Linux Analysis Report
3HOhJoCrj5.elf

Overview

General Information

Sample name:	3HOhJoCrj5.elf renamed because original name is a hash value
Original sample name:	1a0baa3312fef9d5191e84db87eb10bb.elf
Analysis ID:	1541858
MD5:	1a0baa3312fef9d5191e84db87eb10bb
SHA1:	e7861905f74b70e6e86e533d05115b93381ec172
SHA256:	824ca11bca7dab570e1731356be0a427e4611647ff66d798fefac339d1bedcc9
Tags:	32elfmiraimotorola
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 3HOhJoCrj5.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: 3HOhJoCrj5.elf

ReversingLabs: Detection: 65%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 79.164.144.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 167.183.5.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 182.78.95.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 77.106.140.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 191.80.216.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 204.33.245.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 154.189.166.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 139.93.82.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 191.175.227.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 31.143.112.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.135.32.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 204.93.66.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.99.159.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 133.77.0.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 187.206.8.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 93.235.161.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 70.43.63.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 183.240.65.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 103.174.184.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 189.94.117.66:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.244.248.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 4.72.107.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 167.174.177.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 122.206.78.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 203.107.178.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 147.136.184.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.132.191.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 180.35.181.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 38.18.128.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 146.89.192.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 182.115.31.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 202.91.105.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 48.8.47.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 143.218.196.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 42.11.20.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 188.125.147.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 65.142.32.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.191.5.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 97.164.122.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 27.117.118.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 89.21.117.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 170.132.131.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 154.32.25.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 199.230.18.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 104.122.248.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 96.174.159.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 221.36.118.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.157.183.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 92.53.132.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 141.34.198.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.154.117.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.135.253.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.226.90.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 38.95.16.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 83.168.248.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 143.17.245.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 84.250.116.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 180.114.143.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 137.245.4.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.207.207.124:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.3.234.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 37.17.191.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 160.159.62.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 213.59.130.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 37.80.226.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.214.188.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 79.95.155.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 51.143.174.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 198.47.138.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 83.45.213.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 82.194.103.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 131.109.4.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 150.45.225.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.213.86.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.230.142.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 65.104.210.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 168.87.67.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 161.106.38.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:42906 -> 198.50.207.21:1024
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 136.109.125.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 8.185.98.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 193.182.197.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.54.88.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 171.93.96.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.237.132.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 156.110.21.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 211.153.199.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 152.142.169.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 159.20.23.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.84.92.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 95.20.155.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 181.126.92.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 148.135.141.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 44.23.95.92:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.213.87.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 168.218.30.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 161.102.7.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 66.167.183.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.139.7.53:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 72.126.204.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.246.54.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 104.246.159.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 148.186.92.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 158.44.78.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 171.174.40.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 62.1.152.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 14.111.16.192:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 119.44.235.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.125.101.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 160.202.166.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 165.111.171.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 144.144.143.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 98.223.43.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 91.50.222.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 138.141.144.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 161.81.56.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.215.147.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 163.75.224.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 20.87.255.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 48.110.127.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 154.231.180.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.163.162.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 39.30.186.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.114.158.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 104.232.10.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 197.43.138.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.53.70.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.212.85.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.28.179.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 58.133.213.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.164.118.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 118.65.23.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 150.23.49.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 190.34.234.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 216.119.224.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 167.198.117.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 131.96.83.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 199.38.50.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.50.208.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 203.181.99.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.199.240.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.71.59.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 2.8.168.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 73.76.108.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.151.1.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 130.59.30.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.123.162.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 153.101.30.107:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 27.0.167.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.13.93.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 1.186.252.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.168.166.43:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 146.168.32.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 157.49.90.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 51.78.110.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 213.203.223.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 164.66.122.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 91.95.45.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 150.171.106.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 24.23.70.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 174.212.171.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 47.226.185.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 59.143.132.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 62.35.186.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.228.127.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 12.27.39.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 67.168.195.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 149.96.251.53:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 74.244.240.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.35.237.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.136.95.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.160.73.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 210.165.6.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 160.42.231.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 198.128.220.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 216.45.193.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 163.93.168.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 87.169.189.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 193.41.163.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 40.17.169.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.242.187.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 212.67.19.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 91.108.146.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.101.98.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 210.127.185.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 142.159.34.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.152.211.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 204.100.246.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.66.100.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 149.70.177.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 13.234.181.211:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.94.68.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 131.151.215.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 97.87.51.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 168.10.121.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.145.122.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 102.89.230.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 89.125.139.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 220.39.126.183:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.116.241.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.156.136.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.155.126.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 65.81.98.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.153.49.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 209.204.181.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 185.17.18.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.139.71.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 105.43.143.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 96.110.148.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 174.251.147.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.144.116.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 209.252.115.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.206.228.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 102.5.82.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 73.247.72.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 209.88.254.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 118.101.81.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 25.169.166.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 84.55.15.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 144.13.42.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 88.63.198.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 203.164.69.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 119.215.205.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.5.15.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 135.150.157.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 4.76.172.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 90.209.4.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 166.68.206.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 58.214.197.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.197.151.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 190.139.244.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 68.114.134.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 105.229.160.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 13.138.129.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 159.57.213.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.207.33.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 111.17.100.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.110.75.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.5.131.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 77.221.81.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 62.240.2.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 170.1.94.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 8.138.59.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 65.162.74.214:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 179.131.19.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 104.84.112.