Source: unknown | TCP traffic detected without corresponding DNS query: 139.59.109.181 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.176.248.149 |
Source: unknown | TCP traffic detected without corresponding DNS query: 65.102.182.244 |
Source: unknown | TCP traffic detected without corresponding DNS query: 206.156.228.248 |
Source: unknown | TCP traffic detected without corresponding DNS query: 126.211.67.201 |
Source: unknown | TCP traffic detected without corresponding DNS query: 254.57.127.237 |
Source: unknown | TCP traffic detected without corresponding DNS query: 42.174.88.103 |
Source: unknown | TCP traffic detected without corresponding DNS query: 17.146.132.160 |
Source: unknown | TCP traffic detected without corresponding DNS query: 100.174.238.80 |
Source: unknown | TCP traffic detected without corresponding DNS query: 171.170.104.99 |
Source: unknown | TCP traffic detected without corresponding DNS query: 153.132.33.251 |
Source: unknown | TCP traffic detected without corresponding DNS query: 166.198.87.72 |
Source: unknown | TCP traffic detected without corresponding DNS query: 113.101.226.169 |
Source: unknown | TCP traffic detected without corresponding DNS query: 126.36.211.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 71.11.133.40 |
Source: unknown | TCP traffic detected without corresponding DNS query: 111.143.191.208 |
Source: unknown | TCP traffic detected without corresponding DNS query: 168.6.223.175 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.179.27.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 176.22.197.103 |
Source: unknown | TCP traffic detected without corresponding DNS query: 161.191.55.222 |
Source: unknown | TCP traffic detected without corresponding DNS query: 48.242.216.110 |
Source: unknown | TCP traffic detected without corresponding DNS query: 248.107.117.154 |
Source: unknown | TCP traffic detected without corresponding DNS query: 241.73.251.30 |
Source: unknown | TCP traffic detected without corresponding DNS query: 125.49.203.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 44.98.137.68 |
Source: unknown | TCP traffic detected without corresponding DNS query: 99.25.118.236 |
Source: unknown | TCP traffic detected without corresponding DNS query: 83.94.230.74 |
Source: unknown | TCP traffic detected without corresponding DNS query: 125.245.3.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 84.74.70.223 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.227.50.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 42.228.115.114 |
Source: unknown | TCP traffic detected without corresponding DNS query: 181.61.64.46 |
Source: unknown | TCP traffic detected without corresponding DNS query: 142.34.241.12 |
Source: unknown | TCP traffic detected without corresponding DNS query: 109.25.119.113 |
Source: unknown | TCP traffic detected without corresponding DNS query: 123.35.15.99 |
Source: unknown | TCP traffic detected without corresponding DNS query: 191.89.166.162 |
Source: unknown | TCP traffic detected without corresponding DNS query: 222.209.236.207 |
Source: unknown | TCP traffic detected without corresponding DNS query: 19.238.218.197 |
Source: unknown | TCP traffic detected without corresponding DNS query: 249.75.226.101 |
Source: unknown | TCP traffic detected without corresponding DNS query: 5.232.20.162 |
Source: unknown | TCP traffic detected without corresponding DNS query: 153.57.217.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 240.3.234.53 |
Source: unknown | TCP traffic detected without corresponding DNS query: 79.88.130.24 |
Source: unknown | TCP traffic detected without corresponding DNS query: 221.205.32.209 |
Source: unknown | TCP traffic detected without corresponding DNS query: 255.144.182.174 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.120.125.247 |
Source: unknown | TCP traffic detected without corresponding DNS query: 155.42.225.72 |
Source: unknown | TCP traffic detected without corresponding DNS query: 27.25.66.84 |
Source: unknown | TCP traffic detected without corresponding DNS query: 195.188.103.17 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.14.91.242 |
Source: loligang.arm, type: SAMPLE | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: loligang.arm, type: SAMPLE | Matched rule: Detects ELF malware Mirai related Author: Florian Roth |
Source: 6236.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: 6236.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Detects ELF malware Mirai related Author: Florian Roth |
Source: 6242.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: 6242.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Detects ELF malware Mirai related Author: Florian Roth |
Source: 6233.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: 6233.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Detects ELF malware Mirai related Author: Florian Roth |
Source: 6235.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Detects Mirai Botnet Malware Author: Florian Roth |
Source: 6235.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Detects ELF malware Mirai related Author: Florian Roth |
Source: loligang.arm, type: SAMPLE | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: loligang.arm, type: SAMPLE | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: loligang.arm, type: SAMPLE | Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research |
Source: 6233.1.00000000cc577198.00000000dadd8b75.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6236.1.00000000dadd8b75.0000000004e52adb.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6242.1.00000000cc577198.00000000dadd8b75.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6236.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6236.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 6236.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research |
Source: 6233.1.00000000dadd8b75.0000000004e52adb.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6242.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6242.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 6242.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research |
Source: 6235.1.00000000dadd8b75.0000000004e52adb.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6235.1.00000000cc577198.00000000dadd8b75.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6236.1.00000000cc577198.00000000dadd8b75.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6242.1.00000000dadd8b75.0000000004e52adb.rw-.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6233.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6233.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 6233.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research |
Source: 6235.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6235.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b |
