200-0000-ca54-6c5de5140000 pid=5349->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=1c9ce87a-2200-0000-ca54-6c5de6140000 pid=5350->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=9110dab2-2300-0000-ca54-6c5de7140000 pid=5351->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=7219e8b2-2300-0000-ca54-6c5de8140000 pid=5352 /tmp/nn dns net send-data guuid=9110dab2-2300-0000-ca54-6c5de7140000 pid=5351->guuid=7219e8b2-2300-0000-ca54-6c5de8140000 pid=5352 clone guuid=239995b5-2300-0000-ca54-6c5dea140000 pid=5354 /tmp/nn dns net send-data guuid=9110dab2-2300-0000-ca54-6c5de7140000 pid=5351->guuid=239995b5-2300-0000-ca54-6c5dea140000 pid=5354 clone guuid=163a34b8-2300-0000-ca54-6c5dec140000 pid=5356 /tmp/nn dns net send-data guuid=9110dab2-2300-0000-ca54-6c5de7140000 pid=5351->guuid=163a34b8-2300-0000-ca54-6c5dec140000 pid=5356 clone guuid=7219e8b2-2300-0000-ca54-6c5de8140000 pid=5352->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=9ca1f2b2-2300-0000-ca54-6c5de9140000 pid=5353->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 146B guuid=239995b5-2300-0000-ca54-6c5dea140000 pid=5354->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=d5e706b7-2300-0000-ca54-6c5deb140000 pid=5355->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 95B guuid=163a34b8-2300-0000-ca54-6c5dec140000 pid=5356->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 105B guuid=edd4afc1-2300-0000-ca54-6c5def140000 pid=5359->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=edd4afc1-2300-0000-ca54-6c5def140000 pid=5359->8ff25191-b423-5251-a735-2378c22ab12a con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/259812affc813d1cf0a3a26427e7c505e69d277b227a6158689bb8f0a68847ca
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/259812affc813d1cf0a3a26427e7c505e69d277b227a6158689bb8f0a68847ca/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-10-08 21:25:46 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ewmbfl74qe6rz4fdujscpz6faxtj2j33ej5gcwdito4pbjuii7fa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251008-z91zqatyay/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
UPX packed file
Enumerates active TCP sockets
File and Directory Permissions Modification
Executes dropped EXE
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/259812affc81/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.98
Link:
https://yomi.yoroi.company/submissions/259812affc813d1cf0a3a26427e7c505e69d277b227a6158689bb8f0a68847ca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 259812affc813d1cf0a3a26427e7c505e69d277b227a6158689bb8f0a68847ca

(this sample)

Mirai

elf 71fc617e4870e8b500eb88d262d5c622d6872861b89f2c0dc5aad936b155381a

  
URLhaus
https://urlhaus.abuse.ch/url/3659929/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ded0d9d44817f90b2bac61b42edfb2ed
  
Dropping
SHA256 71fc617e4870e8b500eb88d262d5c622d6872861b89f2c0dc5aad936b155381a
  
URLhaus
https://urlhaus.abuse.ch/url/3665865/

Comments