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 210.16.236.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 203.6.123.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 50.223.223.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 82.31.175.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 126.198.179.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.33.158.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 216.105.163.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 106.163.25.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 119.192.200.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 219.103.216.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.198.209.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 49.175.182.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 94.103.128.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 178.33.183.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 90.164.3.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 165.13.17.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 93.220.159.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 119.11.63.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 96.189.48.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 40.64.115.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 13.49.240.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 148.154.194.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 194.22.235.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.163.203.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 105.24.86.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.65.249.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 51.200.197.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 47.86.230.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 135.182.166.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 87.144.130.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 20.246.233.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 167.87.148.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 120.193.114.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 97.151.218.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.243.238.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.22.61.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.201.215.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 38.184.236.192:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.173.197.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 12.122.153.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 136.87.155.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 113.217.125.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 144.170.251.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.46.100.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 211.155.41.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 74.118.84.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.197.183.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 64.128.108.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 77.72.222.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 90.16.193.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 117.243.90.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 190.113.69.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 222.239.54.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 220.90.205.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.170.15.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 48.29.235.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 166.68.196.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.57.99.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 102.247.5.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 13.107.27.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 67.182.251.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 216.238.84.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 86.251.129.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 223.145.95.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.121.189.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 50.42.63.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 217.230.21.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.111.116.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 17.14.40.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 118.129.161.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 24.189.225.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 84.27.164.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 189.192.234.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 63.224.100.89:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 138.53.62.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 42.31.92.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 175.0.145.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 187.88.209.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 147.36.143.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.183.70.71:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.215.43.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 46.107.98.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 205.126.87.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 222.145.113.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 146.123.80.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 146.243.130.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 163.36.42.114:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 9.204.203.252:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.243.57.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 182.146.66.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.186.165.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 111.198.105.124:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.80.31.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 111.26.184.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 38.158.110.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 170.86.26.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 68.230.225.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 207.87.147.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 135.204.137.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 82.244.159.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 143.172.14.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.33.153.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 43.236.249.197:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 71.88.6.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 140.4.107.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 63.178.59.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 20.15.17.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 129.102.202.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.214.222.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 221.253.220.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 68.148.239.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 71.23.216.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 2.42.135.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.244.104.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.216.31.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 101.58.253.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.155.149.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.143.91.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 117.158.228.25:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 166.30.67.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 186.51.5.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 116.63.60.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.253.199.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 217.78.206.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 125.63.13.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 53.79.96.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 51.169.207.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.236.244.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.119.62.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 121.60.149.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 48.49.255.43:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.237.178.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 101.62.8.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 102.82.111.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 180.185.22.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 49.219.180.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.8.52.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 12.124.46.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 142.74.69.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 35.63.18.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 213.249.51.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 130.58.131.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.226.37.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 25.6.10.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 72.38.4.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 116.101.149.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 221.138.75.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 101.130.191.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 152.165.251.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.166.108.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 18.5.114.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 117.214.100.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 101.26.223.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 73.24.127.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 59.253.7.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 133.138.20.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 116.48.141.36:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 171.16.89.107:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.4.134.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 155.116.109.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 131.159.139.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 5.85.93.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.0.111.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 178.38.253.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 171.142.245.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 217.240.250.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 136.92.58.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 151.240.62.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.33.177.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 191.113.46.214:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 9.59.105.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 163.153.170.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.195.100.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 143.251.251.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 178.69.132.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 221.198.201.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.108.211.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 5.78.116.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 179.169.191.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 137.54.162.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 199.165.174.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.92.244.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 160.69.247.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 58.70.207.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 219.247.227.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.213.193.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 41.244.199.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 18.172.205.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 34.54.50.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 208.178.109.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 41.214.248.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 197.147.123.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 54.9.120.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.68.124.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 40.75.192.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 201.121.16.89:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 8.34.84.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 45.192.99.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.112.173.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 186.195.30.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 34.169.235.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 212.100.22.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.248.230.45:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 88.11.76.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 68.213.65.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.81.85.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 2.165.142.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.140.30.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 151.181.122.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 183.217.115.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 212.77.37.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 9.184.9.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 25.217.145.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.251.38.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 9.136.248.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 35.163.245.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 129.144.174.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 88.15.65.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 94.235.151.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 80.175.1.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 208.246.162.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 147.70.170.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.51.87.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 139.244.26.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 149.80.239.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.59.183.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.99.132.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 1.147.113.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 161.63.134.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 67.85.218.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 179.100.15.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 202.0.247.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 40.9.214.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.17.202.190:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 199.186.159.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 128.148.126.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 150.247.118.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 159.8.168.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 103.137.162.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 71.41.69.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 2.176.137.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 98.116.151.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 95.20.220.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 153.181.69.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.117.177.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.66.143.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 169.76.211.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 113.105.120.71:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.102.15.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 115.13.27.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 168.249.215.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 219.17.149.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.139.228.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.80.4.90:2323

