Edit tour

Linux Analysis Report
mips.elf

Overview

General Information

Sample name:mips.elf
Analysis ID:1646498
MD5:db8a488460b48e9712b0b6ef7d1184a4
SHA1:f40c756e11050be2c587de9824417efb591ba4bf
SHA256:18ac42553a13aa34671816e9370a5bb1459e75e3308392c64e824f02b1ddbe26
Tags:elfuser-abuse_ch
Infos:
Errors
  • No or unstable Internet during analysis

Detection

Score:60
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1646498
Start date and time:2025-03-24 04:22:55 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 46s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mips.elf
Detection:MAL
Classification:mal60.troj.linELF@0/2@0/0
  • No or unstable Internet during analysis
  • Excluded IPs from analysis (whitelisted): 8.8.8.8
Command:/tmp/mips.elf
PID:5430
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
For God so loved the world
Standard Error:
  • system is lnxubuntu20
  • mips.elf (PID: 5430, Parent: 5356, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mips.elf
    • mips.elf New Fork (PID: 5434, Parent: 5430)
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: mips.elfAvira: detected
Source: mips.elfVirustotal: Detection: 17%Perma Link
Source: mips.elfReversingLabs: Detection: 13%

Networking

barindex
Source: global trafficTCP traffic: 156.244.45.113 ports 5102,0,1,2,5,12016
Source: global trafficTCP traffic: 104.245.241.64 ports 64839,3,4,6,8,9
Source: global trafficTCP traffic: 216.73.156.19 ports 41763,1,3,4,6,7
Source: global trafficTCP traffic: 156.244.44.239 ports 40237,0,2,3,4,7
Source: global trafficTCP traffic: 154.205.155.243 ports 56190,5102,0,1,2,5
Source: global trafficTCP traffic: 104.245.241.61 ports 5102,35086,0,1,2,26141,5
Source: global trafficTCP traffic: 154.205.155.97 ports 40237,0,2,3,4,7
Source: global trafficTCP traffic: 192.168.2.13:40240 -> 104.245.241.61:5102
Source: global trafficTCP traffic: 192.168.2.13:43142 -> 154.205.155.243:5102
Source: global trafficTCP traffic: 192.168.2.13:34952 -> 216.146.26.30:46164
Source: global trafficTCP traffic: 192.168.2.13:37150 -> 156.244.45.113:5102
Source: global trafficTCP traffic: 192.168.2.13:36802 -> 216.73.156.19:41763
Source: global trafficTCP traffic: 192.168.2.13:52568 -> 154.205.155.97:40237
Source: global trafficTCP traffic: 192.168.2.13:51480 -> 156.244.44.239:40237
Source: global trafficTCP traffic: 192.168.2.13:41200 -> 104.245.241.64:64839
Source: /tmp/mips.elf (PID: 5434)Socket: 127.0.0.1:22448Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 154.205.155.243
Source: unknownTCP traffic detected without corresponding DNS query: 154.205.155.243
Source: unknownTCP traffic detected without corresponding DNS query: 154.205.155.243
Source: unknownTCP traffic detected without corresponding DNS query: 154.205.155.243
Source: unknownTCP traffic detected without corresponding DNS query: 154.205.155.243
Source: unknownTCP traffic detected without corresponding DNS query: 154.205.155.243
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.61
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 216.146.26.30
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.45.113
Source: unknownTCP traffic detected without corresponding DNS query: 154.205.155.243
Source: mips.elf, 5430.1.00007f09b4456000.00007f09b4460000.rw-.sdmpString found in binary or memory: http://0/t/wget.sh
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal60.troj.linELF@0/2@0/0
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/236/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/237/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/238/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/239/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/3633/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/914/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/10/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/917/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/11/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/12/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/5273/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/13/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/14/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/15/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/16/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/17/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/18/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/19/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/240/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/3095/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/120/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/241/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/121/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/242/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/122/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/243/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/2/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/123/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/244/