Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
1isequal9.arm

Overview

General Information

Sample Name:1isequal9.arm
Analysis ID:626540
MD5:fc0a76d00e5267eae22dc71a6926b525
SHA1:b79f48ec66a6748c35af8972bc601dd46be47c6f
SHA256:1a26e16bc62ca7e71b3b2cfa9679b3e121d85c61d2c4be597d7441789d7bd7d1
Infos:

Detection

Mirai
Score:60
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Reads system files that contain records of logged in users
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample has stripped symbol table
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626540
Start date and time: 14/05/202211:50:172022-05-14 11:50:17 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 19s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:1isequal9.arm
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal60.spre.troj.linARM@0/46@3/0
  • Connection to analysis system has been lost, crash info: Unknown
  • Report size exceeded maximum capacity and may have missing network information.
Command:/tmp/1isequal9.arm
PID:6224
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
VegaSec-KATANA001
Standard Error:
  • system is lnxubuntu20
  • systemd New Fork (PID: 6242, Parent: 1)
  • journalctl (PID: 6242, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6263, Parent: 1)
  • systemd-journald (PID: 6263, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • systemd New Fork (PID: 6266, Parent: 1)
  • journalctl (PID: 6266, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 6307, Parent: 1)
  • dbus-daemon (PID: 6307, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • systemd New Fork (PID: 6322, Parent: 1)
  • whoopsie (PID: 6322, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 6326, Parent: 1860)
  • pulseaudio (PID: 6326, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6331, Parent: 1)
  • rtkit-daemon (PID: 6331, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon
  • systemd New Fork (PID: 6334, Parent: 1)
  • systemd-logind (PID: 6334, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6396, Parent: 1)
  • polkitd (PID: 6396, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug
  • systemd New Fork (PID: 6397, Parent: 1)
  • rsyslogd (PID: 6397, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE
  • gdm3 New Fork (PID: 6402, Parent: 1320)
  • Default (PID: 6402, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6403, Parent: 1320)
  • Default (PID: 6403, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6404, Parent: 1320)
  • Default (PID: 6404, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6408, Parent: 1)
  • agetty (PID: 6408, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux
  • systemd New Fork (PID: 6411, Parent: 1)
  • gpu-manager (PID: 6411, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 6412, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6413, Parent: 6412)
      • grep (PID: 6413, Parent: 6412, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6414, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6415, Parent: 6414)
      • grep (PID: 6415, Parent: 6414, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6416, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6417, Parent: 6416)
      • grep (PID: 6417, Parent: 6416, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6418, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6419, Parent: 6418)
      • grep (PID: 6419, Parent: 6418, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6420, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6421, Parent: 6420)
      • grep (PID: 6421, Parent: 6420, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6423, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6424, Parent: 6423)
      • grep (PID: 6424, Parent: 6423, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 6425, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 6426, Parent: 6425)
      • grep (PID: 6426, Parent: 6425, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 6431, Parent: 6411, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 6432, Parent: 6431)
      • grep (PID: 6432, Parent: 6431, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 6433, Parent: 1)
  • generate-config (PID: 6433, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 6434, Parent: 6433, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 6435, Parent: 1)
  • gdm-wait-for-drm (PID: 6435, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 6440, Parent: 1)
  • gdm3 (PID: 6440, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
    • gdm3 New Fork (PID: 6445, Parent: 6440)
    • plymouth (PID: 6445, Parent: 6440, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping
    • gdm3 New Fork (PID: 6463, Parent: 6440)
    • gdm-session-worker (PID: 6463, Parent: 6440, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
      • gdm-wayland-session (PID: 6467, Parent: 6463, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
        • dbus-daemon (PID: 6469, Parent: 6467, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session
          • dbus-daemon New Fork (PID: 6473, Parent: 6469)
            • false (PID: 6474, Parent: 6473, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
        • dbus-run-session (PID: 6475, Parent: 6467, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
          • dbus-daemon (PID: 6476, Parent: 6475, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session
    • gdm3 New Fork (PID: 6477, Parent: 6440)
    • Default (PID: 6477, Parent: 6440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
    • gdm3 New Fork (PID: 6478, Parent: 6440)
    • Default (PID: 6478, Parent: 6440, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6446, Parent: 1)
  • accounts-daemon (PID: 6446, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6458, Parent: 6446, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6459, Parent: 6458, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6460, Parent: 6459, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6461, Parent: 6460)
          • locale (PID: 6461, Parent: 6460, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6462, Parent: 6460)
          • grep (PID: 6462, Parent: 6460, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • fusermount (PID: 6486, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 6527, Parent: 1860)
  • dbus-daemon (PID: 6527, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  • cleanup
SourceRuleDescriptionAuthorStrings
1isequal9.armSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x11bc4:$xo1: \x18:/<994z`{e
  • 0x11c3c:$xo1: \x18:/<994z`{e
  • 0x11cb4:$xo1: \x18:/<994z`{e
  • 0x11d08:$xo1: \x18:/<994z`{e
  • 0x11d80:$xo1: \x18:/<994z`{e
  • 0x11df8:$xo1: \x18:/<994z`{e
  • 0x11e70:$xo1: \x18:/<994z`{e
  • 0x11ee0:$xo1: \x18:/<994z`{e
  • 0x11f5c:$xo1: \x18:/<994z`{e
  • 0x11fac:$xo1: \x18:/<994z`{e
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security
    SourceRuleDescriptionAuthorStrings
    6228.1.0000000095842f29.0000000017b7556a.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x850:$xo1: \x18:/<994z`{e
    • 0x8c8:$xo1: \x18:/<994z`{e
    • 0x940:$xo1: \x18:/<994z`{e
    • 0x998:$xo1: \x18:/<994z`{e
    • 0xa10:$xo1: \x18:/<994z`{e
    • 0xa88:$xo1: \x18:/<994z`{e
    • 0xb04:$xo1: \x18:/<994z`{e
    • 0xb78:$xo1: \x18:/<994z`{e
    • 0xbf8:$xo1: \x18:/<994z`{e
    • 0xc4c:$xo1: \x18:/<994z`{e
    6230.1.0000000095842f29.0000000017b7556a.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x850:$xo1: \x18:/<994z`{e
    • 0x8c8:$xo1: \x18:/<994z`{e
    • 0x940:$xo1: \x18:/<994z`{e
    • 0x998:$xo1: \x18:/<994z`{e
    • 0xa10:$xo1: \x18:/<994z`{e
    • 0xa88:$xo1: \x18:/<994z`{e
    • 0xb04:$xo1: \x18:/<994z`{e
    • 0xb78:$xo1: \x18:/<994z`{e
    • 0xbf8:$xo1: \x18:/<994z`{e
    • 0xc4c:$xo1: \x18:/<994z`{e
    6227.1.00000000de8a82a9.00000000d707757e.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x11bc4:$xo1: \x18:/<994z`{e
    • 0x11c3c:$xo1: \x18:/<994z`{e
    • 0x11cb4:$xo1: \x18:/<994z`{e