Sample listens on a socket

Source: /tmp/3HOhJoCrj5.elf (PID: 5488)	Socket: 127.0.0.1:38273	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	Socket: 0.0.0.0:0	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 79.164.144.128
Source: unknown	TCP traffic detected without corresponding DNS query: 67.53.189.27
Source: unknown	TCP traffic detected without corresponding DNS query: 142.62.179.80
Source: unknown	TCP traffic detected without corresponding DNS query: 92.70.81.77
Source: unknown	TCP traffic detected without corresponding DNS query: 68.125.142.28
Source: unknown	TCP traffic detected without corresponding DNS query: 182.203.161.63
Source: unknown	TCP traffic detected without corresponding DNS query: 90.56.41.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.245.218.183
Source: unknown	TCP traffic detected without corresponding DNS query: 160.177.105.249
Source: unknown	TCP traffic detected without corresponding DNS query: 81.40.94.185
Source: unknown	TCP traffic detected without corresponding DNS query: 167.183.5.125
Source: unknown	TCP traffic detected without corresponding DNS query: 18.239.0.148
Source: unknown	TCP traffic detected without corresponding DNS query: 39.211.16.11
Source: unknown	TCP traffic detected without corresponding DNS query: 197.95.2.225
Source: unknown	TCP traffic detected without corresponding DNS query: 81.130.206.117
Source: unknown	TCP traffic detected without corresponding DNS query: 141.245.73.40
Source: unknown	TCP traffic detected without corresponding DNS query: 54.95.57.116
Source: unknown	TCP traffic detected without corresponding DNS query: 85.23.52.11
Source: unknown	TCP traffic detected without corresponding DNS query: 93.135.71.49
Source: unknown	TCP traffic detected without corresponding DNS query: 104.54.135.151
Source: unknown	TCP traffic detected without corresponding DNS query: 64.153.18.186
Source: unknown	TCP traffic detected without corresponding DNS query: 132.161.174.70
Source: unknown	TCP traffic detected without corresponding DNS query: 109.28.31.199
Source: unknown	TCP traffic detected without corresponding DNS query: 182.78.95.137
Source: unknown	TCP traffic detected without corresponding DNS query: 171.108.165.216
Source: unknown	TCP traffic detected without corresponding DNS query: 61.188.251.181
Source: unknown	TCP traffic detected without corresponding DNS query: 79.116.64.213
Source: unknown	TCP traffic detected without corresponding DNS query: 77.106.140.229
Source: unknown	TCP traffic detected without corresponding DNS query: 91.32.241.246
Source: unknown	TCP traffic detected without corresponding DNS query: 217.174.228.32
Source: unknown	TCP traffic detected without corresponding DNS query: 130.128.179.210
Source: unknown	TCP traffic detected without corresponding DNS query: 103.4.130.79
Source: unknown	TCP traffic detected without corresponding DNS query: 179.53.194.182
Source: unknown	TCP traffic detected without corresponding DNS query: 35.162.162.61
Source: unknown	TCP traffic detected without corresponding DNS query: 96.75.234.133
Source: unknown	TCP traffic detected without corresponding DNS query: 104.166.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 191.80.216.241
Source: unknown	TCP traffic detected without corresponding DNS query: 79.69.255.163
Source: unknown	TCP traffic detected without corresponding DNS query: 76.62.238.100
Source: unknown	TCP traffic detected without corresponding DNS query: 180.113.123.17
Source: unknown	TCP traffic detected without corresponding DNS query: 46.253.154.174
Source: unknown	TCP traffic detected without corresponding DNS query: 85.143.183.136
Source: unknown	TCP traffic detected without corresponding DNS query: 44.21.165.204
Source: unknown	TCP traffic detected without corresponding DNS query: 163.88.133.226
Source: unknown	TCP traffic detected without corresponding DNS query: 98.167.15.234
Source: unknown	TCP traffic detected without corresponding DNS query: 69.101.40.160
Source: unknown	TCP traffic detected without corresponding DNS query: 103.91.225.220
Source: unknown	TCP traffic detected without corresponding DNS query: 111.147.219.128
Source: unknown	TCP traffic detected without corresponding DNS query: 86.13.51.8
Source: unknown	TCP traffic detected without corresponding DNS query: 204.33.245.188

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	SIGKILL sent: pid: 940, result: successful			Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	SIGKILL sent: pid: 940, result: successful			Jump to behavior

