Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Gpaw8cp28X

Overview

General Information

Sample Name:Gpaw8cp28X
Analysis ID:679229
MD5:06684e4bf9c538c2a01740b1f88171e7
SHA1:d883470ae217ceb8cb61d7b36befe8e41703226b
SHA256:2373eac488f89172263c8ea1d996d74d90803c54762cedf5808f05b9d6d341f1
Tags:32armelfmirai
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample reads /proc/mounts (often used for finding a writable filesystem)
Connects to many ports of the same IP (likely port scanning)
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:679229
Start date and time: 05/08/202212:34:482022-08-05 12:34:48 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 22s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:Gpaw8cp28X
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal72.spre.troj.lin@0/0@1/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/Gpaw8cp28X
PID:6227
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:

Process Tree

  • system is lnxubuntu20
  • Gpaw8cp28X (PID: 6227, Parent: 6125, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/Gpaw8cp28X
  • sh (PID: 6261, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 6261, Parent: 1477, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • sh (PID: 6263, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 6263, Parent: 1477, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • fusermount (PID: 6267, Parent: 1860, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • sh (PID: 6268, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • gsd-keyboard (PID: 6268, Parent: 1477, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
  • sh (PID: 6273, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
  • gsd-color (PID: 6273, Parent: 1477, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
  • sh (PID: 6276, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 6276, Parent: 1477, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • sh (PID: 6277, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 6277, Parent: 1477, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • sh (PID: 6284, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
  • gsd-smartcard (PID: 6284, Parent: 1477, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
  • sh (PID: 6285, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
  • gsd-datetime (PID: 6285, Parent: 1477, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
  • sh (PID: 6286, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • gsd-media-keys (PID: 6286, Parent: 1477, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
  • sh (PID: 6287, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
  • gsd-screensaver-proxy (PID: 6287, Parent: 1477, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
  • sh (PID: 6288, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
  • gsd-a11y-settings (PID: 6288, Parent: 1477, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
  • sh (PID: 6289, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
  • gsd-power (PID: 6289, Parent: 1477, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
  • sh (PID: 6290, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
  • gsd-sound (PID: 6290, Parent: 1477, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
  • sh (PID: 6291, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 6291, Parent: 1477, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • cleanup

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: Gpaw8cp28XVirustotal: Detection: 24%Perma Link