Source: 6235.1.000000008e4bd100.000000001113544c.r-x.sdmp, type: MEMORY | Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/6235/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2033/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2033/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1582/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1582/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2275/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/6191/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/6190/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1612/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1612/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1579/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1579/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1699/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1699/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1335/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1335/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1698/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1698/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2028/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2028/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1334/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1334/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1576/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1576/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2302/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/3236/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2025/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2025/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2146/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/910/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/912/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/912/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/912/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/759/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/759/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/759/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/517/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2307/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/918/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/918/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/918/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1594/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1594/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2285/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2281/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1349/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1349/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1623/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1623/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/761/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/761/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/761/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1622/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1622/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/884/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/884/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/884/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1983/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1983/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2038/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2038/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1586/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1586/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1465/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1465/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1344/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1344/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1860/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1860/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1463/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1463/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2156/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/800/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/800/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/800/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/801/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/801/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/801/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1629/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1629/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1627/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1627/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1900/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1900/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/491/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/491/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/491/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2294/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2050/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/2050/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1877/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1877/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/772/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/772/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/772/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1633/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1633/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1599/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1599/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1632/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1632/exe |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1477/fd |
Source: /tmp/loligang.arm (PID: 6241) | File opened: /proc/1477/exe |
Source: loligang.arm, 6233.1.000000006e500768.00000000c775d82a.rw-.sdmp, loligang.arm, 6235.1.000000006e500768.00000000c775d82a.rw-.sdmp, loligang.arm, 6236.1.000000006e500768.00000000c775d82a.rw-.sdmp, loligang.arm, 6242.1.000000006e500768.00000000c775d82a.rw-.sdmp | Binary or memory string: U!/etc/qemu-binfmt/arm |
Source: loligang.arm, 6233.1.0000000034c2cfa5.0000000016bd506a.rw-.sdmp, loligang.arm, 6235.1.0000000034c2cfa5.0000000016bd506a.rw-.sdmp, loligang.arm, 6236.1.0000000034c2cfa5.0000000016bd506a.rw-.sdmp, loligang.arm, 6242.1.0000000034c2cfa5.0000000016bd506a.rw-.sdmp | Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/loligang.armSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/loligang.arm |
Source: loligang.arm, 6233.1.000000006e500768.00000000c775d82a.rw-.sdmp, loligang.arm, 6235.1.000000006e500768.00000000c775d82a.rw-.sdmp, loligang.arm, 6236.1.000000006e500768.00000000c775d82a.rw-.sdmp, loligang.arm, 6242.1.000000006e500768.00000000c775d82a.rw-.sdmp | Binary or memory string: /etc/qemu-binfmt/arm |
Source: loligang.arm, 6233.1.0000000034c2cfa5.0000000016bd506a.rw-.sdmp, loligang.arm, 6235.1.0000000034c2cfa5.0000000016bd506a.rw-.sdmp, loligang.arm, 6236.1.0000000034c2cfa5.0000000016bd506a.rw-.sdmp, loligang.arm, 6242.1.0000000034c2cfa5.0000000016bd506a.rw-.sdmp | Binary or memory string: /usr/bin/qemu-arm |