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/3/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/124/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/245/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/1588/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/125/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/4/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/246/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/126/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/5/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/247/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/127/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/6/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/248/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/128/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/7/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/249/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/129/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/8/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/9/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/1906/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/802/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/803/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/20/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/21/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/22/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/23/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/24/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/25/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/26/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/27/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/28/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/29/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/3420/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/1482/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/490/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/1480/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/250/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/371/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/130/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/251/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/131/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/252/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/132/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/253/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/254/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/1238/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/134/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/255/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/256/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/257/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/378/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/3413/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/258/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/259/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/1475/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/3773/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/936/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)File opened: /proc/30/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 5430)Queries kernel information via 'uname': Jump to behavior
Source: mips.elf, 5430.1.00007f09b4456000.00007f09b4460000.rw-.sdmpBinary or memory string: vmwarem
Source: mips.elf, 5430.1.00007f09b4456000.00007f09b4460000.rw-.sdmpBinary or memory string: vmware
Source: mips.elf, 5430.1.00007f09b4456000.00007f09b4460000.rw-.sdmpBinary or memory string: qemu-arm2QB
Source: mips.elf, 5430.1.000055dba6a9f000.000055dba6b46000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
Source: mips.elf, 5430.1.00007f09b4456000.00007f09b4460000.rw-.sdmpBinary or memory string: qemu-arm
Source: mips.elf, 5430.1.000055dba6a9f000.000055dba6b46000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: mips.elf, 5430.1.00007fffff82b000.00007fffff84c000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.elf
Source: mips.elf, 5430.1.00007fffff82b000.00007fffff84c000.rw-.sdmpBinary or memory string: %s/qemu-op
Source: mips.elf, 5430.1.00007fffff82b000.00007fffff84c000.rw-.sdmpBinary or memory string: U/tmp/qemu-open.6EmxsO\$
Source: mips.elf, 5430.1.00007fffff82b000.00007fffff84c000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
Source: mips.elf, 5430.1.00007fffff82b000.00007fffff84c000.rw-.sdmpBinary or memory string: /tmp/qemu-open.6EmxsO
Source: mips.elf, 5430.1.00007fffff82b000.00007fffff84c000.rw-.sdmpBinary or memory string: MPDIR%s/qemu-op
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1646498 Sample: mips.elf Startdate: 24/03/2025 Architecture: LINUX Score: 60 11 216.73.156.19, 36802, 41763 WINDSTREAMUS United States 2->11 13 156.244.44.239, 40237, 51480 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 2->13 15 6 other IPs or domains 2->15 17 Antivirus / Scanner detection for submitted sample 2->17 19 Multi AV Scanner detection for submitted file 2->19 21 Connects to many ports of the same IP (likely port scanning) 2->21 7 mips.elf 2->7         started        signatures3 process4 process5 9 mips.elf 7->9         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