    Networking

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53876
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53880
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53882
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53884
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53890
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53894
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53898
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53908
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53926
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41186
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41190
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41192
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41194
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41198
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41202
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41212
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41216
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41220
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41228
    Connects to many ports of the same IP (likely port scanning)
    Source: global trafficTCP traffic: 107.182.129.240 ports 38241,1,2,3,4,8
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 119.178.234.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 70.86.254.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 23.159.86.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 202.104.254.238:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 190.101.236.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 45.253.230.19:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 75.49.213.207:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 68.219.14.238:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 223.155.223.145:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 20.98.14.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 131.12.216.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 119.52.94.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 186.225.153.62:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 50.40.153.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 83.182.10.156:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 134.32.208.237:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 66.167.71.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 208.20.126.45:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 1.230.86.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 146.155.66.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 126.148.201.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 136.195.184.106:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 111.131.212.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 116.43.219.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:33142 -> 107.182.129.240:38241
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 20.178.192.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 98.224.45.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 156.179.154.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 213.235.105.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 210.217.168.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 38.134.219.102:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 58.222.10.229:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 97.169.67.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 213.229.252.84:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 67.33.210.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 211.51.248.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 44.41.203.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 207.202.209.162:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 205.25.254.156:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 36.149.139.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 129.124.3.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 133.228.187.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 113.91.107.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 47.72.195.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 5.57.17.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 161.216.118.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 53.253.101.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 97.245.0.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 166.249.40.52:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 158.220.1.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 67.113.102.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 155.51.191.30:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 62.176.242.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 38.5.2.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 111.2.32.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 93.0.24.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 91.245.99.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 12.208.35.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 84.116.48.245:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 160.83.7.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 113.94.105.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 138.246.220.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 157.68.48.75:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 222.42.250.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 207.225.196.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 205.177.181.51:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 43.66.105.136:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 221.216.57.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 176.99.197.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 205.95.34.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 64.199.151.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 74.173.73.42:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 179.62.131.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 219.142.150.77:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 96.86.75.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 61.43.30.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 133.211.241.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 158.140.25.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 114.82.115.248:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 142.12.142.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 114.243.242.156:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 150.97.43.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 121.164.211.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 200.10.93.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 178.154.81.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 179.233.84.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 124.185.117.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 170.63.3.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 8.50.206.120:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 19.175.185.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 70.140.57.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 38.161.140.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 108.175.75.42:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 2.231.70.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 59.89.82.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 96.158.184.208:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 38.84.42.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 185.93.186.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 114.77.35.149:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 163.239.232.233:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 129.21.238.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 103.81.44.18:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 96.98.88.53:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 41.238.48.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 82.148.57.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 122.206.59.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 2.255.30.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 98.29.206.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 87.135.253.103:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 170.161.58.243:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 24.156.49.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 161.80.206.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 46.240.212.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 82.153.19.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 191.235.172.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 121.29.52.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 60.32.229.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 87.143.103.87:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 90.205.132.136:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 98.124.133.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 200.30.86.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 136.180.73.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 219.193.27.160:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 70.222.235.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 143.115.112.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 123.184.90.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 125.108.53.103:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 149.117.187.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 98.32.135.236:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 23.70.74.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 197.245.37.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 177.172.64.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 64.101.227.226:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 110.64.103.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 90.165.54.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 31.246.125.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 54.76.60.93:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 161.15.142.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 151.75.151.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 212.114.60.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 17.177.89.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 101.143.205.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 222.129.227.53:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 168.0.111.86:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 208.95.195.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 53.59.248.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 39.150.209.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 164.81.136.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 43.0.164.167:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 101.113.38.144:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 174.182.168.53:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 191.175.85.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 120.186.186.116:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 184.22.180.236:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 123.62.186.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 206.2.94.219:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 4.136.121.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 150.153.83.241:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 207.76.225.201:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 61.84.150.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 74.113.114.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 84.15.72.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 159.148.217.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 98.86.71.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 131.15.23.106:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 40.1.103.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 147.179.50.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 216.80.204.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 155.48.35.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 69.72.47.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 36.43.178.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 217.232.184.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 23.70.108.249:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 146.218.136.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 147.113.228.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 123.71.166.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 41.238.236.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 42.24.34.53:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 81.196.77.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 83.197.82.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 184.159.73.162:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 62.68.83.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 136.169.235.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 188.86.240.11:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 151.140.33.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 137.69.97.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 44.160.90.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 190.180.144.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 121.127.183.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 2.183.43.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 182.76.70.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 76.6.47.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 44.196.253.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 35.49.224.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 209.132.226.130:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 204.225.197.107:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 104.249.10.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 145.193.83.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 198.223.5.245:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 143.250.12.39:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 167.11.254.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 148.235.217.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 208.246.162.144:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 83.195.182.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 1.40.4.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 12.251.34.186:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 161.54.242.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 147.201.10.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 209.249.91.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 154.25.20.196:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 38.122.230.85:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 84.101.195.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 39.34.172.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 39.209.223.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 100.4.234.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 221.201.158.20:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 186.142.170.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 196.21.170.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 117.116.107.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 36.90.12.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 143.219.241.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 143.79.244.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 64.220.155.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 77.93.28.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 66.149.230.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 2.237.163.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 98.128.7.22:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 60.105.66.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 105.55.232.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 108.172.145.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 41.125.50.106:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 164.4.223.149:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 41.195.199.236:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 75.192.168.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 216.219.179.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 84.205.82.23:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 19.4.133.51:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 208.82.37.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 18.161.103.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 146.165.11.67:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 36.251.159.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 133.151.199.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 79.138.186.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 95.185.142.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 162.238.30.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 61.146.86.13:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 162.107.166.102:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 59.102.2.200:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 199.248.86.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 167.40.2.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 162.144.192.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 90.79.28.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 75.75.13.100:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 163.86.151.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 213.7.147.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 84.84.74.77:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 90.244.189.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 82.200.185.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 79.172.52.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 202.253.43.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 68.111.211.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 151.59.85.155:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 37.165.110.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 59.245.121.169:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 51.235.115.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 170.152.24.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 132.140.48.31:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 4.34.51.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 193.188.169.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 69.115.63.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 136.115.250.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 198.56.22.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 216.246.224.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 14.235.217.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 202.113.42.