    • 0x11d08:$xo1: \x18:/<994z`{e
    • 0x11d80:$xo1: \x18:/<994z`{e
    • 0x11df8:$xo1: \x18:/<994z`{e
    • 0x11e70:$xo1: \x18:/<994z`{e
    • 0x11ee0:$xo1: \x18:/<994z`{e
    • 0x11f5c:$xo1: \x18:/<994z`{e
    • 0x11fac:$xo1: \x18:/<994z`{e
    6230.1.00000000de8a82a9.00000000d707757e.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x11bc4:$xo1: \x18:/<994z`{e
    • 0x11c3c:$xo1: \x18:/<994z`{e
    • 0x11cb4:$xo1: \x18:/<994z`{e
    • 0x11d08:$xo1: \x18:/<994z`{e
    • 0x11d80:$xo1: \x18:/<994z`{e
    • 0x11df8:$xo1: \x18:/<994z`{e
    • 0x11e70:$xo1: \x18:/<994z`{e
    • 0x11ee0:$xo1: \x18:/<994z`{e
    • 0x11f5c:$xo1: \x18:/<994z`{e
    • 0x11fac:$xo1: \x18:/<994z`{e
    6233.1.0000000095842f29.0000000017b7556a.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
    • 0x850:$xo1: \x18:/<994z`{e
    • 0x8c8:$xo1: \x18:/<994z`{e
    • 0x940:$xo1: \x18:/<994z`{e
    • 0x998:$xo1: \x18:/<994z`{e
    • 0xa10:$xo1: \x18:/<994z`{e
    • 0xa88:$xo1: \x18:/<994z`{e
    • 0xb04:$xo1: \x18:/<994z`{e
    • 0xb78:$xo1: \x18:/<994z`{e
    • 0xbf8:$xo1: \x18:/<994z`{e
    • 0xc4c:$xo1: \x18:/<994z`{e
    Click to see the 5 entries
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results
    Source: /usr/bin/pulseaudio (PID: 6326)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 6434)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: global trafficTCP traffic: 192.168.2.23:37900 -> 185.174.136.96:63645
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 213.28.149.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 9.123.3.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.14.170.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 153.144.25.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 95.18.120.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 94.245.250.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 200.219.14.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 173.131.230.201:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 39.12.109.30:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.107.14.245:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.174.65.162:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 92.128.159.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.108.162.235:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.221.105.93:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 146.249.82.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.193.125.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 177.23.179.42:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 210.189.76.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 123.29.118.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 191.41.208.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 112.184.122.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.98.254.238:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 160.116.89.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 88.189.39.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 58.163.23.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 175.173.122.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 83.201.12.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 13.153.236.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 86.40.200.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 223.216.63.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 207.91.21.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 140.238.118.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 200.157.23.136:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.143.33.128:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 150.179.0.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 203.29.30.81:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 152.104.117.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.191.221.115:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 63.252.190.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 139.159.230.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.48.239.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 212.5.218.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 180.126.241.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 223.119.144.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 80.27.204.179:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.89.113.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 181.89.64.106:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.190.102.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.160.254.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 113.139.231.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.33.129.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 213.107.171.192:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 17.32.56.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 145.174.17.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 207.185.236.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 115.5.20.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 45.202.161.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 40.82.7.248:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 141.115.14.22:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 165.25.157.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 138.228.163.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.7.235.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.242.149.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 178.66.182.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.201.109.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 27.3.101.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.86.84.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 135.91.135.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.187.203.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 165.117.87.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 106.26.210.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 73.48.124.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 220.108.105.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 83.34.128.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 95.78.34.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 53.142.113.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.73.24.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 219.31.39.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.181.41.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.88.165.20:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 62.77.67.252:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 120.168.36.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 195.226.149.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 159.95.154.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.125.201.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 89.83.66.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.58.171.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 109.193.225.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 197.233.180.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 37.111.223.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 209.31.65.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.158.9.144:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 201.162.94.144:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 85.179.233.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 48.251.92.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 5.60.182.179:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 208.107.181.238:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 102.92.221.200:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 124.214.92.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 112.25.137.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 109.180.23.