mips.elf17%VirustotalBrowse
mips.elf14%ReversingLabsLinux.Trojan.Mirai
mips.elf100%AviraEXP/ELF.Agent.J.8
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://0/t/wget.shmips.elf, 5430.1.00007f09b4456000.00007f09b4460000.rw-.sdmpfalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    216.146.26.30
    unknownReserved
    11915US-TELEPACIFICUSfalse
    156.244.45.113
    unknownSeychelles
    132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
    104.245.241.64
    unknownUnited States
    8100ASN-QUADRANET-GLOBALUStrue
    154.205.155.243
    unknownSeychelles
    26484IKGUL-26484UStrue
    216.73.156.19
    unknownUnited States
    7029WINDSTREAMUStrue
    104.245.241.61
    unknownUnited States
    8100ASN-QUADRANET-GLOBALUStrue
    154.205.155.97
    unknownSeychelles
    26484IKGUL-26484UStrue
    156.244.44.239
    unknownSeychelles
    132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    216.146.26.30SecuriteInfo.com.ELF.Mirai-CXE.14004.27270.elfGet hashmaliciousUnknownBrowse
      arm5.elfGet hashmaliciousUnknownBrowse
        156.244.45.113ppc.elfGet hashmaliciousUnknownBrowse
          arm.elfGet hashmaliciousUnknownBrowse
            104.245.241.64mips.elfGet hashmaliciousUnknownBrowse
              arm5.elfGet hashmaliciousUnknownBrowse
                154.205.155.243SecuriteInfo.com.ELF.Mirai-CXE.14004.27270.elfGet hashmaliciousUnknownBrowse
                  aarch64.elfGet hashmaliciousUnknownBrowse
                    nimips.elfGet hashmaliciousUnknownBrowse
                      154.205.155.97arm7.elfGet hashmaliciousUnknownBrowse
                        arm6.elfGet hashmaliciousUnknownBrowse
                          nimips.elfGet hashmaliciousUnknownBrowse
                            mips.elfGet hashmaliciousUnknownBrowse
                              arm.elfGet hashmaliciousUnknownBrowse
                                mpsl.elfGet hashmaliciousUnknownBrowse
                                  156.244.44.239nimips.elfGet hashmaliciousUnknownBrowse
                                    sh4.elfGet hashmaliciousUnknownBrowse
                                      arm7.elfGet hashmaliciousUnknownBrowse
                                        No context
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        IKGUL-26484USresgod.arm5.elfGet hashmaliciousMiraiBrowse
                                        • 156.251.85.223
                                        resgod.arm7.elfGet hashmaliciousMiraiBrowse
                                        • 156.231.181.96
                                        resgod.mpsl.elfGet hashmaliciousMiraiBrowse
                                        • 156.249.231.176
                                        m68k.elfGet hashmaliciousMiraiBrowse
                                        • 156.252.201.202
                                        mpsl.elfGet hashmaliciousMiraiBrowse
                                        • 156.249.231.187
                                        x86_64.elfGet hashmaliciousMiraiBrowse
                                        • 156.238.135.154
                                        arm7.elfGet hashmaliciousMiraiBrowse
                                        • 156.231.181.97
                                        arm.elfGet hashmaliciousMiraiBrowse
                                        • 156.231.181.93
                                        i686.elfGet hashmaliciousMiraiBrowse
                                        • 156.238.135.164
                                        ppc.elfGet hashmaliciousMiraiBrowse
                                        • 156.251.85.219
                                        POWERLINE-AS-APPOWERLINEDATACENTERHKmips.elfGet hashmaliciousMiraiBrowse
                                        • 156.251.7.171
                                        dlr.x86.elfGet hashmaliciousUnknownBrowse
                                        • 156.253.227.12
                                        dlr.mpsl.elfGet hashmaliciousUnknownBrowse
                                        • 156.253.227.12
                                        dlr.arm6.elfGet hashmaliciousUnknownBrowse
                                        • 156.253.227.12
                                        dlr.mips.elfGet hashmaliciousUnknownBrowse
                                        • 156.253.227.12
                                        hoho.sparc.elfGet hashmaliciousUnknownBrowse
                                        • 45.202.220.126
                                        dokument wysy#U00c5 kowy faktury nr 52-FK-25.jsGet hashmaliciousFormBookBrowse
                                        • 45.202.215.236
                                        dokument wysy#U00c5 kowy faktury nr 52-FK-25.jsGet hashmaliciousFormBookBrowse