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 212.66.33.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 200.67.113.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 19.61.161.192:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 194.139.143.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 75.149.187.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 193.48.237.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 167.44.88.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 139.195.117.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 63.49.36.122:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 13.43.134.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 36.137.139.147:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 105.124.107.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 48.78.84.100:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 48.64.229.141:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 70.38.242.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 47.92.229.77:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 49.30.32.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 170.137.216.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 218.95.44.179:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 163.45.212.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 107.196.240.103:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 59.2.140.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 20.177.169.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 135.24.53.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 187.194.160.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 86.37.162.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 44.85.26.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 53.213.72.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 157.235.138.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 207.148.77.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 39.136.247.194:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 187.195.116.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 216.109.172.6:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 212.83.88.136:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 141.251.117.19:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 27.225.119.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 67.126.160.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 62.90.12.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 87.121.142.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 141.104.102.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 205.126.100.155:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 180.248.70.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 89.129.181.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 188.78.129.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 92.153.138.191:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 13.6.219.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 158.185.139.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 115.79.9.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 117.225.186.167:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 133.57.117.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 93.252.140.191:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 128.29.146.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 185.3.154.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 121.13.24.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 221.147.174.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 129.188.151.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 191.134.73.35:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 57.246.195.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 166.236.17.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 2.251.4.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 53.243.153.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 12.217.73.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 150.38.22.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 219.3.33.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 143.62.81.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 182.160.128.198:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 88.216.251.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 176.18.143.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 186.158.167.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 115.242.246.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 138.99.109.11:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 96.169.27.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 177.123.116.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 112.116.61.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 40.97.91.78:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 112.36.43.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 72.6.20.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 177.243.94.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 208.96.176.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 90.5.156.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 41.40.124.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 53.46.63.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 117.116.107.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 31.135.103.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 203.219.162.160:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 158.119.202.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 50.8.212.144:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 34.170.87.202:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 95.194.74.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 135.88.55.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 103.73.226.126:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 165.209.54.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 96.91.164.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 45.228.123.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 54.115.51.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 50.40.144.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 206.88.70.75:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 2.82.39.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 89.212.165.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 191.211.137.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 185.190.93.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 155.189.39.62:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 84.45.145.174:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 105.156.90.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 169.240.56.186:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 183.169.46.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 93.100.97.247:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 72.202.217.37:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 67.15.160.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 50.145.164.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 8.232.233.26:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 72.116.64.108:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 59.21.155.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 68.19.167.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 61.203.236.69:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 47.122.246.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 50.104.9.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 181.195.158.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 85.129.142.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 116.205.236.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 64.137.94.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 85.111.181.89:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 95.110.233.74:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 169.157.202.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 183.105.144.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 195.204.65.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 59.17.34.128:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 169.88.145.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 60.180.21.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 111.237.186.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 219.130.58.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 18.226.55.194:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 187.15.202.2:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 19.174.8.2:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 69.164.115.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 18.109.231.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 61.190.133.19:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 167.143.105.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 52.52.187.86:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 41.196.41.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 63.12.12.239:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 141.186.111.156:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 206.202.8.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 158.105.253.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 58.128.221.247:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 99.65.82.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 135.69.100.194:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 159.18.149.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 194.167.250.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 202.21.65.98:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 44.57.171.248:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 136.148.51.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 130.12.218.201:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 120.173.9.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 45.55.124.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 95.197.146.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 206.174.45.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 158.226.199.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 115.185.27.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 162.142.89.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 145.7.18.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 24.246.177.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 173.122.176.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 184.109.21.222:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 119.97.87.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 77.34.111.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 89.98.71.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 152.227.237.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 91.60.187.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 201.195.25.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 138.251.70.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 178.97.86.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 82.22.133.86:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 61.152.197.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 46.53.73.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 124.58.248.100:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 133.166.98.103:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 78.215.182.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 64.182.244.179:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 200.163.56.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 70.214.139.250:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 200.45.50.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 117.150.98.122:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 89.203.104.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 212.202.117.20:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 221.93.162.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 36.128.203.86:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 119.74.160.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 169.89.227.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 139.148.4.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 108.45.48.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 175.49.66.243:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 52.148.45.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 133.190.177.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 81.202.89.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 141.236.87.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 207.88.234.102:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 104.65.160.74:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 73.27.71.61:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 78.79.153.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 116.140.20.152:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 75.114.137.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 188.239.138.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 179.95.32.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 1.232.241.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 109.106.255.156:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 188.196.227.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 94.175.167.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 12.158.184.149:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 36.28.98.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 223.137.44.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 165.218.57.194:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 114.146.251.79:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 199.212.3.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 109.21.176.235:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 160.55.40.138:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 157.152.68.201:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 145.43.226.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 61.108.134.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 177.17.224.23:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 53.8.254.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 106.154.134.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 180.25.197.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 90.197.208.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:11055 -> 51.208.147.130:2323
    Source: /tmp/Gpaw8cp28X (PID: 6227)Socket: 127.0.0.1::8345
    Source: unknownDNS traffic detected: queries for: dosbot.in
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 119.178.234.153
    Source: unknownTCP traffic detected without corresponding DNS query: 12.183.71.193
    Source: unknownTCP traffic detected without corresponding DNS query: 139.255.118.155
    Source: unknownTCP traffic detected without corresponding DNS query: 138.59.224.153
    Source: unknownTCP traffic detected without corresponding DNS query: 20.70.151.70
    Source: unknownTCP traffic detected without corresponding DNS query: 70.86.254.250
    Source: unknownTCP traffic detected without corresponding DNS query: 192.195.53.252
    Source: unknownTCP traffic detected without corresponding DNS query: 172.169.84.31
    Source: unknownTCP traffic detected without corresponding DNS query: 160.201.191.152
    Source: unknownTCP traffic detected without corresponding DNS query: 205.27.39.58
    Source: unknownTCP traffic detected without corresponding DNS query: 32.252.185.131
    Source: unknownTCP traffic detected without corresponding DNS query: 1.211.15.61
    Source: unknownTCP traffic detected without corresponding DNS query: 132.162.221.171
    Source: unknownTCP traffic detected without corresponding DNS query: 174.89.222.15
    Source: unknownTCP traffic detected without corresponding DNS query: 185.68.65.38
    Source: unknownTCP traffic detected without corresponding DNS query: 159.220.157.215
    Source: unknownTCP traffic detected without corresponding DNS query: 138.209.22.65
    Source: unknownTCP traffic detected without corresponding DNS query: 53.223.25.78
    Source: unknownTCP traffic detected without corresponding DNS query: 223.143.129.235
    Source: unknownTCP traffic detected without corresponding DNS query: 44.145.96.208
    Source: unknownTCP traffic detected without corresponding DNS query: 23.159.86.79
    Source: unknownTCP traffic detected without corresponding DNS query: 59.152.86.212
    Source: unknownTCP traffic detected without corresponding DNS query: 222.146.88.203
    Source: unknownTCP traffic detected without corresponding DNS query: 113.197.181.83
    Source: unknownTCP traffic detected without corresponding DNS query: 201.104.141.24
    Source: unknownTCP traffic detected without corresponding DNS query: 163.93.14.131
    Source: unknownTCP traffic detected without corresponding DNS query: 81.81.58.68
    Source: unknownTCP traffic detected without corresponding DNS query: 31.227.206.41
    Source: unknownTCP traffic detected without corresponding DNS query: 202.104.254.238
    Source: unknownTCP traffic detected without corresponding DNS query: 159.254.88.69
    Source: unknownTCP traffic detected without corresponding DNS query: 61.13.47.175
    Source: unknownTCP traffic detected without corresponding DNS query: 195.59.222.93
    Source: unknownTCP traffic detected without corresponding DNS query: 17.89.94.13
    Source: unknownTCP traffic detected without corresponding DNS query: 52.144.202.31
    Source: unknownTCP traffic detected without corresponding DNS query: 216.198.160.2
    Source: unknownTCP traffic detected without corresponding DNS query: 133.187.33.35
    Source: unknownTCP traffic detected without corresponding DNS query: 190.101.236.83
    Source: unknownTCP traffic detected without corresponding DNS query: 115.161.123.29
    Source: unknownTCP traffic detected without corresponding DNS query: 209.48.162.115
    Source: unknownTCP traffic detected without corresponding DNS query: 183.213.213.71
    Source: unknownTCP traffic detected without corresponding DNS query: 139.56.119.172
    Source: unknownTCP traffic detected without corresponding DNS query: 81.122.212.161
    Source: unknownTCP traffic detected without corresponding DNS query: 218.170.168.130
    Source: unknownTCP traffic detected without corresponding DNS query: 149.53.192.110
    Source: unknownTCP traffic detected without corresponding DNS query: 172.133.126.75
    Source: unknownTCP traffic detected without corresponding DNS query: 205.85.192.64
    Source: unknownTCP traffic detected without corresponding DNS query: 106.225.20.229
    Source: unknownTCP traffic detected without corresponding DNS query: 76.102.212.125
    Source: unknownTCP traffic detected without corresponding DNS query: 138.231.162.93
    Source: unknownTCP traffic detected without corresponding DNS query: 45.253.230.19