Source: classification engine

Classification label: mal56.linELF@0/0@2/0

Enumerates processes within the "proc" file system

Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/791/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/794/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/853/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/661/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/782/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/940/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/888/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/725/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/769/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/806/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/807/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/928/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/791/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/794/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/853/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/661/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/782/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/940/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/888/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/725/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/769/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/806/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/807/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/928/fd	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/3HOhJoCrj5.elf (PID: 5488)

Queries kernel information via 'uname':

Jump to behavior

Source: 3HOhJoCrj5.elf, 5488.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5490.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5617.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5640.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5623.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5491.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5627.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5502.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: 3HOhJoCrj5.elf, 5488.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5490.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5617.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5640.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5623.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5491.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5627.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5502.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: 3HOhJoCrj5.elf, 5488.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5490.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5617.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5640.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5623.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5491.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5627.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5502.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/3HOhJoCrj5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/3HOhJoCrj5.elf
Source: 3HOhJoCrj5.elf, 5488.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5490.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5617.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5640.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5623.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5491.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5627.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5502.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
60.106.24.248	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
216.61.115.50	unknown	United States	7018	ATT-INTERNET4US	false
97.89.44.98	unknown	United States	20115	CHARTER-20115US	false
57.222.44.132	unknown	Belgium	2686	ATGS-MMD-ASUS	false
192.138.36.27	unknown	United States	5972	DNIC-ASBLK-05800-06055US	false
92.24.16.252	unknown	United Kingdom	13285	OPALTELECOM-ASTalkTalkCommunicationsLimitedGB	false
187.241.191.228	unknown	Mexico	13999	MegaCableSAdeCVMX	false
209.198.66.128	unknown	United States	13536	TVC-AS1US	false
13.157.147.245	unknown	United States	7018	ATT-INTERNET4US	false
113.252.246.89	unknown	Hong Kong	9304	HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHK	false
74.218.42.61	unknown	United States	10796	TWC-10796-MIDWESTUS	false
179.105.195.255	unknown	Brazil	28573	CLAROSABR	false
154.27.158.212	unknown	United States	32708	ROOTNETWORKSUS	false
195.109.137.244	unknown	Netherlands	702	UUNETUS	false
191.197.121.72	unknown	Brazil	26599	TELEFONICABRASILSABR	false
59.181.199.83	unknown	India	17813	MTNL-APMahanagarTelephoneNigamLimitedIN	false
162.247.145.104	unknown	United States	11910	LAKENET-LLCUS	false
212.13.196.9	unknown	United Kingdom	8943	JUMPGB	false
157.3.239.214	unknown	Japan	7671	MCNETNTTSmartConnectCorporationJP	false
211.176.210.232	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
52.89.22.45	unknown	United States	16509	AMAZON-02US	false
196.38.27.91	unknown	South Africa	3741	ISZA	false