                                        • 45.202.215.236
                                        EU-Business-Register 2024-2025#U00b7pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 160.124.31.74
                                        ID2025-019#U00b7pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 160.124.31.74
                                        US-TELEPACIFICUSbyte.mips.elfGet hashmaliciousOkiruBrowse
                                        • 64.140.24.148
                                        ppc.elfGet hashmaliciousUnknownBrowse
                                        • 69.178.148.199
                                        SecuriteInfo.com.ELF.Mirai-CXE.14004.27270.elfGet hashmaliciousUnknownBrowse
                                        • 216.146.26.30
                                        arm5.elfGet hashmaliciousUnknownBrowse
                                        • 216.146.26.30
                                        cbr.x86.elfGet hashmaliciousMiraiBrowse
                                        • 65.60.78.35
                                        jklmips.elfGet hashmaliciousUnknownBrowse
                                        • 66.81.80.166
                                        nklmips.elfGet hashmaliciousUnknownBrowse
                                        • 64.60.67.186
                                        jklm68k.elfGet hashmaliciousUnknownBrowse
                                        • 216.146.25.253
                                        nabmpsl.elfGet hashmaliciousUnknownBrowse
                                        • 208.57.85.236
                                        i686.elfGet hashmaliciousMiraiBrowse
                                        • 69.19.202.218
                                        ASN-QUADRANET-GLOBALUSARxx7NW.exeGet hashmaliciousXmrigBrowse
                                        • 104.245.241.161
                                        .main.elfGet hashmaliciousXmrigBrowse
                                        • 104.245.240.20
                                        wjfOfXh.exe1.exeGet hashmaliciousUnknownBrowse
                                        • 45.95.233.53
                                        socks.exeGet hashmaliciousSliverBrowse
                                        • 45.61.169.127
                                        2mtls.exeGet hashmaliciousSliverBrowse
                                        • 45.61.169.127
                                        1https.exeGet hashmaliciousSliverBrowse
                                        • 45.61.169.127
                                        http://t.dripemail2.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzQyNDg1MjAxLCJuYmYiOjE3NDI0ODUyMDEsImFjY291bnRfaWQiOiI5MjExNzMxIiwiZGVsaXZlcnlfaWQiOiI2ZGY2cmIydXVwbjY4cnNhdWo0NCIsInRva2VuIjoiNmRmNnJiMnV1cG42OHJzYXVqNDQiLCJzZW5kX2F0IjoxNzQyNDgzOTQ4LCJlbWFpbF9pZCI6MTA1MDc4ODcsImVtYWlsYWJsZV90eXBlIjoiQnJvYWRjYXN0IiwiZW1haWxhYmxlX2lkIjo0MTkzMDc4LCJ1cmwiOiJodHRwOi8vZ2NyLnVwcGxleC5jby5rZT9fX3M9cWMwZ2JsdTk1emZnYmh3ZHp5OG4mdXRtX3NvdXJjZT1kcmlwJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPVdlK2dvdCthK21ha2VvdmVyLiJ9.nJ9tzd3-jhbWgSNwRLHamHKYwZXuNcZIG2E1QBFM5fgGet hashmaliciousHTMLPhisherBrowse
                                        • 45.61.169.110
                                        ATT11027.xhtmlGet hashmaliciousHTMLPhisherBrowse
                                        • 185.174.100.76
                                        http://url5681.planter.eco/ls/click?upn=u001.PX1-2BssefkOe686e7wTSUMqibxN-2FCUadbAKgpTv23cYOIQxMvH9FGLuwPON-2Ft4V08mI3EhMVAoZnU-2Br4hRroTgY6212B0nGnr8aV-2B5ZtDZ10DmDDkH6mdlmAzG8M-2BiNsGPGMX1iPzlrrdaY9R4kk4qHfVergkdfGzm-2BAmGL-2FwYqLpCth-2FU-2ByXRztop6mHKwMCk43gAzvI9DCKmBcEcJQKyQ-3D-3Da5U3_GwWzR5CPD3uhhoxi7nJtY0-2BQC5TKRtJEXtldUtgGNIU9EPMkwXhPBMhFexKYRqOhYUH1k-2FQVOT9D8S6mnbGzOTVeFZqZ2eiXdrD6GdHPzzO106h29UdS-2BIz4v5acd9FnatQanlGtMNJsbvRJRS5dF6-2BMeTnNy39wilhlMfgiqmmr792hlZiyIO30hIfNO7fmE4Qvw7CYEB9aPKMoYkpeVA-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                        • 104.245.240.188
                                        AVISO DE COBRO DHL - 1606604473.PDF.exeGet hashmaliciousDarkCloudBrowse
                                        • 204.44.192.90
                                        No context
                                        No context
                                        Process:/tmp/mips.elf
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):14
                                        Entropy (8bit):3.378783493486176
                                        Encrypted:false
                                        SSDEEP:3:TgaLGn:TgAG
                                        MD5:640E98E7A87EC50F267F24DBC141D4DD
                                        SHA1:BC19B1CF25759386125D933665A8B429D9AE7E26
                                        SHA-256:6976993806B7CE05EA0AAA6BC975462833B19CF0D6DD4C9480F26FBAF66AF31D
                                        SHA-512:3887FBDFA33FF58EF35DDD9B1A2C9BDD611208904D8D371B2AFFE6E97F4C2EDA7A5BAA9786BDD3857AB6B31FE933CBE7290E7D9223671670A9BC739D457D4BA9