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.217.40.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 178.73.114.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 47.15.61.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 220.23.167.100:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.6.244.93:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 89.236.102.170:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 162.11.166.169:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 20.130.82.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 71.110.225.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.109.16.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 91.7.253.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 103.71.83.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 105.201.1.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 174.204.108.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.159.127.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 179.111.215.78:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 94.47.66.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 54.130.125.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 60.112.49.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 107.238.41.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 34.198.88.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 114.15.76.77:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 210.48.84.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 14.156.59.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 145.79.58.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.228.160.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 118.224.216.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 75.207.46.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 100.211.134.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.207.44.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 142.61.174.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 117.237.154.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 176.15.176.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.155.129.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 222.240.100.219:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 17.193.206.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 181.58.228.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 102.233.29.75:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 67.149.140.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 53.223.229.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 120.1.32.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 31.97.202.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 195.84.235.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 186.198.87.243:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 75.125.191.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 174.168.97.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 157.92.86.146:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 104.13.156.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 173.137.6.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 191.155.2.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 73.112.6.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 177.57.236.117:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.224.195.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 206.64.176.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 160.10.111.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 9.167.137.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 122.215.142.11:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 86.232.215.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 157.86.33.106:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 76.143.145.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.88.76.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.196.136.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 208.30.153.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 216.17.206.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 113.146.196.13:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 181.17.164.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 41.22.37.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 108.121.162.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.133.99.169:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 197.174.200.156:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.26.253.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 86.98.156.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 146.160.3.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.102.61.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.54.90.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 90.250.175.245:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 163.70.231.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 197.241.122.155:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 65.179.201.67:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 92.188.168.236:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 171.80.193.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 19.238.161.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 203.218.175.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 31.212.139.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 165.33.137.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 108.106.203.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.246.19.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 161.241.64.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 90.25.16.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 178.191.22.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 208.55.188.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.58.205.200:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 153.104.235.191:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 117.100.39.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 203.36.78.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.20.212.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.72.251.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 176.62.84.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 64.54.62.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 206.18.179.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 218.205.213.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 61.140.147.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.4.89.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.198.49.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 193.32.98.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 171.47.44.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 70.227.136.116:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.106.161.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 183.94.152.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 211.246.217.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 66.130.226.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 89.1.160.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.38.183.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.143.49.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 98.148.97.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 61.57.220.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 107.142.54.87:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 90.22.249.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.223.213.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 149.50.225.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 185.175.110.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 39.226.200.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 87.19.11.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 5.167.16.