    System Summary

    barindex
    Sample tries to kill multiple processes (SIGKILL)
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 796, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1349, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1477, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1489, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1579, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1582, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1586, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1594, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1622, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1623, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1627, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1629, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1632, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1633, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1638, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1639, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1642, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1648, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1654, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1656, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1661, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1664, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1668, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1698, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1699, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2009, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2033, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2038, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2114, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2128, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2129, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2195, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2208, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2226, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2242, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2275, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2281, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2285, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2289, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2294, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2307, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2637, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6261, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6263, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6268, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6273, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6276, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6277, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6284, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6285, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6286, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6287, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6288, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6289, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6290, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6291, result: successful
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 796, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1349, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1477, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1489, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1579, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1582, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1586, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1594, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1622, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1623, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1627, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1629, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1632, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1633, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1638, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1639, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1642, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1648, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1654, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1656, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1661, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1664, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1668, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1698, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 1699, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2009, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2033, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2038, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2114, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2128, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2129, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2195, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2208, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2226, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2242, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2275, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2281, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2285, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2289, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2294, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2307, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 2637, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6261, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6263, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6268, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6273, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6276, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6277, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6284, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6285, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6286, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6287, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6288, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6289, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6290, result: successful
    Source: /tmp/Gpaw8cp28X (PID: 6232)SIGKILL sent: pid: 6291, result: successful
    Source: classification engineClassification label: mal72.spre.troj.lin@0/0@1/0

    Persistence and Installation Behavior

    barindex
    Sample reads /proc/mounts (often used for finding a writable filesystem)
    Source: /bin/fusermount (PID: 6267)File: /proc/6267/mountsJump to behavior
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6232/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6236/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6235/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/3088/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/230/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/110/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/231/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/111/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/232/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/112/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/233/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/113/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/234/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1335/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/114/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/235/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1334/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1576/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/115/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/236/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/116/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/237/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/117/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/118/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/910/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/119/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/912/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/10/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/11/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/918/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/12/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/13/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6243/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/14/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6242/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/15/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6245/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/16/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6244/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/17/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6247/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/18/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6246/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/120/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/121/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/122/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/243/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/123/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/2/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/124/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/3/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/4/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/125/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/126/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1344/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1465/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/127/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/248/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/128/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/249/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1463/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/800/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/9/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/801/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6239/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/20/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/21/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1900/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/22/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6252/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/23/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6251/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/24/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6254/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/25/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6253/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/26/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6256/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/27/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6255/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/28/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6258/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/29/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6257/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/491/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/250/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/130/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/251/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/6250/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/252/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/132/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/253/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/254/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/255/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/256/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1599/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/257/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1477/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/379/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/258/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1476/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/259/cmdline
    Source: /tmp/Gpaw8cp28X (PID: 6233)File opened: /proc/1475/cmdline

    Hooking and other Techniques for Hiding and Protection

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53876
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53880
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53882
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53884
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53890
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53894
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53898
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53908
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 53926
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41186
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41190
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41192
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41194
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41198
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41202
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41212
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41216
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41220
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41228
    Source: /tmp/Gpaw8cp28X (PID: 6227)Queries kernel information via 'uname':
    Source: Gpaw8cp28X, 6227.1.00005581fa10c000.00005581fa23a000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
    Source: Gpaw8cp28X, 6227.1.00005581fa10c000.00005581fa23a000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
    Source: Gpaw8cp28X, 6227.1.00007ffcdb186000.00007ffcdb1a7000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
    Source: Gpaw8cp28X, 6227.1.00007ffcdb186000.00007ffcdb1a7000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/Gpaw8cp28XSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Gpaw8cp28X

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
    Service Stop
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
    File and Directory Discovery    		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
    Non-Standard Port    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Non-Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer2
    Application Layer Protocol    		SIM Card SwapCarrier Billing Fraud

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 679229 Sample: Gpaw8cp28X Startdate: 05/08/2022 Architecture: LINUX Score: 72 26 dosbot.in 2->26 28 202.8.207.204 WA-GOVERNMENT-AS-APWAGovernmentprojectAU China 2->28 30 99 other IPs or domains 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 36 Connects to many ports of the same IP (likely port scanning) 2->36 38 Uses known network protocols on non-standard ports 2->38 8 Gpaw8cp28X 2->8         started        10 gvfsd-fuse fusermount 2->10         started        13 gnome-session-binary sh gsd-sharing 2->13         started        15 13 other processes 2->15 signatures3 process4 signatures5 17 Gpaw8cp28X 8->17         started        42 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->42 process6 process7 19 Gpaw8cp28X 17->19         started        22 Gpaw8cp28X 17->22         started        24 Gpaw8cp28X 17->24         started        signatures8 40 Sample tries to kill multiple processes (SIGKILL) 19->40

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Gpaw8cp28X24%VirustotalBrowse