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:/tmp/mips.elf.
                                        Process:/tmp/mips.elf
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):14
                                        Entropy (8bit):3.378783493486176
                                        Encrypted:false
                                        SSDEEP:3:TgaLGn:TgAG
                                        MD5:640E98E7A87EC50F267F24DBC141D4DD
                                        SHA1:BC19B1CF25759386125D933665A8B429D9AE7E26
                                        SHA-256:6976993806B7CE05EA0AAA6BC975462833B19CF0D6DD4C9480F26FBAF66AF31D
                                        SHA-512:3887FBDFA33FF58EF35DDD9B1A2C9BDD611208904D8D371B2AFFE6E97F4C2EDA7A5BAA9786BDD3857AB6B31FE933CBE7290E7D9223671670A9BC739D457D4BA9
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:/tmp/mips.elf.
                                        File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                                        Entropy (8bit):5.505186359460307
                                        TrID:
                                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                        File name:mips.elf
                                        File size:89'244 bytes
                                        MD5:db8a488460b48e9712b0b6ef7d1184a4
                                        SHA1:f40c756e11050be2c587de9824417efb591ba4bf
                                        SHA256:18ac42553a13aa34671816e9370a5bb1459e75e3308392c64e824f02b1ddbe26
                                        SHA512:12b9009a43e76df965c265f17bb61ce29b5767fe2ac09790dd255bed97634cb76e1b0a167f0ea73b313fe81caf2e478f0ce701c86b4e67780758f951c4b4874a
                                        SSDEEP:1536:KBplXgKwbsqcaXhkooxA0a1qmlt0lUOH44/0SnB446CdbxDbw8mugCz65eXsdndi:KBplXgKwbsqcGk3xSlt0lUOH44/0SnBJ
                                        TLSH:1E93E95F2E31CFADF26DC33447B74A31A7A923C622E1C685D26CD5141F6024EA45FBA8
                                        File Content Preview:.ELF.....................@.`...4..Z......4. ...(.............@...@....M...M...............P..EP..EP....p..lT........dt.Q............................<...'......!'.......................<...'......!... ....'9... ......................<...'..h...!........'94

                                        ELF header

                                        Class:ELF32
                                        Data:2's complement, big endian
                                        Version:1 (current)
                                        Machine:MIPS R3000
                                        Version Number:0x1
                                        Type:EXEC (Executable file)
                                        OS/ABI:UNIX - System V
                                        ABI Version:0
                                        Entry Point Address:0x400260
                                        Flags:0x1007
                                        ELF Header Size:52
                                        Program Header Offset:52
                                        Program Header Size:32
                                        Number of Program Headers:3
                                        Section Header Offset:88764
                                        Section Header Size:40
                                        Number of Section Headers:12
                                        Header String Table Index:11
                                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                        NULL0x00x00x00x00x0000
                                        .initPROGBITS0x4000940x940x8c0x00x6AX004
                                        .textPROGBITS0x4001200x1200x133500x00x6AX0016
                                        .finiPROGBITS0x4134700x134700x5c0x00x6AX004
                                        .rodataPROGBITS0x4134d00x134d00x19000x00x2A0016
                                        .ctorsPROGBITS0x4550000x150000x80x00x3WA004
                                        .dtorsPROGBITS0x4550080x150080x80x00x3WA004
                                        .dataPROGBITS0x4550200x150200x4400x00x3WA0016
                                        .gotPROGBITS0x4554600x154600x6100x40x10000003WAp0016
                                        .sbssNOBITS0x455a700x15a700x1c0x00x10000003WAp004
                                        .bssNOBITS0x455a900x15a700x61c40x00x3WA0016
                                        .shstrtabSTRTAB0x00x15a700x490x00x0001
                                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                        LOAD0x00x4000000x4000000x14dd00x14dd05.56560x5R E0x10000.init .text .fini .rodata
                                        LOAD0x150000x4550000x4550000xa700x6c543.60170x6RW 0x10000.ctors .dtors .data .got .sbss .bss
                                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                        Download Network PCAP: filteredfull

                                        • Total Packets: 78