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.147.165.141:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 119.44.244.219:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 162.66.149.128:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.39.249.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.159.152.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 8.200.83.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.108.197.39:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 175.135.161.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 188.125.164.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 174.29.182.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 24.192.55.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 18.158.49.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 170.110.73.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.107.170.6:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 106.158.153.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 222.63.162.96:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 108.111.51.252:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 86.36.137.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 77.195.57.226:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 179.247.226.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.223.212.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 98.6.135.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.61.239.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 204.192.148.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.68.253.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 57.91.101.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 202.244.31.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 221.170.248.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 220.20.177.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.38.210.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.119.62.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 45.24.32.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 176.109.189.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.78.150.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.53.133.120:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 177.208.64.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 61.210.116.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 102.231.80.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 80.84.14.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 135.52.197.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.223.0.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 43.137.247.17:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.84.4.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 155.146.161.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 161.202.40.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 151.208.157.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 105.242.153.2:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 200.13.182.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 103.199.35.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.58.231.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 1.219.80.198:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 39.61.16.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 40.202.224.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 78.222.124.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.9.156.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 14.77.235.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 196.251.141.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 173.125.0.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.116.101.147:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 58.23.212.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.193.117.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.83.221.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 151.206.10.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 102.228.164.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 209.121.186.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 138.5.32.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 190.162.238.167:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 71.159.113.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 111.74.137.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 77.52.9.233:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 73.162.246.52:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 222.218.234.18:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 110.217.218.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 191.51.198.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 218.91.243.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.50.0.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 24.17.243.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.124.145.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 184.146.137.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 197.13.250.51:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.5.99.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 72.27.18.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 41.76.20.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 40.40.27.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 166.202.28.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 5.43.124.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 9.86.79.98:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 79.75.83.160:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 120.245.75.222:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 222.57.208.86:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 125.37.56.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 180.28.8.85:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 5.68.14.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.211.5.126:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 196.98.141.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 109.187.43.117:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.220.24.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 66.116.163.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 61.78.184.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 194.166.250.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 93.189.58.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 148.29.177.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 212.49.1.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 48.156.140.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.0.156.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 53.77.73.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 165.67.174.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 4.26.91.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 9.100.148.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 4.200.252.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 213.85.160.109:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 77.178.221.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 57.157.12.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 202.209.160.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 1.70.195.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 88.234.41.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 53.127.230.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 146.16.156.186:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 116.193.236.17:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 123.139.13.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 183.8.129.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 151.218.85.122:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 151.25.40.