134.128.206.22	unknown	United Kingdom	385	AFCONC-BLOCK1-ASUS	false
82.97.110.152	unknown	Germany	30774	ESC-ASNDE	false
76.23.198.209	unknown	United States	7922	COMCAST-7922US	false
75.217.126.153	unknown	United States	22394	CELLCOUS	false
46.77.192.15	unknown	Poland	8374	PLUSNETPlusnetworkoperatorinPolandPL	false
80.234.199.121	unknown	United Kingdom	5413	AS5413GB	false
182.121.249.233	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
71.215.115.231	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
101.225.14.232	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
186.57.171.151	unknown	Argentina	22927	TelefonicadeArgentinaAR	false
102.17.201.247	unknown	unknown	37054	Telecom-MalagasyMG	false
122.87.177.213	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
88.9.29.189	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
210.194.59.69	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
84.35.150.69	unknown	Netherlands	21221	INFOPACT-ASTheNetherlandsNL	false
44.140.142.83	unknown	United States	1653	SUNETSUNETSwedishUniversityNetworkEU	false
164.125.49.71	unknown	Korea Republic of	9274	PUSAN-AS-KRPusanNationalUniversityKR	false
121.4.224.196	unknown	China	7594	ONQ-AS-APOnQAU	false
54.77.209.242	unknown	United States	16509	AMAZON-02US	false
90.81.242.14	unknown	France	3215	FranceTelecom-OrangeFR	false
77.34.50.139	unknown	Russian Federation	12332	PRIMORYE-ASRU	false
49.40.34.99	unknown	India	55836	RELIANCEJIO-INRelianceJioInfocommLimitedIN	false
72.227.21.122	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
198.227.165.46	unknown	United States	18933	USCC-MPLS01US	false
116.208.88.135	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
67.80.199.58	unknown	United States	6128	CABLE-NET-1US	false
202.30.141.1	unknown	Korea Republic of	4670	HYUNDAI-KRShinbiroKR	false
148.16.65.211	unknown	United States	6400	CompaniaDominicanadeTelefonosSADO	false
119.90.59.110	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
99.82.237.36	unknown	United States	7018	ATT-INTERNET4US	false
18.30.220.195	unknown	United States	3	MIT-GATEWAYSUS	false
80.254.102.4	unknown	Russian Federation	21479	ROSTOV-TELEGRAF-ASRU	false
146.68.147.145	unknown	United States	2018	TENET-1ZA	false
172.82.238.65	unknown	United States	15224	OMNITUREUS	false
63.205.177.111	unknown	United States	7018	ATT-INTERNET4US	false
195.32.192.129	unknown	Germany	20676	PLUSNETDE	false
90.245.54.36	unknown	United Kingdom	5378	VodafoneGB	false
206.81.117.25	unknown	United States	8046	NAPANETUS	false
84.171.243.54	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
131.38.143.193	unknown	United States	399	AFCONC-BLOCK1-ASUS	false
49.84.123.129	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
156.141.206.217	unknown	United States	29975	VODACOM-ZA	false
98.225.187.142	unknown	United States	7922	COMCAST-7922US	false
163.243.172.64	unknown	United States	668	DNIC-AS-00668US	false
205.237.116.120	unknown	United States	2698	IASTATE-ASUS	false
223.230.144.60	unknown	India	45609	BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSService	false
162.52.209.80	unknown	United States	35893	ACPCA	false
96.222.81.87	unknown	United States	7922	COMCAST-7922US	false
37.23.212.249	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
24.238.159.120	unknown	United States	11427	TWC-11427-TEXASUS	false
167.126.20.130	unknown	Reserved	2055	LSU-1US	false
151.115.48.162	unknown	United Kingdom	12876	OnlineSASFR	false
208.50.164.80	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
111.168.34.168	unknown	Japan	2518	BIGLOBEBIGLOBEIncJP	false
92.129.91.9	unknown	France	3215	FranceTelecom-OrangeFR	false
79.208.241.231	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
37.113.76.91	unknown	Russian Federation	51819	YAR-ASRU	false
193.174.61.123	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
176.59.149.92	unknown	Russian Federation	41330	T2-NOVOSIBIRSK-ASTele2RussiaNetworkRU	false
63.237.52.216	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
131.154.233.134	unknown	Italy	137	ASGARRConsortiumGARREU	false
165.165.239.205	unknown	South Africa	5713	SAIX-NETZA	false
179.10.161.238	unknown	Brazil	26615	TIMSABR	false
138.28.232.38	unknown	United States	600	OARNET-ASUS	false
163.235.90.230	unknown	United States	1761	TDIR-CAPNETUS	false
47.126.14.64	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
78.180.81.242	unknown	Turkey	9121	TTNETTR	false
137.243.164.14	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
182.221.119.5	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
157.220.202.169	unknown	United States	4704	SANNETRakutenMobileIncJP	false
155.201.152.59	unknown	United States	20426	PWC-ASUS	false
208.237.196.124	unknown	United States	4208	THE-ISERV-COMPANYUS	false
34.113.117.118	unknown	United States	19527	GOOGLE-2US	false
23.247.56.93	unknown	United States	46573	LAYER-HOSTUS	false
223.179.202.255	unknown	India	45609	BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSService	false
87.59.183.221	unknown	Denmark	3292	TDCTDCASDK	false
155.115.43.110	unknown	United States	11003	PANDGUS	false
49.41.86.190	unknown	India	55836	RELIANCEJIO-INRelianceJioInfocommLimitedIN	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.25	true