                                        • 64839 undefined
                                        • 56190 undefined
                                        • 46164 undefined
                                        • 41763 undefined
                                        • 40237 undefined
                                        • 35086 undefined
                                        • 26141 undefined
                                        • 12016 undefined
                                        • 5102 undefined
                                        TimestampSource PortDest PortSource IPDest IP
                                        Mar 24, 2025 04:23:44.550277948 CET402405102192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:23:44.951992989 CET510240240104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:23:44.952658892 CET402405102192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:23:45.354876041 CET510240240104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:23:45.354999065 CET402405102192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:23:45.756406069 CET510240240104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:23:45.756617069 CET402405102192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:23:51.964555979 CET402405102192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:23:52.313848972 CET510240240104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:23:52.314043045 CET402405102192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:23:52.368539095 CET510240240104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:23:52.368582010 CET510240240104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:23:52.368963003 CET402405102192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:23:52.770849943 CET510240240104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:23:53.371823072 CET431425102192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:23:53.536536932 CET510243142154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:23:53.536849976 CET431425102192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:23:53.701268911 CET510243142154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:23:53.701623917 CET431425102192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:23:53.867716074 CET510243142154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:23:53.867928028 CET431425102192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:24:00.546442986 CET431425102192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:24:00.714056015 CET510243142154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:24:00.714116096 CET510243142154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:24:00.714440107 CET431425102192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:24:00.879193068 CET510243142154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:24:01.718055964 CET3495246164192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:02.211061001 CET4616434952216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:02.211213112 CET3495246164192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:02.704123020 CET4616434952216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:02.704289913 CET3495246164192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:03.196872950 CET4616434952216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:03.197026968 CET3495246164192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:09.221524954 CET3495246164192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:09.714719057 CET4616434952216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:09.714786053 CET4616434952216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:09.715142965 CET3495246164192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:10.208070040 CET4616434952216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:10.718672991 CET371505102192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:10.884238005 CET510237150156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:10.884424925 CET371505102192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:11.050476074 CET510237150156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:11.050745964 CET371505102192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:11.215634108 CET510237150156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:11.215951920 CET371505102192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:17.893557072 CET371505102192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:18.058689117 CET510237150156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:18.058758974 CET510237150156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:18.059159040 CET371505102192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:18.224055052 CET510237150156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:19.063642979 CET5812426141192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:19.465698957 CET2614158124104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:19.465972900 CET5812426141192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:19.867928982 