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    dosbot.in
    		107.182.129.240
    		truetrue
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      178.244.63.176
      		unknownTurkey
      		16135TURKCELL-ASTurkcellASTRfalse
      133.82.101.180
      		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
      210.63.26.188
      		unknownTaiwan; Republic of China (ROC)
      		4783SYSNET-AS1SYSTEXCORPORATIONTWfalse
      12.76.177.3
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      13.222.54.118
      		unknownUnited States
      		16509AMAZON-02USfalse
      143.171.203.17
      		unknownunknown
      		16504GRANITEUSfalse
      18.236.174.252
      		unknownUnited States
      		16509AMAZON-02USfalse
      182.104.143.167
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      25.198.201.133
      		unknownUnited Kingdom
      		7922COMCAST-7922USfalse
      192.213.135.183
      		unknownUnited States
      		7127SCEUSfalse
      193.162.164.239
      		unknownDenmark
      		1935FR-RENATER-LIMOUSINReseauRegionalLimousinEUfalse
      146.21.111.176
      		unknownSweden
      		56736VASTRAGOTALANDSREGIONENSEfalse
      132.100.154.212
      		unknownUnited States
      		306DNIC-ASBLK-00306-00371USfalse
      204.253.234.226
      		unknownUnited States
      		701UUNETUSfalse
      39.170.106.71
      		unknownChina
      		56041CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationCfalse
      197.206.187.55
      		unknownAlgeria
      		36947ALGTEL-ASDZfalse
      107.112.85.177
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      146.225.158.196
      		unknownUnited States
      		25400TELIA-NORWAY-ASTeliaNorwayCoreNetworksNOfalse
      48.189.85.175
      		unknownUnited States
      		2686ATGS-MMD-ASUSfalse
      2.237.163.230
      		unknownItaly
      		12874FASTWEBITfalse
      89.214.177.17
      		unknownPortugal
      		42863MEO-MOVELPTfalse
      203.247.80.92
      		unknownKorea Republic of
      		10063KMA-ASKoreaMeteorologicalAdministrationKRfalse
      133.97.175.104
      		unknownJapan58652KOCHI-U-NETKochiUniversityJPfalse
      156.222.254.194
      		unknownEgypt
      		8452TE-ASTE-ASEGfalse
      205.45.106.57
      		unknownUnited States
      		2914NTT-COMMUNICATIONS-2914USfalse
      122.138.197.6
      		unknownChina
      		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      76.220.20.215
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      221.31.66.241
      		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      113.181.189.131
      		unknownViet Nam
      		45899VNPT-AS-VNVNPTCorpVNfalse
      125.226.110.94
      		unknownTaiwan; Republic of China (ROC)
      		3462HINETDataCommunicationBusinessGroupTWfalse
      207.209.111.49
      		unknownUnited States
      		3300BTNLfalse
      121.78.107.93
      		unknownKorea Republic of
      		9286KINXIDC-AS-KRKINXKRfalse
      129.125.242.232
      		unknownNetherlands
      		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
      124.57.94.98
      		unknownKorea Republic of
      		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
      97.30.206.110
      		unknownUnited States
      		22394CELLCOUSfalse
      71.52.244.10
      		unknownUnited States
      		209CENTURYLINK-US-LEGACY-QWESTUSfalse
      123.99.85.40
      		unknownKorea Republic of
      		17857NAKDONGDIGITALBUSANNET-AS-KRTBroadKRfalse
      118.140.122.229
      		unknownHong Kong
      		9304HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHKfalse
      162.47.8.25
      		unknownUnited States
      		7046RFC2270-UUNET-CUSTOMERUSfalse
      94.45.67.208
      		unknownUkraine
      		47678SUNLINE-ASUAfalse
      37.182.218.10
      		unknownItaly
      		30722VODAFONE-IT-ASNITfalse
      210.163.112.160
      		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
      145.218.123.126
      		unknownEuropean Union
      		49362DSVDKfalse
      116.97.166.83
      		unknownViet Nam
      		7552VIETEL-AS-APViettelGroupVNfalse
      188.214.21.203
      		unknownRomania
      		20616GAZDUIRE-ASPierredeCoubertinnr3-5Et2ROfalse
      222.82.28.66
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      35.75.100.83
      		unknownUnited States
      		16509AMAZON-02USfalse
      187.237.159.132
      		unknownMexico
      		8151UninetSAdeCVMXfalse
      61.31.242.99
      		unknownTaiwan; Republic of China (ROC)
      		9924TFN-TWTaiwanFixedNetworkTelcoandNetworkServiceProvifalse
      218.232.253.32
      		unknownKorea Republic of
      		9318SKB-ASSKBroadbandCoLtdKRfalse
      45.200.15.125
      		unknownSeychelles
      		328608Africa-on-Cloud-ASZAfalse
      201.246.248.210
      		unknownChile
      		7418TELEFONICACHILESACLfalse
      160.206.97.255
      		unknownAustralia
      		24008HANSEN-AUHansenTechnologiesDoncasterAUfalse
      222.172.60.120
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      198.75.152.24
      		unknownUnited States
      		35350AS_SCHWARZ_PHARMA_AGAlfred-Nobel-Str10DEfalse
      196.246.206.187
      		unknownSouth Africa
      		136384OPTIX-AS-APOptixPakistanPvtLimitedPKfalse
      107.242.212.137
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      70.77.213.149
      		unknownCanada
      		6327SHAWCAfalse
      197.43.51.130
      		unknownEgypt
      		8452TE-ASTE-ASEGfalse
      144.181.232.194
      		unknownNorway
      		25400TELIA-NORWAY-ASTeliaNorwayCoreNetworksNOfalse
      102.109.207.12
      		unknownTunisia
      		37693TUNISIANATNfalse
      95.255.100.90
      		unknownItaly
      		3269ASN-IBSNAZITfalse
      25.152.149.205
      		unknownUnited Kingdom
      		7922COMCAST-7922USfalse
      25.19.87.216
      		unknownUnited Kingdom
      		7922COMCAST-7922USfalse
      27.157.84.172
      		unknownChina
      		133774CHINATELECOM-FUJIAN-FUZHOU-IDC1FuzhouCNfalse
      156.165.92.164
      		unknownEgypt
      		36992ETISALAT-MISREGfalse
      84.46.134.233
      		unknownLithuania
      		15419LRTC-ASLTfalse
      169.114.203.114
      		unknownUnited States
      		37611AfrihostZAfalse
      207.63.113.232
      		unknownUnited States
      		6325ILLINOIS-CENTURYUSfalse
      40.253.33.65
      		unknownUnited States
      		4249LILLY-ASUSfalse
      155.148.132.154
      		unknownUnited States
      		668DNIC-AS-00668USfalse
      173.21.73.20
      		unknownUnited States
      		30036MEDIACOM-ENTERPRISE-BUSINESSUSfalse
      80.19.226.209
      		unknownItaly
      		3269ASN-IBSNAZITfalse
      123.242.218.240
      		unknownJapan18092CSFKyushuTeleCommunicationsCompanyJPfalse
      211.106.238.201
      		unknownKorea Republic of
      		4766KIXS-AS-KRKoreaTelecomKRfalse
      165.212.138.226
      		unknownUnited States
      		14454PERIMETER-ESECURITYUSfalse
      131.151.152.155
      		unknownUnited States
      		11348MSTUSfalse
      143.162.83.130
      		unknownUnited States
      		8094PUKNETZAfalse
      98.31.101.51
      		unknownUnited States
      		10796TWC-10796-MIDWESTUSfalse
      45.86.53.66
      		unknownGermany
      		47787HASHPOWERPTfalse
      54.233.71.31
      		unknownUnited States
      		16509AMAZON-02USfalse
      173.133.29.135
      		unknownUnited States
      		10507SPCSUSfalse
      171.196.177.245
      		unknownUnited States
      		10794BANKAMERICAUSfalse
      114.49.23.100
      		unknownJapan37903EMOBILEYmobileCorporationJPfalse
      157.196.2.123
      		unknownUnited States
      		4704SANNETRakutenMobileIncJPfalse
      151.178.178.143
      		unknownAustralia
      		45025EDN-ASUAfalse
      212.213.115.0
      		unknownFinland
      		1759TSF-IP-CORETeliaFinlandOyjEUfalse
      8.76.213.28
      		unknownUnited States
      		3356LEVEL3USfalse
      168.30.49.104
      		unknownUnited States
      		3479PEACHNET-AS1USfalse
      124.236.254.197
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      161.231.177.179
      		unknownUnited States
      		12353VODAFONE-PTVodafonePortugalPTfalse
      73.136.128.117
      		unknownUnited States
      		7922COMCAST-7922USfalse
      133.207.242.3
      		unknownJapan2518BIGLOBEBIGLOBEIncJPfalse
      211.185.174.137
      		unknownKorea Republic of
      		4766KIXS-AS-KRKoreaTelecomKRfalse
      42.57.78.152
      		unknownChina
      		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      172.179.36.241
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      202.8.207.204
      		unknownChina
      		136518WA-GOVERNMENT-AS-APWAGovernmentprojectAUfalse
      195.227.5.130
      		unknownGermany
      		8469PIRONETNDH-ASCANCOMPironetAGCoKGDEfalse
      220.60.94.148
      		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      182.89.214.58
      		unknownChina
      		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
      Entropy (8bit):6.018756052212191
      TrID:
      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
      File name:Gpaw8cp28X
      File size:62728
      MD5:06684e4bf9c538c2a01740b1f88171e7
      SHA1:d883470ae217ceb8cb61d7b36befe8e41703226b
      SHA256:2373eac488f89172263c8ea1d996d74d90803c54762cedf5808f05b9d6d341f1
      SHA512:5e209338e20455ea1ea0c9e4697a2b7313fe3ca1df339eecc919c6f9d32d5b10d20e2eac33bf3773114c2fbd354ee0fa65718dcac0d9d3d73ea15cc007d88651
      SSDEEP:768:qnhYWGFe03XhdftXrq4BVoVGYQqFoLFYBQ1PGt557nN/NPIvvJrM54OgR3zD3Gbu:6uWMewrqH572Yq9Gt5JN8i52P3GC1TW
      TLSH:E4532985BC819A13C5D022BBFB5E418C332663B8D2EE3207DD256F11778B91F0EAB615
      File Content Preview:.ELF...a..........(.........4...P.......4. ...(.........................................................8%..........Q.td..................................-...L."...H6..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:ARM
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:ARM - ABI
      ABI Version:0
      Entry Point Address:0x8190
      Flags:0x2
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:62288
      Section Header Size:40
      Number of Section Headers:11
      Header String Table Index:10