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 3HOhJoCrj5.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: 3HOhJoCrj5.elf

ReversingLabs: Detection: 65%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 79.164.144.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 167.183.5.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 182.78.95.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 77.106.140.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 191.80.216.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 204.33.245.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 154.189.166.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 139.93.82.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 191.175.227.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 31.143.112.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.135.32.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 204.93.66.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.99.159.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 133.77.0.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 187.206.8.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 93.235.161.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 70.43.63.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 183.240.65.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 103.174.184.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 189.94.117.66:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.244.248.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 4.72.107.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 167.174.177.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 122.206.78.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 203.107.178.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 147.136.184.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.132.191.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 180.35.181.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 38.18.128.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 146.89.192.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 182.115.31.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 202.91.105.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 48.8.47.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 143.218.196.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 42.11.20.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 188.125.147.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 65.142.32.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.191.5.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 97.164.122.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 27.117.118.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 89.21.117.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 170.132.131.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 154.32.25.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 199.230.18.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 104.122.248.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 96.174.159.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 221.36.118.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.157.183.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 92.53.132.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 141.34.198.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.154.117.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.135.253.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.226.90.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 38.95.16.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 83.168.248.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 143.17.245.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 84.250.116.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 180.114.143.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 137.245.4.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.207.207.124:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.3.234.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 37.17.191.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 160.159.62.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 213.59.130.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 37.80.226.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.214.188.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 79.95.155.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 51.143.174.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 198.47.138.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 83.45.213.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 82.194.103.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 131.109.4.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 150.45.225.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.213.86.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.230.142.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 65.104.210.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 168.87.67.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 161.106.38.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:42906 -> 198.50.207.21:1024
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 136.109.125.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 8.185.98.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 193.182.197.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.54.88.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 171.93.96.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.237.132.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 156.110.21.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 211.153.199.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 152.142.169.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 159.20.23.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.84.92.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 95.20.155.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 181.126.92.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 148.135.141.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 44.23.95.92:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.213.87.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 168.218.30.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 161.102.7.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 66.167.183.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.139.7.53:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 72.126.204.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.246.54.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 104.246.159.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 148.186.92.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 158.44.78.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 171.174.40.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 62.1.152.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 14.111.16.192:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 119.44.235.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.125.101.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 160.202.166.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 165.111.171.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 144.144.143.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 98.223.43.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 91.50.222.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 138.141.144.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 161.81.56.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.215.147.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 163.75.224.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 20.87.255.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 48.110.127.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 154.231.180.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.163.162.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 39.30.186.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.114.158.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 104.232.10.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 197.43.138.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.53.70.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.212.85.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.28.179.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 58.133.213.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.164.118.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 118.65.23.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 150.23.49.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 190.34.234.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 216.119.224.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 167.198.117.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 131.96.83.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 199.38.50.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.50.208.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 203.181.99.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.199.240.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.71.59.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 2.8.168.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 73.76.108.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.151.1.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 130.59.30.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.123.162.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 153.101.30.107:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 27.0.167.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.13.93.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 1.186.252.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.168.166.43:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 146.168.32.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 157.49.90.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 51.78.110.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 213.203.223.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 164.66.122.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 91.95.45.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 150.171.106.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 24.23.70.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 174.212.171.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 47.226.185.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 59.143.132.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 62.35.186.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.228.127.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 12.27.39.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 67.168.195.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 149.96.251.53:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 74.244.240.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.35.237.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.136.95.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.160.73.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 210.165.6.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 160.42.231.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 198.128.220.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 216.45.193.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 163.93.168.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 87.169.189.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 193.41.163.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 40.17.169.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.242.187.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 212.67.19.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 91.108.146.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.101.98.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 210.127.185.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 142.159.34.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.152.211.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 204.100.246.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.66.100.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 149.70.177.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 13.234.181.211:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.94.68.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 131.151.215.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 97.87.51.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 168.10.121.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 206.145.122.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 102.89.230.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 89.125.139.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 220.39.126.183:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.116.241.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.156.136.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.155.126.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 65.81.98.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 19.153.49.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 209.204.181.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 185.17.18.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.139.71.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 105.43.143.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 96.110.148.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 174.251.147.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.144.116.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 209.252.115.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.206.228.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 102.5.82.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 73.247.72.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 209.88.254.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 118.101.81.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 25.169.166.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 84.55.15.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 144.13.42.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 88.63.198.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 203.164.69.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 119.215.205.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.5.15.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 135.150.157.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 4.76.172.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 90.209.4.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 166.68.206.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 58.214.197.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.197.151.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 190.139.244.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 68.114.134.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 105.229.160.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 13.138.129.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 159.57.213.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.207.33.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 111.17.100.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.110.75.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 162.5.131.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 77.221.81.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 62.240.2.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 170.1.94.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 8.138.59.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 65.162.74.214:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 179.131.19.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 104.84.112.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 210.16.236.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 203.6.123.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 50.223.223.