CET2614158124104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:19.868351936 CET5812426141192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:20.272986889 CET2614158124104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:20.273375988 CET5812426141192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:26.476098061 CET5812426141192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:26.879216909 CET2614158124104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:26.879555941 CET2614158124104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:26.879791021 CET5812426141192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:27.281512976 CET2614158124104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:27.883632898 CET5021435086192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:28.277717113 CET3508650214104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:28.278146982 CET5021435086192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:28.670284986 CET3508650214104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:28.670639038 CET5021435086192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:29.065435886 CET3508650214104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:29.065639973 CET5021435086192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:35.288624048 CET5021435086192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:35.680908918 CET3508650214104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:35.680974960 CET3508650214104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:35.681417942 CET5021435086192.168.2.13104.245.241.61
                                        Mar 24, 2025 04:24:36.073899031 CET3508650214104.245.241.61192.168.2.13
                                        Mar 24, 2025 04:24:36.685106039 CET4727840237192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:37.168448925 CET4023747278216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:37.168731928 CET4727840237192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:37.653639078 CET4023747278216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:37.654118061 CET4727840237192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:38.138060093 CET4023747278216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:38.138292074 CET4727840237192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:44.178755045 CET4727840237192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:44.663328886 CET4023747278216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:44.663393974 CET4023747278216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:44.663671017 CET4727840237192.168.2.13216.146.26.30
                                        Mar 24, 2025 04:24:45.147192955 CET4023747278216.146.26.30192.168.2.13
                                        Mar 24, 2025 04:24:45.666487932 CET5037212016192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:45.832392931 CET1201650372156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:45.832550049 CET5037212016192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:45.998506069 CET1201650372156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:45.998642921 CET5037212016192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:46.163136959 CET1201650372156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:46.163297892 CET5037212016192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:52.841536045 CET5037212016192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:53.006958008 CET1201650372156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:53.007021904 CET1201650372156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:53.007189989 CET5037212016192.168.2.13156.244.45.113
                                        Mar 24, 2025 04:24:53.172342062 CET1201650372156.244.45.113192.168.2.13
                                        Mar 24, 2025 04:24:54.010601997 CET3597056190192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:24:54.176362991 CET5619035970154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:24:54.176851034 CET3597056190192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:24:54.342818975 CET5619035970154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:24:54.343141079 CET3597056190192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:24:54.507838964 CET5619035970154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:24:54.508217096 CET3597056190192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:25:01.186692953 CET3597056190192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:25:01.353893042 CET5619035970154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:25:01.353979111 CET5619035970154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:25:01.354455948 CET3597056190192.168.2.13154.205.155.243
                                        Mar 24, 2025 04:25:01.521377087 CET5619035970154.205.155.243192.168.2.13
                                        Mar 24, 2025 04:25:02.358355999 CET3680241763192.168.2.13216.73.156.19