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 188.233.91.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 93.134.44.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 169.154.183.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 164.8.156.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 184.45.49.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.29.196.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 23.43.71.241:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 130.29.66.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 167.208.74.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.106.108.219:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 119.0.64.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 146.147.189.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 218.120.251.13:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 200.21.12.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 195.129.253.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.184.117.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 166.169.243.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 101.81.18.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 157.203.116.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 188.27.60.145:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 37.169.53.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.166.94.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 105.144.72.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 159.136.154.3:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 41.85.60.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 147.90.89.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 70.31.137.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 71.246.121.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 133.20.238.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 93.74.217.114:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.32.249.81:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.71.208.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 148.223.80.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 167.126.64.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.144.105.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 32.181.19.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 77.146.108.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 4.13.169.6:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.202.70.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 204.145.39.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 106.86.195.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 75.52.181.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.237.129.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 23.231.16.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 68.134.117.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 211.88.99.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 188.211.106.97:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 12.109.243.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 42.246.196.248:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.160.132.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 2.128.6.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 110.77.136.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 180.35.250.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.95.167.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 145.77.224.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.97.114.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 149.156.169.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 8.187.18.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 48.207.151.12:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 166.70.20.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 176.150.247.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 159.53.224.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 211.183.130.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 93.97.201.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 112.71.19.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 97.5.8.75:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 13.255.155.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.11.190.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.148.189.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 80.115.177.160:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 101.40.77.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 41.25.118.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 158.34.24.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 124.28.245.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 193.153.104.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 34.48.46.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 112.42.66.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 223.164.118.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 114.208.216.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 92.94.54.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 203.36.139.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.88.248.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 189.111.184.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 207.52.88.30:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 82.187.154.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 71.55.244.52:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 190.110.236.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 36.216.37.48:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 114.219.57.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.129.135.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 187.63.252.236:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 118.243.75.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 211.218.213.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 191.65.185.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 149.52.10.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 4.10.195.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.98.47.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.141.50.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 84.40.27.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 193.111.51.3:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 135.254.149.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 44.25.218.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.91.176.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 100.151.194.132:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 31.62.135.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 164.42.76.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 108.136.154.202:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 38.38.195.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 65.222.218.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 69.95.177.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 74.226.184.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 17.230.248.174:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 148.23.104.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 142.117.58.192:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 48.190.135.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 156.75.87.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 100.139.164.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 125.27.163.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 198.123.209.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 204.127.15.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 217.176.59.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 104.109.165.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 167.13.81.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 181.44.47.