Source: unknown | TCP traffic detected without corresponding DNS query: 94.156.6.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 114.63.252.82 |
Source: unknown | TCP traffic detected without corresponding DNS query: 73.250.62.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 120.74.6.58 |
Source: unknown | TCP traffic detected without corresponding DNS query: 149.134.199.82 |
Source: unknown | TCP traffic detected without corresponding DNS query: 123.90.213.198 |
Source: unknown | TCP traffic detected without corresponding DNS query: 73.66.227.32 |
Source: unknown | TCP traffic detected without corresponding DNS query: 205.170.8.170 |
Source: unknown | TCP traffic detected without corresponding DNS query: 217.104.93.146 |
Source: unknown | TCP traffic detected without corresponding DNS query: 187.89.107.169 |
Source: unknown | TCP traffic detected without corresponding DNS query: 124.42.102.90 |
Source: unknown | TCP traffic detected without corresponding DNS query: 152.27.18.57 |
Source: unknown | TCP traffic detected without corresponding DNS query: 32.225.127.166 |
Source: unknown | TCP traffic detected without corresponding DNS query: 240.177.117.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 249.144.25.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 63.45.82.63 |
Source: unknown | TCP traffic detected without corresponding DNS query: 191.252.12.222 |
Source: unknown | TCP traffic detected without corresponding DNS query: 24.150.107.150 |
Source: unknown | TCP traffic detected without corresponding DNS query: 194.43.231.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 216.166.3.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 121.57.222.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 57.7.174.234 |
Source: unknown | TCP traffic detected without corresponding DNS query: 145.232.121.92 |
Source: unknown | TCP traffic detected without corresponding DNS query: 247.151.15.240 |
Source: unknown | TCP traffic detected without corresponding DNS query: 9.61.250.165 |
Source: unknown | TCP traffic detected without corresponding DNS query: 166.238.90.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 112.147.93.218 |
Source: unknown | TCP traffic detected without corresponding DNS query: 101.205.101.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.190.39.78 |
Source: unknown | TCP traffic detected without corresponding DNS query: 65.48.51.108 |
Source: unknown | TCP traffic detected without corresponding DNS query: 18.141.212.222 |
Source: unknown | TCP traffic detected without corresponding DNS query: 58.204.170.153 |
Source: unknown | TCP traffic detected without corresponding DNS query: 1.188.143.164 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.4.142.253 |
Source: unknown | TCP traffic detected without corresponding DNS query: 217.225.75.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.145.113.174 |
Source: unknown | TCP traffic detected without corresponding DNS query: 57.180.73.3 |
Source: unknown | TCP traffic detected without corresponding DNS query: 222.38.167.120 |
Source: unknown | TCP traffic detected without corresponding DNS query: 34.255.32.132 |
Source: unknown | TCP traffic detected without corresponding DNS query: 163.237.5.155 |
Source: unknown | TCP traffic detected without corresponding DNS query: 174.25.177.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 213.233.64.34 |
Source: unknown | TCP traffic detected without corresponding DNS query: 35.156.71.5 |
Source: unknown | TCP traffic detected without corresponding DNS query: 46.113.209.119 |
Source: unknown | TCP traffic detected without corresponding DNS query: 243.109.134.98 |
Source: unknown | TCP traffic detected without corresponding DNS query: 62.227.144.216 |
Source: unknown | TCP traffic detected without corresponding DNS query: 148.27.45.162 |
Source: unknown | TCP traffic detected without corresponding DNS query: 159.235.0.124 |
Source: unknown | TCP traffic detected without corresponding DNS query: 61.0.17.151 |
Source: unknown | TCP traffic detected without corresponding DNS query: 69.249.245.6 |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1185/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3241/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3483/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1732/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1730/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1333/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1695/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3235/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3234/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/911/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/515/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/914/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1617/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1615/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/917/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/5792/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3255/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3253/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1591/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3252/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3251/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3250/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1623/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1588/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3249/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/764/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3368/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1585/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3246/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3488/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/766/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/800/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/888/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/802/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1509/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/803/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/804/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/5702/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1867/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3407/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1484/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/490/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1514/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1634/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1479/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1875/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/654/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3379/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/655/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/656/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/777/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/931/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1595/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/657/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