                                        Mar 24, 2025 04:25:02.516076088 CET4176336802216.73.156.19192.168.2.13
                                        Mar 24, 2025 04:25:02.516452074 CET3680241763192.168.2.13216.73.156.19
                                        Mar 24, 2025 04:25:02.676270008 CET4176336802216.73.156.19192.168.2.13
                                        Mar 24, 2025 04:25:02.676794052 CET3680241763192.168.2.13216.73.156.19
                                        Mar 24, 2025 04:25:02.834171057 CET4176336802216.73.156.19192.168.2.13
                                        Mar 24, 2025 04:25:02.834408998 CET3680241763192.168.2.13216.73.156.19
                                        Mar 24, 2025 04:25:09.527815104 CET3680241763192.168.2.13216.73.156.19
                                        Mar 24, 2025 04:25:09.684634924 CET4176336802216.73.156.19192.168.2.13
                                        Mar 24, 2025 04:25:09.684698105 CET4176336802216.73.156.19192.168.2.13
                                        Mar 24, 2025 04:25:09.684896946 CET3680241763192.168.2.13216.73.156.19
                                        Mar 24, 2025 04:25:09.842235088 CET4176336802216.73.156.19192.168.2.13
                                        Mar 24, 2025 04:25:10.691046953 CET5256840237192.168.2.13154.205.155.97
                                        Mar 24, 2025 04:25:10.856879950 CET4023752568154.205.155.97192.168.2.13
                                        Mar 24, 2025 04:25:10.857198954 CET5256840237192.168.2.13154.205.155.97
                                        Mar 24, 2025 04:25:11.022217035 CET4023752568154.205.155.97192.168.2.13
                                        Mar 24, 2025 04:25:11.022391081 CET5256840237192.168.2.13154.205.155.97
                                        Mar 24, 2025 04:25:11.186949968 CET4023752568154.205.155.97192.168.2.13
                                        Mar 24, 2025 04:25:11.187305927 CET5256840237192.168.2.13154.205.155.97
                                        Mar 24, 2025 04:25:17.869060993 CET5256840237192.168.2.13154.205.155.97
                                        Mar 24, 2025 04:25:18.033896923 CET4023752568154.205.155.97192.168.2.13
                                        Mar 24, 2025 04:25:18.033946037 CET4023752568154.205.155.97192.168.2.13
                                        Mar 24, 2025 04:25:18.034600973 CET5256840237192.168.2.13154.205.155.97
                                        Mar 24, 2025 04:25:18.200530052 CET4023752568154.205.155.97192.168.2.13
                                        Mar 24, 2025 04:25:19.041368008 CET5148040237192.168.2.13156.244.44.239
                                        Mar 24, 2025 04:25:19.209032059 CET4023751480156.244.44.239192.168.2.13
                                        Mar 24, 2025 04:25:19.209579945 CET5148040237192.168.2.13156.244.44.239
                                        Mar 24, 2025 04:25:19.376008987 CET4023751480156.244.44.239192.168.2.13
                                        Mar 24, 2025 04:25:19.376364946 CET5148040237192.168.2.13156.244.44.239
                                        Mar 24, 2025 04:25:19.541059017 CET4023751480156.244.44.239192.168.2.13
                                        Mar 24, 2025 04:25:19.541352987 CET5148040237192.168.2.13156.244.44.239
                                        Mar 24, 2025 04:25:20.204715014 CET4023751480156.244.44.239192.168.2.13
                                        Mar 24, 2025 04:25:20.205024004 CET5148040237192.168.2.13156.244.44.239
                                        Mar 24, 2025 04:25:26.220957041 CET5148040237192.168.2.13156.244.44.239
                                        Mar 24, 2025 04:25:26.386244059 CET4023751480156.244.44.239192.168.2.13
                                        Mar 24, 2025 04:25:26.386804104 CET5148040237192.168.2.13156.244.44.239
                                        Mar 24, 2025 04:25:41.237452984 CET4120064839192.168.2.13104.245.241.64
                                        Mar 24, 2025 04:25:41.665030003 CET6483941200104.245.241.64192.168.2.13
                                        Mar 24, 2025 04:25:41.665196896 CET4120064839192.168.2.13104.245.241.64
                                        Mar 24, 2025 04:25:42.063967943 CET6483941200104.245.241.64192.168.2.13
                                        Mar 24, 2025 04:25:42.064093113 CET4120064839192.168.2.13104.245.241.64
                                        Mar 24, 2025 04:25:42.474323988 CET6483941200104.245.241.64192.168.2.13
                                        Mar 24, 2025 04:25:42.474530935 CET4120064839192.168.2.13104.245.241.64

                                        System Behavior

                                        Start time (UTC):03:23:43
                                        Start date (UTC):24/03/2025
                                        Path:/tmp/mips.elf
                                        Arguments:-
                                        File size:5777432 bytes
                                        MD5 hash:0083f1f0e77be34ad27f849842bbb00c