      Sections

      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
      NULL0x00x00x00x00x0000
      .initPROGBITS0x80940x940x180x00x6AX004
      .textPROGBITS0x80b00xb00xd9580x00x6AX0016
      .finiPROGBITS0x15a080xda080x140x00x6AX004
      .rodataPROGBITS0x15a1c0xda1c0x12700x00x2A004
      .ctorsPROGBITS0x1f0000xf0000x80x00x3WA004
      .dtorsPROGBITS0x1f0080xf0080x80x00x3WA004
      .jcrPROGBITS0x1f0100xf0100x40x00x3WA004
      .dataPROGBITS0x1f0140xf0140x2f80x00x3WA004
      .bssNOBITS0x1f30c0xf30c0x222c0x00x3WA004
      .shstrtabSTRTAB0x00xf30c0x430x00x0001

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x80000x80000xec8c0xec8c6.10680x5R E0x8000.init .text .fini .rodata
      LOAD0xf0000x1f0000x1f0000x30c0x25382.25620x6RW 0x8000.ctors .dtors .jcr .data .bss
      GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Aug 5, 2022 12:35:35.482628107 CEST110552323192.168.2.23119.178.234.153
      Aug 5, 2022 12:35:35.482778072 CEST1105523192.168.2.2312.183.71.193
      Aug 5, 2022 12:35:35.482779026 CEST1105523192.168.2.23139.255.118.155
      Aug 5, 2022 12:35:35.482781887 CEST1105523192.168.2.23138.59.224.153
      Aug 5, 2022 12:35:35.482779980 CEST1105523192.168.2.2320.70.151.70
      Aug 5, 2022 12:35:35.482784986 CEST110552323192.168.2.2370.86.254.250
      Aug 5, 2022 12:35:35.482794046 CEST1105523192.168.2.23192.195.53.252
      Aug 5, 2022 12:35:35.482805967 CEST1105523192.168.2.23172.169.84.31
      Aug 5, 2022 12:35:35.482811928 CEST1105523192.168.2.23160.201.191.152
      Aug 5, 2022 12:35:35.482825994 CEST1105523192.168.2.23205.27.39.58
      Aug 5, 2022 12:35:35.482826948 CEST1105523192.168.2.2332.252.185.131
      Aug 5, 2022 12:35:35.482831955 CEST1105523192.168.2.231.211.15.61
      Aug 5, 2022 12:35:35.482839108 CEST1105523192.168.2.23132.162.221.171
      Aug 5, 2022 12:35:35.482848883 CEST1105523192.168.2.23174.89.222.15
      Aug 5, 2022 12:35:35.482852936 CEST1105523192.168.2.23185.68.65.38
      Aug 5, 2022 12:35:35.482867002 CEST1105523192.168.2.23159.220.157.215
      Aug 5, 2022 12:35:35.482880116 CEST1105523192.168.2.23138.209.22.65
      Aug 5, 2022 12:35:35.482882023 CEST1105523192.168.2.2353.223.25.78
      Aug 5, 2022 12:35:35.482896090 CEST1105523192.168.2.23223.143.129.235
      Aug 5, 2022 12:35:35.482898951 CEST1105523192.168.2.2344.145.96.208
      Aug 5, 2022 12:35:35.482898951 CEST110552323192.168.2.2323.159.86.79
      Aug 5, 2022 12:35:35.482964039 CEST1105523192.168.2.2359.152.86.212
      Aug 5, 2022 12:35:35.482964993 CEST1105523192.168.2.23222.146.88.203
      Aug 5, 2022 12:35:35.482964993 CEST1105523192.168.2.23113.197.181.83
      Aug 5, 2022 12:35:35.482964993 CEST1105523192.168.2.23201.104.141.24
      Aug 5, 2022 12:35:35.482975960 CEST1105523192.168.2.23210.197.171.183
      Aug 5, 2022 12:35:35.482975960 CEST1105523192.168.2.23163.93.14.131
      Aug 5, 2022 12:35:35.482976913 CEST1105523192.168.2.2381.81.58.68
      Aug 5, 2022 12:35:35.482980013 CEST1105523192.168.2.2331.227.206.41
      Aug 5, 2022 12:35:35.482980967 CEST110552323192.168.2.23202.104.254.238
      Aug 5, 2022 12:35:35.482981920 CEST1105523192.168.2.23159.254.88.69
      Aug 5, 2022 12:35:35.482983112 CEST1105523192.168.2.2361.13.47.175
      Aug 5, 2022 12:35:35.482985020 CEST1105523192.168.2.23195.59.222.93
      Aug 5, 2022 12:35:35.482985973 CEST1105523192.168.2.2317.89.94.13
      Aug 5, 2022 12:35:35.482988119 CEST1105523192.168.2.2352.144.202.31
      Aug 5, 2022 12:35:35.482988119 CEST1105523192.168.2.23216.198.160.2
      Aug 5, 2022 12:35:35.482996941 CEST1105523192.168.2.23133.187.33.35
      Aug 5, 2022 12:35:35.483000994 CEST110552323192.168.2.23190.101.236.83
      Aug 5, 2022 12:35:35.483005047 CEST1105523192.168.2.23115.161.123.29
      Aug 5, 2022 12:35:35.483007908 CEST1105523192.168.2.23209.48.162.115
      Aug 5, 2022 12:35:35.483011961 CEST1105523192.168.2.23183.213.213.71
      Aug 5, 2022 12:35:35.483017921 CEST1105523192.168.2.23139.56.119.172
      Aug 5, 2022 12:35:35.483020067 CEST1105523192.168.2.2381.122.212.161
      Aug 5, 2022 12:35:35.483026028 CEST1105523192.168.2.23218.170.168.130