/812/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/779/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/658/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/933/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/5711/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/418/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/419/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3419/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3310/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3275/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3274/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3273/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3394/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3272/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/782/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3827/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3828/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3303/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3708/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3829/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1762/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3027/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1486/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/789/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1806/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1660/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3044/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3440/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/793/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/794/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3316/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/674/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/796/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/675/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/676/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1498/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1497/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1496/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3157/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3278/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3399/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3830/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/5458/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/1659/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3332/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3210/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3298/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3052/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/680/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/681/exe | Jump to behavior |
Source: /tmp/Njm98ikkmS.elf (PID: 5708) | File opened: /proc/3292/exe | Jump to behavior |
Source: 5678.22.dr | Binary or memory string: -9915837702310A--gzvmware kernel module |
Source: Njm98ikkmS.elf, 5700.1.0000555d06f9d000.0000555d0704d000.rw-.sdmp | Binary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq |
Source: 5678.22.dr | Binary or memory string: -1116261022170A--gzQEMU User Emulator |
Source: 5678.22.dr | Binary or memory string: qemu-or1k |
Source: 5678.22.dr | Binary or memory string: qemu-riscv64 |
Source: 5678.22.dr | Binary or memory string: qemu-arm |
Source: 5678.22.dr | Binary or memory string: (qemu |
Source: Njm98ikkmS.elf, 5700.1.0000555d06f9d000.0000555d0704d000.rw-.sdmp, Njm98ikkmS.elf, 5703.1.0000555d06f9d000.0000555d0704d000.rw-.sdmp, Njm98ikkmS.elf, 5709.1.0000555d06f9d000.0000555d0704d000.rw-.sdmp | Binary or memory string: /etc/qemu-binfmt/ppc |
Source: 5678.22.dr | Binary or memory string: qemu-tilegx |
Source: 5678.22.dr | Binary or memory string: qemu-hppa |
Source: Njm98ikkmS.elf, 5700.1.00007fff84087000.00007fff840a8000.rw-.sdmp, Njm98ikkmS.elf, 5703.1.00007fff84087000.00007fff840a8000.rw-.sdmp, Njm98ikkmS.elf, 5709.1.00007fff84087000.00007fff840a8000.rw-.sdmp | Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/Njm98ikkmS.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Njm98ikkmS.elf |
Source: 5678.22.dr | Binary or memory string: q{rqemu% |
Source: 5678.22.dr | Binary or memory string: )qemu |
Source: 5678.22.dr | Binary or memory string: vmware-toolbox-cmd |
Source: 5678.22.dr | Binary or memory string: qemu-ppc |
Source: 5678.22.dr | Binary or memory string: Tqemu9 |
Source: 5678.22.dr | Binary or memory string: qemu-aarch64_be |
Source: 5678.22.dr | Binary or memory string: 0qemu9 |
Source: 5678.22.dr | Binary or memory string: qemu-sparc64 |
Source: 5678.22.dr | Binary or memory string: qemu-mips64 |
Source: 5678.22.dr | Binary or memory string: vV:qemu9 |
Source: 5678.22.dr | Binary or memory string: <prezip-bin-1116269780060A--gzprefix zip delta word list compressor/decompressornameif-8815490444730A--gzname network interfaces based on MAC addressesxdg-user-dirs-update-1115483406210A--gzUpdate XDG user dir configurationip-link-8815816145190A--gznetwork device configurationhpsa-4415812813670A--gzHP Smart Array SCSI driverhd4-4415812813670A--gzMFM/IDE hard disk devicessane-canon630u-5516003468200A--gzSANE backend for the Canon 630u USB flatbed scannersg_copy_results-8815825816070A--gzsend SCSI RECEIVE COPY RESULTS command (XCOPY related)grub-macbless-8816214898500A--gzbless a mac file/directoryntfstruncate-8815568625640A-tgztruncate a file on an NTFS volumelessfile-1115936459130B--gz"input preprocessor" for less.sane-artec-5516003468200A--gzSANE backend for Artec flatbed scannersrmdir-1115676799200A--gzremove empty directoriessystemd-networkd-wait-online.service-8816268940210A--gzWait for network to come onlinemkfs.ntfs-8815568625640B-tgzcreate an NTFS file systemsg_inq-8815825816070A--gzissue SCSI INQUIRY command and/or decode its responseradattr.so-8815955079440Cpppd-radattr-gzc_rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valuestc-htb-8815816145190A--gzHierarchy Token Bucketgvfs-open-1115868766090A--gzsg_rbuf-8815825816070A--gzreads data using SCSI READ BUFFER commandglib-compile-schemas-1116155671180A--gzGSettings schema compileropenssl-srp-1ssl116164130370B--gzmaintain SRP password fileopenssl-rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valueslibvmtools-3315837702310A--gzvmware shared librarypasswd5-5515906478670A--gzthe password filenet::dbus::dumperNet::DBus::Dumper3pm315773746310A--gzStringify Net::DBus objects suitable for printingsane-hp4200-5516003468200A--gzSANE backend for Hewlett-Packard 4200 scannersposixoptions-7715812813670A--gzoptional parts of the POSIX standardnetworkmanager.confNetworkManager.conf5516002723180A--gzNetworkManager configuration fileownership-8815771238010A--gzCompaq ownership tag retrieveroakdecode-1115804162510A--gzDecode an OAKT printer stream into human readable form.gvfs-save-1115868766090A--gzmkfs.minix-8815953177680A--gzmake a Minix filesystemuri7-7715812813670A--gzuniform resource identifier (URI), including a URL or URNedit-1115714399500B--gzexecute programs via entries in the mailcap filegit-diff-files-1116148628880A--gzCompares files in the working tree and the index.ldaprc-5516136581350Cldap.conf-gzpactl-1116219586 |