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 82.31.175.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 126.198.179.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.33.158.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 216.105.163.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 106.163.25.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 119.192.200.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 219.103.216.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.198.209.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 49.175.182.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 94.103.128.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 178.33.183.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 90.164.3.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 165.13.17.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 93.220.159.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 119.11.63.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 96.189.48.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 40.64.115.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 13.49.240.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 148.154.194.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 194.22.235.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.163.203.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 105.24.86.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.65.249.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 51.200.197.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 47.86.230.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 135.182.166.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 87.144.130.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 20.246.233.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 167.87.148.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 120.193.114.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 97.151.218.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.243.238.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.22.61.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.201.215.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 38.184.236.192:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.173.197.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 12.122.153.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 136.87.155.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 113.217.125.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 144.170.251.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.46.100.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 211.155.41.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 74.118.84.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.197.183.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 64.128.108.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 77.72.222.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 90.16.193.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 117.243.90.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 190.113.69.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 222.239.54.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 220.90.205.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.170.15.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 48.29.235.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 166.68.196.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.57.99.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 102.247.5.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 13.107.27.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 67.182.251.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 216.238.84.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 86.251.129.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 223.145.95.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.121.189.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 50.42.63.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 217.230.21.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.111.116.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 17.14.40.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 118.129.161.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 24.189.225.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 84.27.164.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 189.192.234.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 63.224.100.89:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 138.53.62.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 42.31.92.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 175.0.145.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 187.88.209.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 147.36.143.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.183.70.71:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.215.43.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 46.107.98.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 205.126.87.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 222.145.113.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 146.123.80.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 146.243.130.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 163.36.42.114:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 9.204.203.252:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.243.57.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 182.146.66.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.186.165.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 111.198.105.124:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 145.80.31.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 111.26.184.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 38.158.110.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 170.86.26.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 68.230.225.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 207.87.147.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 135.204.137.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 82.244.159.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 143.172.14.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.33.153.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 43.236.249.197:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 71.88.6.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 140.4.107.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 63.178.59.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 20.15.17.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 129.102.202.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.214.222.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 221.253.220.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 68.148.239.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 71.23.216.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 2.42.135.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.244.104.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.216.31.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 101.58.253.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.155.149.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.143.91.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 117.158.228.25:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 166.30.67.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 186.51.5.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 116.63.60.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 60.253.199.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 217.78.206.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 125.63.13.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 53.79.96.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 51.169.207.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.236.244.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 195.119.62.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 121.60.149.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 48.49.255.43:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 218.237.178.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 101.62.8.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 102.82.111.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 180.185.22.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 49.219.180.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.8.52.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 12.124.46.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 142.74.69.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 35.63.18.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 213.249.51.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 130.58.131.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 23.226.37.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 25.6.10.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 72.38.4.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 116.101.149.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 221.138.75.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 101.130.191.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 152.165.251.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.166.108.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 18.5.114.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 117.214.100.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 101.26.223.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 73.24.127.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 59.253.7.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 133.138.20.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 116.48.141.36:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 171.16.89.107:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 32.4.134.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 155.116.109.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 131.159.139.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 5.85.93.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.0.111.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 178.38.253.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 171.142.245.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 217.240.250.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 136.92.58.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 151.240.62.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.33.177.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 191.113.46.214:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 9.59.105.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 163.153.170.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.195.100.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 143.251.251.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 178.69.132.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 221.198.201.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.108.211.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 5.78.116.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 179.169.191.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 137.54.162.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 199.165.174.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.92.244.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 160.69.247.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 58.70.207.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 219.247.227.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.213.193.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 41.244.199.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 18.172.205.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 34.54.50.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 208.178.109.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 41.214.248.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 197.147.123.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 54.9.120.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.68.124.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 40.75.192.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 201.121.16.89:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 8.34.84.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 45.192.99.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 52.112.173.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 186.195.30.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 34.169.235.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 212.100.22.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 75.248.230.45:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 88.11.76.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 68.213.65.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 112.81.85.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 2.165.142.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.140.30.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 151.181.122.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 183.217.115.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 212.77.37.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 9.184.9.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 25.217.145.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.251.38.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 9.136.248.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 35.163.245.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 129.144.174.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 88.15.65.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 94.235.151.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 80.175.1.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 208.246.162.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 147.70.170.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 100.51.87.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 139.244.26.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 149.80.239.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 61.59.183.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 196.99.132.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 1.147.113.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 161.63.134.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 67.85.218.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 179.100.15.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 202.0.247.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 40.9.214.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 123.17.202.190:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 199.186.159.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 128.148.126.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 150.247.118.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 159.8.168.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 103.137.162.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 71.41.69.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 2.176.137.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 98.116.151.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 95.20.220.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 153.181.69.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 177.117.177.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 85.66.143.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 169.76.211.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 113.105.120.71:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 108.102.15.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 115.13.27.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 168.249.215.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 219.17.149.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 109.139.228.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:37135 -> 132.80.4.90:2323