      Aug 5, 2022 12:35:35.483038902 CEST1105523192.168.2.23149.53.192.110
      Aug 5, 2022 12:35:35.483052969 CEST1105523192.168.2.23172.133.126.75
      Aug 5, 2022 12:35:35.483062029 CEST1105523192.168.2.23205.85.192.64
      Aug 5, 2022 12:35:35.483066082 CEST1105523192.168.2.23106.225.20.229
      Aug 5, 2022 12:35:35.483077049 CEST1105523192.168.2.2376.102.212.125
      Aug 5, 2022 12:35:35.483083010 CEST1105523192.168.2.23138.231.162.93
      Aug 5, 2022 12:35:35.483092070 CEST110552323192.168.2.2345.253.230.19
      Aug 5, 2022 12:35:35.483093977 CEST1105523192.168.2.23170.197.243.40
      Aug 5, 2022 12:35:35.483108044 CEST1105523192.168.2.23146.68.29.49
      Aug 5, 2022 12:35:35.483115911 CEST1105523192.168.2.2371.69.51.86
      Aug 5, 2022 12:35:35.483117104 CEST1105523192.168.2.23169.93.9.218
      Aug 5, 2022 12:35:35.483118057 CEST1105523192.168.2.23177.202.154.162
      Aug 5, 2022 12:35:35.483130932 CEST1105523192.168.2.23148.9.14.154
      Aug 5, 2022 12:35:35.483133078 CEST1105523192.168.2.23210.96.6.173
      Aug 5, 2022 12:35:35.483133078 CEST1105523192.168.2.238.234.148.5
      Aug 5, 2022 12:35:35.483134985 CEST1105523192.168.2.2377.8.102.98
      Aug 5, 2022 12:35:35.483151913 CEST110552323192.168.2.2375.49.213.207
      Aug 5, 2022 12:35:35.483160019 CEST1105523192.168.2.23142.210.95.166
      Aug 5, 2022 12:35:35.483167887 CEST1105523192.168.2.23163.113.176.55
      Aug 5, 2022 12:35:35.483181953 CEST1105523192.168.2.23136.236.12.204
      Aug 5, 2022 12:35:35.483187914 CEST1105523192.168.2.23103.78.208.16
      Aug 5, 2022 12:35:35.483194113 CEST1105523192.168.2.23118.111.90.63
      Aug 5, 2022 12:35:35.483197927 CEST1105523192.168.2.2340.209.182.138
      Aug 5, 2022 12:35:35.483202934 CEST1105523192.168.2.2325.145.179.80
      Aug 5, 2022 12:35:35.483208895 CEST1105523192.168.2.23213.202.46.76
      Aug 5, 2022 12:35:35.483213902 CEST1105523192.168.2.23212.158.41.207
      Aug 5, 2022 12:35:35.483231068 CEST110552323192.168.2.2368.219.14.238
      Aug 5, 2022 12:35:35.483237028 CEST1105523192.168.2.2392.153.159.153
      Aug 5, 2022 12:35:35.483239889 CEST1105523192.168.2.2377.61.235.178
      Aug 5, 2022 12:35:35.483253956 CEST1105523192.168.2.2354.241.42.44
      Aug 5, 2022 12:35:35.483264923 CEST1105523192.168.2.2354.57.210.197
      Aug 5, 2022 12:35:35.483273029 CEST1105523192.168.2.2338.151.231.177
      Aug 5, 2022 12:35:35.483290911 CEST1105523192.168.2.23129.232.246.70
      Aug 5, 2022 12:35:35.483293056 CEST1105523192.168.2.2347.197.84.57
      Aug 5, 2022 12:35:35.483293056 CEST1105523192.168.2.2327.33.29.142
      Aug 5, 2022 12:35:35.483295918 CEST1105523192.168.2.2390.49.49.174
      Aug 5, 2022 12:35:35.483299971 CEST110552323192.168.2.23223.155.223.145
      Aug 5, 2022 12:35:35.483303070 CEST1105523192.168.2.23126.253.251.167
      Aug 5, 2022 12:35:35.483311892 CEST1105523192.168.2.2376.226.214.1
      Aug 5, 2022 12:35:35.483313084 CEST1105523192.168.2.2372.29.22.20
      Aug 5, 2022 12:35:35.483320951 CEST1105523192.168.2.23131.135.94.152
      Aug 5, 2022 12:35:35.483330965 CEST1105523192.168.2.23167.25.72.43
      Aug 5, 2022 12:35:35.483339071 CEST1105523192.168.2.23107.48.4.144
      Aug 5, 2022 12:35:35.483340025 CEST1105523192.168.2.2344.248.248.175
      Aug 5, 2022 12:35:35.483359098 CEST1105523192.168.2.2393.31.165.183
      Aug 5, 2022 12:35:35.483361959 CEST1105523192.168.2.23123.126.243.177
      Aug 5, 2022 12:35:35.483364105 CEST110552323192.168.2.2320.98.14.164
      Aug 5, 2022 12:35:35.483386040 CEST1105523192.168.2.23125.61.76.233
      Aug 5, 2022 12:35:35.483382940 CEST1105523192.168.2.23130.160.10.165
      Aug 5, 2022 12:35:35.483395100 CEST1105523192.168.2.23112.225.42.147
      Aug 5, 2022 12:35:35.483396053 CEST1105523192.168.2.2341.204.220.78
      Aug 5, 2022 12:35:35.483397961 CEST1105523192.168.2.234.17.27.61
      Aug 5, 2022 12:35:35.483397961 CEST1105523192.168.2.2364.101.126.219
      Aug 5, 2022 12:35:35.483402967 CEST1105523192.168.2.23143.178.35.195
      Aug 5, 2022 12:35:35.483407974 CEST1105523192.168.2.23139.39.193.194
      Aug 5, 2022 12:35:35.483409882 CEST1105523192.168.2.23110.103.22.11