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 152.114.244.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 189.238.208.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 182.103.106.194:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.178.149.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.145.124.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 81.221.183.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 85.168.180.187:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 83.72.171.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 2.119.8.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 168.62.71.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 79.172.216.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 126.3.211.81:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 220.225.160.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 121.76.65.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 27.153.213.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 46.218.147.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 35.242.191.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 210.241.67.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 42.43.80.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 162.14.177.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 162.117.152.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 198.206.255.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 153.101.218.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 92.226.46.208:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 24.129.134.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 8.233.214.97:2323
    Source: global trafficTCP traffic: 192.168.2.23:5501 -> 183.255.43.53:2323
    Source: /tmp/1isequal9.arm (PID: 6224)Socket: 127.0.0.1::59025Jump to behavior
    Source: /lib/systemd/systemd-journald (PID: 6263)Socket: <unknown socket type>:unknownJump to behavior
    Source: /usr/sbin/gdm3 (PID: 6440)Socket: <unknown socket type>:unknownJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 6469)Socket: <unknown socket type>:unknownJump to behavior
    Source: unknownNetwork traffic detected: HTTP traffic on port 56474 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56474
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 185.174.136.96
    Source: unknownTCP traffic detected without corresponding DNS query: 213.28.149.227
    Source: unknownTCP traffic detected without corresponding DNS query: 135.198.11.227
    Source: unknownTCP traffic detected without corresponding DNS query: 20.229.214.224
    Source: unknownTCP traffic detected without corresponding DNS query: 12.186.100.213
    Source: unknownTCP traffic detected without corresponding DNS query: 148.185.197.79
    Source: unknownTCP traffic detected without corresponding DNS query: 204.151.221.2
    Source: unknownTCP traffic detected without corresponding DNS query: 68.89.86.109
    Source: unknownTCP traffic detected without corresponding DNS query: 124.113.114.95
    Source: unknownTCP traffic detected without corresponding DNS query: 182.165.254.206
    Source: unknownTCP traffic detected without corresponding DNS query: 9.123.3.209
    Source: unknownTCP traffic detected without corresponding DNS query: 59.218.213.91
    Source: unknownTCP traffic detected without corresponding DNS query: 59.40.31.193
    Source: unknownTCP traffic detected without corresponding DNS query: 19.174.241.247
    Source: unknownTCP traffic detected without corresponding DNS query: 171.123.98.226
    Source: unknownTCP traffic detected without corresponding DNS query: 45.164.187.138
    Source: unknownTCP traffic detected without corresponding DNS query: 223.162.74.132
    Source: unknownTCP traffic detected without corresponding DNS query: 160.248.119.47
    Source: unknownTCP traffic detected without corresponding DNS query: 92.46.132.100
    Source: unknownTCP traffic detected without corresponding DNS query: 168.14.170.119
    Source: unknownTCP traffic detected without corresponding DNS query: 218.209.154.247
    Source: unknownTCP traffic detected without corresponding DNS query: 42.170.4.102
    Source: unknownTCP traffic detected without corresponding DNS query: 117.251.70.28
    Source: unknownTCP traffic detected without corresponding DNS query: 105.27.156.156
    Source: unknownTCP traffic detected without corresponding DNS query: 1.91.249.169
    Source: unknownTCP traffic detected without corresponding DNS query: 14.44.18.160
    Source: unknownTCP traffic detected without corresponding DNS query: 43.43.29.129
    Source: unknownTCP traffic detected without corresponding DNS query: 185.223.62.187
    Source: unknownTCP traffic detected without corresponding DNS query: 103.52.246.200
    Source: unknownTCP traffic detected without corresponding DNS query: 77.93.28.239
    Source: unknownTCP traffic detected without corresponding DNS query: 153.144.25.27
    Source: unknownTCP traffic detected without corresponding DNS query: 122.160.103.38
    Source: unknownTCP traffic detected without corresponding DNS query: 98.238.146.69
    Source: unknownTCP traffic detected without corresponding DNS query: 77.12.30.235
    Source: unknownTCP traffic detected without corresponding DNS query: 94.160.69.13
    Source: unknownTCP traffic detected without corresponding DNS query: 39.36.190.46
    Source: unknownTCP traffic detected without corresponding DNS query: 155.18.189.168
    Source: unknownTCP traffic detected without corresponding DNS query: 45.71.172.218
    Source: unknownTCP traffic detected without corresponding DNS query: 166.231.104.39
    Source: unknownTCP traffic detected without corresponding DNS query: 95.18.120.1
    Source: unknownTCP traffic detected without corresponding DNS query: 156.47.247.34
    Source: unknownTCP traffic detected without corresponding DNS query: 20.106.55.120
    Source: unknownTCP traffic detected without corresponding DNS query: 38.154.65.137
    Source: unknownTCP traffic detected without corresponding DNS query: 23.85.158.14
    Source: unknownTCP traffic detected without corresponding DNS query: 158.75.86.187
    Source: unknownTCP traffic detected without corresponding DNS query: 183.93.233.250
    Source: unknownTCP traffic detected without corresponding DNS query: 221.12.142.108
    Source: unknownTCP traffic detected without corresponding DNS query: 93.68.87.221
    Source: unknownTCP traffic detected without corresponding DNS query: 221.4.234.120
    Source: unknownTCP traffic detected without corresponding DNS query: 93.119.157.72
    Source: syslog.35.drString found in binary or memory: https://www.rsyslog.com
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com

    System Summary

    barindex
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 491, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 658, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 721, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 761, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 772, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 774, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 777, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 785, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 793, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1344, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1601, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1860, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 1886, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 2048, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6043, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6187, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6188, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6228, result: successfulJump to behavior
    Source: /tmp/1isequal9.arm (PID: 6233)SIGKILL sent: pid: 6233, result: unknownJump to behavior