Sample listens on a socket

Source: /tmp/3HOhJoCrj5.elf (PID: 5488)	Socket: 127.0.0.1:38273	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	Socket: 0.0.0.0:0	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 79.164.144.128
Source: unknown	TCP traffic detected without corresponding DNS query: 67.53.189.27
Source: unknown	TCP traffic detected without corresponding DNS query: 142.62.179.80
Source: unknown	TCP traffic detected without corresponding DNS query: 92.70.81.77
Source: unknown	TCP traffic detected without corresponding DNS query: 68.125.142.28
Source: unknown	TCP traffic detected without corresponding DNS query: 182.203.161.63
Source: unknown	TCP traffic detected without corresponding DNS query: 90.56.41.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.245.218.183
Source: unknown	TCP traffic detected without corresponding DNS query: 160.177.105.249
Source: unknown	TCP traffic detected without corresponding DNS query: 81.40.94.185
Source: unknown	TCP traffic detected without corresponding DNS query: 167.183.5.125
Source: unknown	TCP traffic detected without corresponding DNS query: 18.239.0.148
Source: unknown	TCP traffic detected without corresponding DNS query: 39.211.16.11
Source: unknown	TCP traffic detected without corresponding DNS query: 197.95.2.225
Source: unknown	TCP traffic detected without corresponding DNS query: 81.130.206.117
Source: unknown	TCP traffic detected without corresponding DNS query: 141.245.73.40
Source: unknown	TCP traffic detected without corresponding DNS query: 54.95.57.116
Source: unknown	TCP traffic detected without corresponding DNS query: 85.23.52.11
Source: unknown	TCP traffic detected without corresponding DNS query: 93.135.71.49
Source: unknown	TCP traffic detected without corresponding DNS query: 104.54.135.151
Source: unknown	TCP traffic detected without corresponding DNS query: 64.153.18.186
Source: unknown	TCP traffic detected without corresponding DNS query: 132.161.174.70
Source: unknown	TCP traffic detected without corresponding DNS query: 109.28.31.199
Source: unknown	TCP traffic detected without corresponding DNS query: 182.78.95.137
Source: unknown	TCP traffic detected without corresponding DNS query: 171.108.165.216
Source: unknown	TCP traffic detected without corresponding DNS query: 61.188.251.181
Source: unknown	TCP traffic detected without corresponding DNS query: 79.116.64.213
Source: unknown	TCP traffic detected without corresponding DNS query: 77.106.140.229
Source: unknown	TCP traffic detected without corresponding DNS query: 91.32.241.246
Source: unknown	TCP traffic detected without corresponding DNS query: 217.174.228.32
Source: unknown	TCP traffic detected without corresponding DNS query: 130.128.179.210
Source: unknown	TCP traffic detected without corresponding DNS query: 103.4.130.79
Source: unknown	TCP traffic detected without corresponding DNS query: 179.53.194.182
Source: unknown	TCP traffic detected without corresponding DNS query: 35.162.162.61
Source: unknown	TCP traffic detected without corresponding DNS query: 96.75.234.133
Source: unknown	TCP traffic detected without corresponding DNS query: 104.166.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 191.80.216.241
Source: unknown	TCP traffic detected without corresponding DNS query: 79.69.255.163
Source: unknown	TCP traffic detected without corresponding DNS query: 76.62.238.100
Source: unknown	TCP traffic detected without corresponding DNS query: 180.113.123.17
Source: unknown	TCP traffic detected without corresponding DNS query: 46.253.154.174
Source: unknown	TCP traffic detected without corresponding DNS query: 85.143.183.136
Source: unknown	TCP traffic detected without corresponding DNS query: 44.21.165.204
Source: unknown	TCP traffic detected without corresponding DNS query: 163.88.133.226
Source: unknown	TCP traffic detected without corresponding DNS query: 98.167.15.234
Source: unknown	TCP traffic detected without corresponding DNS query: 69.101.40.160
Source: unknown	TCP traffic detected without corresponding DNS query: 103.91.225.220
Source: unknown	TCP traffic detected without corresponding DNS query: 111.147.219.128
Source: unknown	TCP traffic detected without corresponding DNS query: 86.13.51.8
Source: unknown	TCP traffic detected without corresponding DNS query: 204.33.245.188

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	SIGKILL sent: pid: 940, result: successful			Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	SIGKILL sent: pid: 940, result: successful			Jump to behavior

Source: classification engine

Classification label: mal56.linELF@0/0@2/0

Enumerates processes within the "proc" file system

Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/791/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/794/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/853/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/661/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/782/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/940/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/888/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/725/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/769/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/806/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/807/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5496)	File opened: /proc/928/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/791/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/794/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/853/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/661/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/782/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/940/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/888/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/725/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/769/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/806/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/807/fd	Jump to behavior
Source: /tmp/3HOhJoCrj5.elf (PID: 5490)	File opened: /proc/928/fd	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/3HOhJoCrj5.elf (PID: 5488)

Queries kernel information via 'uname':

Jump to behavior

Source: 3HOhJoCrj5.elf, 5488.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5490.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5617.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5640.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5623.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5491.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5627.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5502.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: 3HOhJoCrj5.elf, 5488.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5490.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5617.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5640.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5623.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5491.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5627.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5502.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: 3HOhJoCrj5.elf, 5488.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5490.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5617.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5640.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5623.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5491.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5627.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp, 3HOhJoCrj5.elf, 5502.1.00007ffda47b6000.00007ffda47d7000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/3HOhJoCrj5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/3HOhJoCrj5.elf
Source: 3HOhJoCrj5.elf, 5488.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5490.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5617.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5640.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5623.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5491.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5627.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp, 3HOhJoCrj5.elf, 5502.1.000055daa5c39000.000055daa5cbe000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k

ID:	1541858
Product:	CloudBasic
Start time:	08:57:12
Start date:	25.10.2024
Sample:	3HOhJoCrj5.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	1a0baa3312fef9d5191e84db87eb10bb
SHA1:	e7861905f74b70e6e86e533d05115b93381ec172
SHA256:	824ca11bca7dab570e1731356be0a427e4611647ff66d798fefac339d1bedcc9
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
3HOhJoCrj5.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report 3HOhJoCrj5.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
3HOhJoCrj5.elf