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
      Aug 5, 2022 12:35:35.461380959 CEST192.168.2.238.8.8.80x72c7Standard query (0)dosbot.inA (IP address)IN (0x0001)

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
      Aug 5, 2022 12:35:35.483572960 CEST8.8.8.8192.168.2.230x72c7No error (0)dosbot.in107.182.129.240A (IP address)IN (0x0001)

      System Behavior

      General

      Start time:12:35:34
      Start date:05/08/2022
      Path:/tmp/Gpaw8cp28X
      Arguments:/tmp/Gpaw8cp28X
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/tmp/Gpaw8cp28X
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/tmp/Gpaw8cp28X
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/tmp/Gpaw8cp28X
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/tmp/Gpaw8cp28X
      Arguments:n/a
      File size:4956856 bytes
      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gsd-sharing
      Arguments:/usr/libexec/gsd-sharing
      File size:35424 bytes
      MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gsd-wacom
      Arguments:/usr/libexec/gsd-wacom
      File size:39520 bytes
      MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gvfsd-fuse
      Arguments:n/a
      File size:47632 bytes
      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/bin/fusermount
      Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
      File size:39144 bytes
      MD5 hash:576a1b135c82bdcbc97a91acea900566

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gsd-keyboard
      Arguments:/usr/libexec/gsd-keyboard
      File size:39760 bytes
      MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gsd-color
      Arguments:/usr/libexec/gsd-color
      File size:92832 bytes
      MD5 hash:ac2861ad93ce047283e8e87cefef9a19

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gsd-print-notifications
      Arguments:/usr/libexec/gsd-print-notifications
      File size:51840 bytes
      MD5 hash:71539698aa691718cee775d6b9450ae2

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:35
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gsd-rfkill
      Arguments:/usr/libexec/gsd-rfkill
      File size:51808 bytes
      MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gsd-smartcard
      Arguments:/usr/libexec/gsd-smartcard
      File size:109152 bytes
      MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gsd-datetime
      Arguments:/usr/libexec/gsd-datetime
      File size:76736 bytes
      MD5 hash:d80d39745740de37d6634d36e344d4bc

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gsd-media-keys
      Arguments:/usr/libexec/gsd-media-keys
      File size:232936 bytes
      MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gsd-screensaver-proxy
      Arguments:/usr/libexec/gsd-screensaver-proxy
      File size:27232 bytes
      MD5 hash:77e309450c87dceee43f1a9e50cc0d02

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gsd-a11y-settings
      Arguments:/usr/libexec/gsd-a11y-settings
      File size:23056 bytes
      MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gsd-power
      Arguments:/usr/libexec/gsd-power
      File size:88672 bytes
      MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gsd-sound
      Arguments:/usr/libexec/gsd-sound
      File size:31248 bytes
      MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gnome-session-binary
      Arguments:n/a
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time:12:35:36
      Start date:05/08/2022
      Path:/usr/libexec/gsd-housekeeping
      Arguments:/usr/libexec/gsd-housekeeping
      File size:51840 bytes
      MD5 hash:b55f3394a84976ddb92a2915e5d76914