Source: unknown | TCP traffic detected without corresponding DNS query: 107.189.12.189 |
Source: unknown | TCP traffic detected without corresponding DNS query: 243.37.169.55 |
Source: unknown | TCP traffic detected without corresponding DNS query: 35.136.197.55 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.212.117.85 |
Source: unknown | TCP traffic detected without corresponding DNS query: 251.241.205.121 |
Source: unknown | TCP traffic detected without corresponding DNS query: 250.157.118.1 |
Source: unknown | TCP traffic detected without corresponding DNS query: 98.122.69.132 |
Source: unknown | TCP traffic detected without corresponding DNS query: 24.87.252.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 198.219.62.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 202.222.25.214 |
Source: unknown | TCP traffic detected without corresponding DNS query: 183.23.73.201 |
Source: unknown | TCP traffic detected without corresponding DNS query: 165.207.214.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 119.79.202.102 |
Source: unknown | TCP traffic detected without corresponding DNS query: 48.75.93.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 197.34.228.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 191.20.42.9 |
Source: unknown | TCP traffic detected without corresponding DNS query: 161.87.247.228 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.227.7.215 |
Source: unknown | TCP traffic detected without corresponding DNS query: 203.114.238.6 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.142.229.195 |
Source: unknown | TCP traffic detected without corresponding DNS query: 119.162.103.213 |
Source: unknown | TCP traffic detected without corresponding DNS query: 191.8.159.234 |
Source: unknown | TCP traffic detected without corresponding DNS query: 109.22.115.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 135.138.75.14 |
Source: unknown | TCP traffic detected without corresponding DNS query: 60.232.21.233 |
Source: unknown | TCP traffic detected without corresponding DNS query: 254.170.80.221 |
Source: unknown | TCP traffic detected without corresponding DNS query: 4.135.61.101 |
Source: unknown | TCP traffic detected without corresponding DNS query: 174.126.40.176 |
Source: unknown | TCP traffic detected without corresponding DNS query: 42.24.90.226 |
Source: unknown | TCP traffic detected without corresponding DNS query: 81.165.92.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 78.222.25.18 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.201.199.67 |
Source: unknown | TCP traffic detected without corresponding DNS query: 69.251.93.46 |
Source: unknown | TCP traffic detected without corresponding DNS query: 142.122.144.133 |
Source: unknown | TCP traffic detected without corresponding DNS query: 182.178.24.227 |
Source: unknown | TCP traffic detected without corresponding DNS query: 88.24.163.118 |
Source: unknown | TCP traffic detected without corresponding DNS query: 150.170.142.115 |
Source: unknown | TCP traffic detected without corresponding DNS query: 101.247.37.89 |
Source: unknown | TCP traffic detected without corresponding DNS query: 84.234.37.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 190.146.146.14 |
Source: unknown | TCP traffic detected without corresponding DNS query: 144.3.114.9 |
Source: unknown | TCP traffic detected without corresponding DNS query: 90.16.177.238 |
Source: unknown | TCP traffic detected without corresponding DNS query: 196.82.139.146 |
Source: unknown | TCP traffic detected without corresponding DNS query: 27.181.160.181 |
Source: unknown | TCP traffic detected without corresponding DNS query: 165.201.208.107 |
Source: unknown | TCP traffic detected without corresponding DNS query: 126.20.91.40 |
Source: unknown | TCP traffic detected without corresponding DNS query: 213.76.55.61 |
Source: unknown | TCP traffic detected without corresponding DNS query: 106.165.195.45 |
Source: unknown | TCP traffic detected without corresponding DNS query: 45.209.44.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 31.252.239.67 |
Source: x86, type: SAMPLE | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: x86, type: SAMPLE | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 5249.1.00000000df678f20.00000000de9fc6d2.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: 5245.1.00000000df678f20.00000000de9fc6d2.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: 5246.1.00000000df678f20.00000000de9fc6d2.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: 5244.1.00000000df678f20.00000000de9fc6d2.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: 5244.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: 5244.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 5246.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: 5246.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 5245.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: 5245.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 5249.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score = |
Source: 5249.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/491/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/793/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/772/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/796/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/774/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/797/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/777/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/799/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/658/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/912/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/759/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/936/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/918/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/1/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/761/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/785/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/884/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/720/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/721/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/788/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/789/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/800/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/801/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/847/fd |
Source: /tmp/x86 (PID: 5245) | File opened: /proc/904/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2033/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2033/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1582/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1582/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2275/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1612/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1612/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1579/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1579/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1699/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1699/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1335/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1335/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1698/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1698/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2028/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2028/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1334/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1334/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1576/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1576/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2302/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/3236/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2025/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2025/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2146/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2146/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/910/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/912/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/912/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/912/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/759/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/759/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/759/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/517/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2307/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/918/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/918/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/918/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1594/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1594/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2285/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2281/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1349/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1349/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1623/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1623/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/761/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/761/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/761/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1622/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1622/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/884/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/884/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/884/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1983/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1983/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2038/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2038/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1586/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1586/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1465/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1465/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1344/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1344/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1860/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1860/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1463/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1463/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/2156/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/800/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/800/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/800/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/801/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/801/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/801/exe |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1629/fd |
Source: /tmp/x86 (PID: 5248) | File opened: /proc/1629/exe |